linux/drivers/staging
Luca Ceresoli 6bd01c4299 staging: media: tegra-video: fix infinite recursion regression
Since commit 9bf19fbf0c ("media: v4l: async: Rework internal lists"), aka
v6.6-rc1~97^2~198, probing the tegra-video VI driver causes infinite
recursion due tegra_vi_graph_parse_one() calling itself until:

[    1.571168] Insufficient stack space to handle exception!
...
[    1.591416] Internal error: kernel stack overflow: 0 [#1] PREEMPT SMP ARM
...
[    3.861013]  of_phandle_iterator_init from __of_parse_phandle_with_args+0x40/0xf0
[    3.868497]  __of_parse_phandle_with_args from of_fwnode_graph_get_remote_endpoint+0x68/0xa8
[    3.876938]  of_fwnode_graph_get_remote_endpoint from fwnode_graph_get_remote_port_parent+0x30/0x7c
[    3.885984]  fwnode_graph_get_remote_port_parent from tegra_vi_graph_parse_one+0x7c/0x224
[    3.894158]  tegra_vi_graph_parse_one from tegra_vi_graph_parse_one+0x144/0x224
[    3.901459]  tegra_vi_graph_parse_one from tegra_vi_graph_parse_one+0x144/0x224
[    3.908760]  tegra_vi_graph_parse_one from tegra_vi_graph_parse_one+0x144/0x224
[    3.916061]  tegra_vi_graph_parse_one from tegra_vi_graph_parse_one+0x144/0x224
...
[    4.857892]  tegra_vi_graph_parse_one from tegra_vi_graph_parse_one+0x144/0x224
[    4.865193]  tegra_vi_graph_parse_one from tegra_vi_graph_parse_one+0x144/0x224
[    4.872494]  tegra_vi_graph_parse_one from tegra_vi_init+0x574/0x6d4
[    4.878842]  tegra_vi_init from host1x_device_init+0x84/0x15c
[    4.884594]  host1x_device_init from host1x_video_probe+0xa0/0x114
[    4.890770]  host1x_video_probe from really_probe+0xe0/0x400

The reason is the mentioned commit changed tegra_vi_graph_find_entity() to
search for an entity in the done notifier list:

> @@ -1464,7 +1464,7 @@ tegra_vi_graph_find_entity(struct tegra_vi_channel *chan,
>  	struct tegra_vi_graph_entity *entity;
>  	struct v4l2_async_connection *asd;
>
> -	list_for_each_entry(asd, &chan->notifier.asc_list, asc_entry) {
> +	list_for_each_entry(asd, &chan->notifier.done_list, asc_entry) {
>  		entity = to_tegra_vi_graph_entity(asd);
>  		if (entity->asd.match.fwnode == fwnode)
>  			return entity;

This is not always correct, being tegra_vi_graph_find_entity() called in
three locations, in this order:

 1. tegra_vi_graph_parse_one()    -- called while probing
 2. tegra_vi_graph_notify_bound() -- the .bound notifier op
 3. tegra_vi_graph_build()        -- called in the .complete notifier op

Locations 1 and 2 are called before moving the entity from waiting_list to
done_list, thus they won't find what they are looking for in
done_list. Location 3 happens afterwards and thus it is not broken, however
it means tegra_vi_graph_find_entity() should not search in the same list
every time.

The error appears at step 1: tegra_vi_graph_parse_one() iterates
recursively until it finds the entity already notified, which now never
happens.

Fix by passing the specific notifier list pointer to
tegra_vi_graph_find_entity() instead of the channel, so each caller can
search in whatever list is correct.

Also improve the tegra_vi_graph_find_entity() comment.

Fixes: 9bf19fbf0c ("media: v4l: async: Rework internal lists")
Cc: Thierry Reding <thierry.reding@gmail.com>
Cc: Jonathan Hunter <jonathanh@nvidia.com>
Cc: Sowjanya Komatineni <skomatineni@nvidia.com>
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com>
[Sakari Ailus: Wrapped some long lines.]
Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
2023-10-02 10:02:53 +02:00
..
axis-fifo staging: Explicitly include correct DT includes 2023-07-27 10:01:07 +02:00
board
emxx_udc staging: emxx_udc: Convert to platform remove callback returning void 2023-04-03 21:49:54 +02:00
fbtft Linux 6.5-rc7 2023-08-24 07:26:06 +10:00
fieldbus staging: fieldbus: arcx-anybus: Remove redundant of_match_ptr() 2023-08-11 23:28:04 +02:00
gdm724x tty: gdm724x: use min_t() for size_t varable and a constant 2023-08-22 14:53:53 +02:00
greybus pwm: Changes for v6.6-rc1 2023-09-07 18:05:58 -07:00
iio staging: iio: Switch i2c drivers back to use .probe() 2023-05-28 17:40:36 +01:00
ks7010 staging: ks7010: potential buffer overflow in ks_wlan_set_encode_ext() 2023-07-27 09:54:33 +02:00
media staging: media: tegra-video: fix infinite recursion regression 2023-10-02 10:02:53 +02:00
most staging: Explicitly include correct DT includes 2023-07-27 10:01:07 +02:00
nvec staging: nvec_ps2: Convert to platform remove callback returning void 2023-04-03 21:49:55 +02:00
octeon staging: octeon: delete my name from TODO contact 2023-05-08 16:09:33 +02:00
olpc_dcon staging: olpc_dcon: Switch i2c driver back to use .probe() 2023-05-28 10:15:27 +01:00
pi433 staging: Explicitly include correct DT includes 2023-07-27 10:01:07 +02:00
qlge Staging: qlge: Fix indentation in conditional statement 2023-03-16 09:44:31 +01:00
rtl8192e staging: rtl8192e: Annotate struct rtllib_txb with __counted_by 2023-08-22 15:48:05 +02:00
rtl8192u staging: rtl8192u: Fix keyidx assignment within if condition 2023-07-27 10:00:02 +02:00
rtl8712 staging: rtl8712: fix race condition 2023-08-04 16:20:13 +02:00
rtl8723bs staging: rtl8723bs: Use helpers to check broadcast and multicast Ether addresses 2023-08-22 15:47:17 +02:00
rts5208 staging: rts5208: Correct line ending with '(' 2023-07-27 10:00:19 +02:00
sm750fb Staging driver changes for 6.6-rc1 2023-09-01 09:27:29 -07:00
vc04_services staging: vchiq_arm: Remove extra struct vchiq_instance declaration 2023-06-20 16:11:16 +02:00
vme_user staging: vme_user: fix check lines should not end with a '(' 2023-08-22 15:47:35 +02:00
vt6655 staging: vt6655: replace camel case by snake case 2023-08-22 15:44:33 +02:00
vt6656 staging: vt6656: remove unused vnt_get_current_tsf() function 2023-03-17 08:07:23 +01:00
wlan-ng Fix nomenclature for USB and PCI wireless devices 2023-08-25 12:56:49 +03:00
Kconfig staging: r8188eu: delete driver 2023-03-09 10:06:28 +01:00
Makefile staging: r8188eu: delete driver 2023-03-09 10:06:28 +01:00