In case of early bufones, signalling fence for few
ports are missed for target which do not support
last consumed address which result in a unsignalled fence
Issue is fixed by handling early bufdones and signalling
success for resource which got early bufdone.
CRs-Fixed: 3333269
Change-Id: I0a56f770806d48034bcc45d2ca68d8f9adcc8eee
Signed-off-by: Shivakumar Malke <quic_smalke@quicinc.com>
In TFE top-half handler, TOP register status is read first and
then based on top register status, bus register status is read.
There could be a corner case where bufdone irq top-half handling
is ongoing, top status registers are read, and while reading bus
register status we might have got SOF and RUP irqs. Since RUP and
Bufdone both come from bus side, RUP bit is set during this bus
register read. Hence, RUP is handled first along with bufdone and
then SOF irq is handled. There is no handling in statemachine for
such RUP's in RDI only context statemachine. Hence leading to
bubble condition resulting in frame drop
To overcome such scenario, handling for RUP in applied substate
is introduced in RDI only statemachine.
CRs-Fixed: 3298719
Change-Id: I5cc8a0c122aa09c22da6536303f849344454c480
Signed-off-by: Shivakumar Malke <quic_smalke@quicinc.com>
Fd is a user-accessible value, referring it multiple times
leads to TOCTOU issues. Dma_buf can be freed after the 1st
use of fd and userspace can create another dma_buf but with
same fd. In such scenario, during 2nd use of fd, we may get
a different dma_buf with different length. To avoid this, we
can use same dma_buf instead of retrieving it twice using same
fd. In this change FD is accessed only once in syscall.
CRs-Fixed: 3159446
Change-Id: I00eb6dd3d798165f5c6c0bd59feabe80a68592b1
Signed-off-by: Yash Upadhyay <quic_yupadhya@quicinc.com>
there are only 8k stack in 32 bit system, this change used to make
the temp variables be contorl by the parameters, which can decrase
the stack resource cost under default debug settings and finally
improve the stability of multi camera cases.
CRs-fixed: 3193708
Change-Id: If0f33cc310d64c83c0e4781a5de61483ebc35769
Signed-off-by: daopingl <quic_daopingl@quicinc.com>
This change reset the slot when the next req is applied, it
should be caused by some exception before, we need to reset
this slot in case we applied wrong req to sub devices.
CRs-Fixed: 2949657
Change-Id: I0b5f7b1d8450ed355701090b185812fb7a6b6e06
Signed-off-by: Depeng Shao <quic_depengs@quicinc.com>
Below information is dumped at the overflow
1. Dump SOF, EPOCH, EOF and Error time.
2. Dump IRQ status.
3. Cpas AB, IB votes.
4. Dump width and height of all the acquired ports.
5. CSID clock.
CRs-Fixed: 3159425
Change-Id: I580d8f4d50c49568a6bc9ae8d06fc4b93f11891c
Signed-off-by: Tejas Prajapati <quic_tpraja@quicinc.com>
In a corner case, race condition to free the original
ion buf allocated and new ion buffer with same fd but
different size after freeing the origianl ion buf might
result into mismatches in the real ion buf size assigned
in bufq. To avoid this update length in bufq with
local variable.
CRs-Fixed: 3142221
Change-Id: I23d91445bd088bbde19ffa191e158256166f2053
Signed-off-by: Tejas Prajapati <quic_tpraja@quicinc.com>
Instead of correct link handle, if some other handle like
dev handle is passed then it may access some other data space.
To avoid such scenario, need to check whether link handle
passed by ioctl is same as retrieved link handle.
CRs-Fixed: 3120454
Change-Id: Idff2e3c25b60563788ffb426c7cabc367c3c97f8
Signed-off-by: Yash Upadhyay <quic_yupadhya@quicinc.com>
By default driver is configuring jpeg misr and also dumping misr values.
So added a check if camnoc_misr_support is enabled then only configure
and dump the misr value.
CRs-Fixed: 3168072
Change-Id: I4090b1a43b55a0f7643c352689aa04b56d31df8d
Signed-off-by: Dharmender Sharma <quic_dharshar@quicinc.com>
Due to workqueue does not process the work in order,
so sometimes the later work will be processed earlier.
Such as, when submit request order: 1/2/3, cdm interrupt
come order: 1/2/3, workqueue process order: 2/1/3,
when process 2 request, which currently will notify 1/2
CDM clients and remove 1/2 from submit list. After that,
when process 1 request, will notify 3, actually 3 is not
done at the moment, which maybe cause smmu page fault issue.
And sometimes, when there is a delay in handling interrupts,
then HLOS handles two interrupts as one only. This change only
notify the request less than and equal to the interrupt request.
CRs-Fixed: 3130447
Change-Id: I0fd0e8adee48767e5ab7db1921a8284d107c2f40
Signed-off-by: zhuo <quic_zhuo@quicinc.com>
The 'l_device' pointer in __cam_req_mgr_destroy_subdev is
set to NULL after freeing but this is done on a
local copy of the variable in stack. This results in
double-free when this function is called again. To avoid
this, pass 'l_device' pointer by reference and assign it
to NULL after freeing.
CRs-Fixed: 3120468
Change-Id: If2dde6f1c702bee26a3c8a68c2f45bafbf0f7cd6
Signed-off-by: Nirmal Abraham <quic_c_nabrah@quicinc.com>
On overflow dump the AB and IB votes, tfe clock,
CSID clock and respective bus path data for acquire
time and addr_status registers.
CRs-Fixed: 3118430
Change-Id: Ia38eb4350e8e38562b6d22769b38637480da0b9d
Signed-off-by: Tejas Prajapati <quic_tpraja@quicinc.com>
Shared memory is initialized by CRM and used by
other drivers; with CRM not active other drivers
would fail to access the shared memory if
memory manager is deinit. Reader Writer locks can
prevent the open/close/ioctl calls from other drivers
if CRM open/close is already being processed.
Issue observed with the below sequence if drivers
are opened from UMD directly without this change.
CRM Open successful,ICP open successful,
CRM close in progress, ICP open successful,
mem mgr deinit and CRM close successful,
ICP tries to access HFI memory and result in crash.
This change helps to serialze the calls and prevents
issue.
CRs-Fixed: 3019488
Change-Id: I464411576a5a04f5d0b402c403ce8a1d4df7dad0
Signed-off-by: Tejas Prajapati <quic_tpraja@quicinc.com>
Use div_u64 to do 64-bit division.
CRs-Fixed: 3099898
Change-Id: I405461ea02d0ec668cb7be764543a9a16bd1c3e6
Signed-off-by: Alok Chauhan <quic_alokc@quicinc.com>
Signed-off-by: Nirmal Abraham <quic_c_nabrah@quicinc.com>
Instead of the link handle if the dev handle is
passed for dumping the request information, this
can lead to accessing invalid data structure.
To avodi accessing invalid data structure based on
the dev handle, first check if the link handle passed
in IOCTL is matchting with looked up link handle.
CRs-Fixed: 3097336
Change-Id: I815457ff96e3b26fe9fa886bd984d53d209e4edb
Signed-off-by: Tejas Prajapati <quic_tpraja@quicinc.com>
For RDI only context EOF is not notified; it should be
notified, for the corner case if the flash is
configured to apply at EOF then it will block apply for
ISP on SOF as well until the EOF is notified, this
change adds EOF notification.
CRs-Fixed: 3091241
Change-Id: If6d974d092d640d9def89bbcf7a88fba0d85579b
Signed-off-by: Tejas Prajapati <quic_tpraja@quicinc.com>
Currently the ope request timeout value for RT and NRT context
are same. In some usecases, NRT request processing takes more time.
Hence, initialize the RT and NRT request timeout value separately.
CRs-Fixed: 3082993
Change-Id: I17e86d26403fb21cdff518a81dee7a19c865144e
Signed-off-by: Alok Chauhan <quic_alokc@quicinc.com>
Jose Guzman
Linux Build Service Account
Shivakumar Malke
Ashish Bhimanpalliwar
Yash Upadhyay
Camera Software Integration
daopingl
Kai Xing
Depeng Shao
Shravan Nevatia
Tejas Prajapati
Dharmender Sharma
zhuo
Nirmal Abraham
Alok Chauhan
Zhenlin Lian