On 13/06/2025 10:13, Vladimir Zapolskiy wrote:
Per se this concurrent execution shall not lead to the encountered bug,
What does that mean ? Please re-read the commit log, the analysis is all there.
both an initialization of media entity pads by media_entity_pads_init() and a registration of a v4l2 devnode inside msm_video_register() are done under in a proper sequence, aren't they?
No, I clearly haven't explained this clearly enough in the commit log.
vfe0_rdi0 == /dev/video0 is complete. vfe0_rdi1 is not complete there is no /dev/video1 in user-space.
vfe_get() is called for an RDI in a VFE, camss_find_sensor_pad() assumes all RDIs are populated.
We can't use any VFE mutex to synchronise this because
lock(vfe->mutex); lock(media->mutex);
and lock(media->mutex); lock(vfe->mutex);
happen.
So we can educate vfe_get() about the RDI it is operating on or we can flag that a VFE - all of it's subordinate RDIs are available.
I didn't much like teaching vfe_get() about which RDI index because the code looked ugly for 8916 you have to assume on one of the code paths that it always operates on RDI0, which is an invalid assumption.
The other way to fix this is:
+++ b/drivers/media/platform/qcom/camss/camss.c @@ -2988,7 +2988,7 @@ struct media_pad *camss_find_sensor_pad(struct media_entity *entity)
while (1) { pad = &entity->pads[0]; - if (!(pad->flags & MEDIA_PAD_FL_SINK)) + if (!pad || !(pad->flags & MEDIA_PAD_FL_SINK))
But then you see that every other driver treats pad = &entity->pads[0] as always non-NULL.
--- bod