From: Wentao Liang vulab@iscas.ac.cn
[ Upstream commit bd9f6ce7d512fa21249415c16af801a4ed5d97b6 ]
In fimc_is_hw_change_mode(), the function changes camera modes without waiting for hardware completion, risking corrupted data or system hangs if subsequent operations proceed before the hardware is ready.
Add fimc_is_hw_wait_intmsr0_intmsd0() after mode configuration, ensuring hardware state synchronization and stable interrupt handling.
Signed-off-by: Wentao Liang vulab@iscas.ac.cn Signed-off-by: Hans Verkuil hverkuil@xs4all.nl Signed-off-by: Sasha Levin sashal@kernel.org ---
Based on my analysis of the commit and examination of the kernel code, here is my assessment: **YES** This commit should be backported to stable kernel trees for the following reasons: ## Analysis of the Code Change The commit adds a single line `fimc_is_hw_wait_intmsr0_intmsd0(is);` at line 167 in the `fimc_is_hw_change_mode()` function in `drivers/media/platform/samsung/exynos4-is/fimc-is-regs.c`. ## Why This Should Be Backported 1. **Clear Bug Fix**: The commit message explicitly states this fixes a race condition where "the function changes camera modes without waiting for hardware completion, risking corrupted data or system hangs if subsequent operations proceed before the hardware is ready." This is a classic hardware synchronization bug. 2. **Consistent Pattern**: Examining the surrounding code shows that ALL other similar hardware control functions (`fimc_is_hw_get_setfile_addr()`, `fimc_is_hw_load_setfile()`, `fimc_is_hw_stream_on()`, `fimc_is_hw_stream_off()`) already call `fimc_is_hw_wait_intmsr0_intmsd0()` before writing to hardware registers. The `fimc_is_hw_change_mode()` function was the only outlier missing this synchronization. 3. **Minimal and Safe**: The change is extremely small (one line) and uses an existing, well-tested synchronization primitive. The `fimc_is_hw_wait_intmsr0_intmsd0()` function implements a timeout-based wait with proper error handling. 4. **Critical Subsystem**: This affects camera hardware control in Samsung Exynos4 SoCs. Hardware synchronization issues in camera drivers can cause: - System hangs (as mentioned in commit message) - Data corruption - Unpredictable hardware state 5. **Runtime Safety**: The wait function has built-in timeout protection (2000 iterations with 1μs delay each), so it cannot cause infinite hangs even if hardware fails. 6. **Follows Hardware Protocol**: The pattern clearly shows the proper hardware protocol is: wait for ready state → write command → trigger interrupt. The missing wait was a protocol violation. ## Comparison with Historical References Looking at the provided similar commits marked "NO" for backporting, they were all: - Documentation/binding changes (commits #1, #2) - Code cleanup/feature removal (commit #3) - Architecture changes (commit #4) The one commit marked "YES" (commit #5) was a simple bug fix correcting a return value check, very similar in nature to this synchronization fix. This commit fits the stable tree criteria perfectly: it's a small, contained bug fix addressing a real hardware synchronization issue that could cause system instability, with minimal risk of regression.
drivers/media/platform/exynos4-is/fimc-is-regs.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/drivers/media/platform/exynos4-is/fimc-is-regs.c b/drivers/media/platform/exynos4-is/fimc-is-regs.c index 366e6393817d2..5f9c44e825a5f 100644 --- a/drivers/media/platform/exynos4-is/fimc-is-regs.c +++ b/drivers/media/platform/exynos4-is/fimc-is-regs.c @@ -164,6 +164,7 @@ int fimc_is_hw_change_mode(struct fimc_is *is) if (WARN_ON(is->config_index >= ARRAY_SIZE(cmd))) return -EINVAL;
+ fimc_is_hw_wait_intmsr0_intmsd0(is); mcuctl_write(cmd[is->config_index], is, MCUCTL_REG_ISSR(0)); mcuctl_write(is->sensor_index, is, MCUCTL_REG_ISSR(1)); mcuctl_write(is->setfile.sub_index, is, MCUCTL_REG_ISSR(2));