renegade-project/linux-next
2
0
Fork 0
mirror of https://github.com/edk2-porting/linux-next.git synced 2025-01-14 16:44:29 +08:00
Code
b34ecd5aa3
linux-next/drivers/media/v4l2-core
History
Ricardo Ribalda 89a0956683 [media] vb2-memops: Fix over allocation of frame vectors 
On page unaligned frames, create_framevec forces get_vaddr_frames to
allocate an extra page at the end of the buffer. Under some
circumstances, this leads to -EINVAL on VIDIOC_QBUF.

E.g:
We have vm_a that vm_area that goes from 0x1000 to 0x3000. And a
frame that goes from 0x1800 to 0x2800, i.e. 2 pages.

frame_vector_create will be called with the following params:

get_vaddr_frames(0x1800, 2, write, 1, vec);

get_vaddr will allocate the first page after checking that the memory
0x1800-0x27ff is valid, but it will not allocate the second page because
the range 0x2800-0x37ff is out of the vm_a range. This results in
create_framevec returning -EFAULT

Error Trace:
[ 9083.793015] video0: VIDIOC_QBUF: 00:00:00.00000000 index=1,
type=vid-cap, flags=0x00002002, field=any, sequence=0,
memory=userptr, bytesused=0, offset/userptr=0x7ff2b023ca80, length=5765760
[ 9083.793028] timecode=00:00:00 type=0, flags=0x00000000,
frames=0, userbits=0x00000000
[ 9083.793117] video0: VIDIOC_QBUF: error -22: 00:00:00.00000000
index=2, type=vid-cap, flags=0x00000000, field=any, sequence=0,
memory=userptr, bytesused=0, offset/userptr=0x7ff2b07bc500, length=5765760

Also use true instead of 1 since that argument is a bool in the
get_vaddr_frames() prototype.

Fixes: 21fb0cb7ec ("[media] vb2: Provide helpers for mapping virtual addresses")

Reported-by: Albert Antony <albert@newtec.dk>
Signed-off-by: Ricardo Ribalda Delgado <ricardo.ribalda@gmail.com>
[hans.verkuil@cisco.com: merged the 'bool' change into this patch]
Acked-by: Marek Szyprowski <m.szyprowski@samsung.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Cc: <stable@vger.kernel.org>      # for v4.3 and up
Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com>

Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
2016-04-25 10:22:55 -03:00
..
Kconfig [media] v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER 2016-02-01 13:16:33 -02:00
Makefile [media] v4l2-mc: add a generic function to create the media graph 2016-02-10 07:23:40 -02:00
tuner-core.c [media] v4l2-mc.h Add pads for audio and video IF-PLL decoders 2016-02-01 07:23:58 -02:00
v4l2-async.c [media] v4l2-async: Don't fail if registered_async isn't implemented 2016-02-19 08:10:31 -02:00
v4l2-clk.c [media] v4l2-clk: v4l2_clk_get() also need to find the of_fullname clock 2015-11-17 15:19:52 -02:00
v4l2-common.c [media] v4l2-common: move v4l2_ctrl_check to cx2341x 2014-11-25 08:25:36 -02:00
v4l2-compat-ioctl32.c [media] media: v4l2-compat-ioctl32: fix missing length copy in put_v4l2_buffer32 2016-02-01 08:15:21 -02:00
v4l2-ctrls.c [media] v4l: add V4L2_CID_MPEG_VIDEO_FORCE_KEY_FRAME 2016-02-19 08:10:35 -02:00
v4l2-dev.c [media] media_entity: remove gfp_flags argument 2016-01-11 12:19:02 -02:00
v4l2-device.c [media] v4l2-device: fix a missing error code 2016-01-11 12:19:16 -02:00
v4l2-dv-timings.c [media] v4l2-dv-timings: skip standards check for V4L2_DV_BT_CAP_CUSTOM 2016-02-01 08:01:42 -02:00
v4l2-event.c [media] v4l2-event: v4l2_event_queue: do nothing if vdev == NULL 2015-07-17 09:15:27 -03:00
v4l2-fh.c [media] media: Change v4l-core to check if source is free 2016-02-27 08:46:55 -03:00
v4l2-flash-led-class.c media updates for v4.5-rc1 2016-01-13 11:46:37 -08:00
v4l2-ioctl.c [media] v4l2-ioctl: fix YUV422P pixel format description 2016-03-05 08:21:32 -03:00
v4l2-mc.c [media] v4l2-mc: cleanup a warning 2016-03-31 14:50:38 -03:00
v4l2-mem2mem.c [media] media: videobuf2: Restructure vb2_buffer 2015-10-01 09:04:43 -03:00
v4l2-of.c [media] v4l: of: Correct v4l2_of_parse_endpoint() kernel-doc 2016-02-01 10:01:22 -02:00
v4l2-subdev.c [media] uapi/media.h: Rename entities types to functions 2016-01-11 12:19:01 -02:00
v4l2-trace.c [media] media: videobuf2: Prepare to divide videobuf2 2015-10-20 15:12:45 -02:00
vb2-trace.c [media] media: videobuf2: Prepare to divide videobuf2 2015-10-20 15:12:45 -02:00
videobuf2-core.c [media] media: vb2: Fix regression on poll() for RW mode 2016-04-25 10:21:23 -03:00
videobuf2-dma-contig.c ARM: 8508/2: videobuf2-dc: Let drivers specify DMA attrs 2016-02-11 15:33:38 +00:00
videobuf2-dma-sg.c [media] media: vb2 dma-sg: Fully cache synchronise buffers in prepare and finish 2015-10-20 14:36:24 -02:00
videobuf2-dvb.c [media] add media controller support to videobuf2-dvb 2016-02-10 07:23:41 -02:00
videobuf2-memops.c [media] vb2-memops: Fix over allocation of frame vectors 2016-04-25 10:22:55 -03:00
videobuf2-v4l2.c [media] media: vb2: Fix regression on poll() for RW mode 2016-04-25 10:21:23 -03:00
videobuf2-vmalloc.c [media] media: videobuf2: Replace videobuf2-core with videobuf2-v4l2 2015-10-01 08:48:18 -03:00
videobuf-core.c [media] V4L: fix a confusing function name 2016-03-03 07:30:43 -03:00
videobuf-dma-contig.c [media] videobuf-dma-contig: set vm_pgoff to be zero to pass the sanity check in vm_iomap_memory() 2014-10-24 09:32:41 -02:00
videobuf-dma-sg.c mm/gup: Switch all callers of get_user_pages() to not pass tsk/mm 2016-02-16 10:11:12 +01:00
videobuf-dvb.c
videobuf-vmalloc.c [media] Revert "[media] videobuf_vm_{open,close} race fixes" 2014-02-04 06:29:46 -02:00