RE: 0001-media-vb2-Fill-vb2_buffer-with-bytesused-from-user.patch; kernel version 3.10.69

From: Sudip JAIN
Date: Thu Feb 26 2015 - 00:18:48 EST

Next message: Andrew Morton: "Re: [PATCH 2/3 v3] x86: entry_64.S: always allocate complete "struct pt_regs""
Previous message: Huang Ying: "[LKP] [drm/i915] f9b61ff6bce: +178.7% piglit.time.elapsed_time"
In reply to: Jean-Michel Hautbois: "Re: 0001-media-vb2-Fill-vb2_buffer-with-bytesused-from-user.patch"
Next in thread: Hans Verkuil: "Re: 0001-media-vb2-Fill-vb2_buffer-with-bytesused-from-user.patch; kernel version 3.10.69"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Jeremiah,

Please find the patch "inline"

commit 3390900680e5182998916c8fa231bc79cd84046b
Author: Sudip Jain <sudip.jain@xxxxxx>
Date: Thu Feb 26 10:40:34 2015 +0530

media: vb2: Fill vb2_buffer with bytesused from user

In vb2_qbuf for dmabuf memory type, userside bytesused is not read to
vb2 buffer. This leads garbage value being copied from __qbuf_dmabuf()
back to user in __fill_v4l2_buffer().

As a default case, the vb2 framework must trust the userside value,
and also allow driver's buffer prepare function prefer modify/update
or not to.

Applied on kernel version 3.10.69

Change-Id: Ieda389403898935f59c2e2994106f3e5238cfefd
Signed-off-by: Sudip Jain <sudip.jain@xxxxxx>

diff --git a/drivers/media/v4l2-core/videobuf2-core.c b/drivers/media/v4l2-core/videobuf2-core.c
index 5e47ba4..54fe9c9 100644
--- a/drivers/media/v4l2-core/videobuf2-core.c
+++ b/drivers/media/v4l2-core/videobuf2-core.c
@@ -919,6 +919,8 @@ static void __fill_vb2_buffer(struct vb2_buffer *vb, const struct v4l2_buffer *b
b->m.planes[plane].m.fd;
v4l2_planes[plane].length =
b->m.planes[plane].length;
+ v4l2_planes[plane].bytesused =
+ b->m.planes[plane].bytesused;
v4l2_planes[plane].data_offset =
b->m.planes[plane].data_offset;
}
@@ -943,6 +945,7 @@ static void __fill_vb2_buffer(struct vb2_buffer *vb, const struct v4l2_buffer *b
if (b->memory == V4L2_MEMORY_DMABUF) {
v4l2_planes[0].m.fd = b->m.fd;
v4l2_planes[0].length = b->length;
+ v4l2_planes[0].bytesused = b->bytesused;
v4l2_planes[0].data_offset = 0;
}

Thanks,
Sudip
________________________________________
From: Jeremiah Mahler [jmmahler@xxxxxxxxx]
Sent: Wednesday, February 25, 2015 11:53 PM
To: Sudip JAIN
Cc: linux-media@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx
Subject: Re: 0001-media-vb2-Fill-vb2_buffer-with-bytesused-from-user.patch

Sudip,

On Wed, Feb 25, 2015 at 03:29:22PM +0800, Sudip JAIN wrote:
> Dear Maintainer,
>
> PFA attached patch that prevents user from being returned garbage bytesused value from vb2 framework.
>
> Regards,
> Sudip Jain
>

Patches should never be submitted as attachments, they should be inline.

See Documentation/SubmittingPatches for more info.

[...]

--
- Jeremiah Mahler
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Morton: "Re: [PATCH 2/3 v3] x86: entry_64.S: always allocate complete "struct pt_regs""
Previous message: Huang Ying: "[LKP] [drm/i915] f9b61ff6bce: +178.7% piglit.time.elapsed_time"
In reply to: Jean-Michel Hautbois: "Re: 0001-media-vb2-Fill-vb2_buffer-with-bytesused-from-user.patch"
Next in thread: Hans Verkuil: "Re: 0001-media-vb2-Fill-vb2_buffer-with-bytesused-from-user.patch; kernel version 3.10.69"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]