The size of the vma can be larger than the size of the backing buffer.
Use the buffer size over vma size to prevent exposing extra memory
to userspace.
Signed-off-by: Andrew F. Davis <afd@xxxxxx>
---
drivers/media/v4l2-core/videobuf-dma-contig.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/drivers/media/v4l2-core/videobuf-dma-contig.c b/drivers/media/v4l2-core/videobuf-dma-contig.c
index e1bf50df4c70..65e2655d22b7 100644
--- a/drivers/media/v4l2-core/videobuf-dma-contig.c
+++ b/drivers/media/v4l2-core/videobuf-dma-contig.c
@@ -280,7 +280,6 @@ static int __videobuf_mmap_mapper(struct videobuf_queue *q,
struct videobuf_dma_contig_memory *mem;
struct videobuf_mapping *map;
int retval;
- unsigned long size;
dev_dbg(q->dev, "%s\n", __func__);
@@ -303,7 +302,6 @@ static int __videobuf_mmap_mapper(struct videobuf_queue *q,
goto error;
/* Try to remap memory */
- size = vma->vm_end - vma->vm_start;
vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
/* the "vm_pgoff" is just used in v4l2 to find the
@@ -314,7 +312,7 @@ static int __videobuf_mmap_mapper(struct videobuf_queue *q,
*/
vma->vm_pgoff = 0;
- retval = vm_iomap_memory(vma, mem->dma_handle, size);
+ retval = vm_iomap_memory(vma, mem->dma_handle, mem->size);
if (retval) {
dev_err(q->dev, "mmap: remap failed with error %d. ",
retval);
--
2.21.0
