On Fri, Mar 29, 2019 at 12:34:27PM -0500, Andrew F. Davis wrote:
> The size of the vma can be larger than the size of the backing buffer.
> Use the buffer size over vma size to prevent exposing extra memory
> to userspace.
>
> Signed-off-by: Andrew F. Davis <afd@xxxxxx>
Reviewed-by: Sakari Ailus <sakari.ailus@xxxxxxxxxxxxxxx>
> ---
> drivers/media/v4l2-core/videobuf-dma-contig.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/drivers/media/v4l2-core/videobuf-dma-contig.c b/drivers/media/v4l2-core/videobuf-dma-contig.c
> index e1bf50df4c70..65e2655d22b7 100644
> --- a/drivers/media/v4l2-core/videobuf-dma-contig.c
> +++ b/drivers/media/v4l2-core/videobuf-dma-contig.c
> @@ -280,7 +280,6 @@ static int __videobuf_mmap_mapper(struct videobuf_queue *q,
> struct videobuf_dma_contig_memory *mem;
> struct videobuf_mapping *map;
> int retval;
> - unsigned long size;
>
> dev_dbg(q->dev, "%s\n", __func__);
>
> @@ -303,7 +302,6 @@ static int __videobuf_mmap_mapper(struct videobuf_queue *q,
> goto error;
>
> /* Try to remap memory */
> - size = vma->vm_end - vma->vm_start;
> vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
>
> /* the "vm_pgoff" is just used in v4l2 to find the
> @@ -314,7 +312,7 @@ static int __videobuf_mmap_mapper(struct videobuf_queue *q,
> */
> vma->vm_pgoff = 0;
>
> - retval = vm_iomap_memory(vma, mem->dma_handle, size);
> + retval = vm_iomap_memory(vma, mem->dma_handle, mem->size);
> if (retval) {
> dev_err(q->dev, "mmap: remap failed with error %d. ",
> retval);
> --
> 2.21.0
>
--
Sakari Ailus
