(Adding Dafna and Helen) On Thu, 29 Jul 2021 at 09:36, Jens Korinth <jens.korinth@xxxxxxxxxxx> wrote: > > Hi *, > > I am working on a camera system on Rockchip RK3399 board (Firefly ROC-RK3399-PC-Plus). Tried to use the rkisp1 driver, but was unable to connect to the rkisp1_mainpath output node, because format negotiation failed; so I ran v4l-compliance next and found that it reports several errors (see attached report). > > Upon closer inspection I noticed in the VIDIOC_ENUM_FMT handler in drivers/media/platform/rockchip/rkisp1/rkisp1-dev.c:1169+ that > > 1) the "reserved" member is not zeroed, > 2) the userspace pointer to the v4l2_fmtdesc f is not checked via access_ok, and > 3) it isn't copied from/to userspace using copy_from_user/copy_to_user. > > I'm not sure if this is necessary in general, but at least on my platform the zeroing of the reserved member only worked correctly when I added the userspace copies. But even after these fixes, v4l-compliance reports further issues in format enumeration and negotiation. Is this a known issue? > > Thanks! > -Jens
