From: Hans de Goede <hdegoede@xxxxxxxxxx> [ Upstream commit 6e6c4ae0f0ba295dbf6cbd48d93bec169d6ce431 ] The atomisp code needs USERPTR pointers to be page aligned, otherwise bad things (scribbling over other parts of the process' RAM) happen. Add a check to ensure this and exit VIDIOC_QBUF calls with unaligned pointers with -EINVAL. Reviewed-by: Andy Shevchenko <andy.shevchenko@xxxxxxxxx> Signed-off-by: Hans de Goede <hdegoede@xxxxxxxxxx> Signed-off-by: Mauro Carvalho Chehab <mchehab@xxxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> --- drivers/staging/media/atomisp/pci/atomisp_ioctl.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/staging/media/atomisp/pci/atomisp_ioctl.c b/drivers/staging/media/atomisp/pci/atomisp_ioctl.c index 459645c2e2a7..4de01aa28fe5 100644 --- a/drivers/staging/media/atomisp/pci/atomisp_ioctl.c +++ b/drivers/staging/media/atomisp/pci/atomisp_ioctl.c @@ -1338,6 +1338,12 @@ static int atomisp_qbuf(struct file *file, void *fh, struct v4l2_buffer *buf) * address and reprograme out page table properly */ if (buf->memory == V4L2_MEMORY_USERPTR) { + if (offset_in_page(buf->m.userptr)) { + dev_err(isp->dev, "Error userptr is not page aligned.\n"); + ret = -EINVAL; + goto error; + } + vb = pipe->capq.bufs[buf->index]; vm_mem = vb->priv; if (!vm_mem) { -- 2.35.1