Hi Laurent,
On 08/05/2011 10:59 AM, Laurent Pinchart wrote:
>
> Hi Michael,
>
> Thanks for the patch.
>
> On Thursday 04 August 2011 17:40:37 Michael Jones wrote:
>> Add buffer length to sanity checks for QBUF.
>>
>> Signed-off-by: Michael Jones <michael.jones@xxxxxxxxxxxxxxxx>
>> ---
>> drivers/media/video/omap3isp/ispqueue.c | 3 +++
>> 1 files changed, 3 insertions(+), 0 deletions(-)
>>
>> diff --git a/drivers/media/video/omap3isp/ispqueue.c
>> b/drivers/media/video/omap3isp/ispqueue.c index 9c31714..4f6876f 100644
>> --- a/drivers/media/video/omap3isp/ispqueue.c
>> +++ b/drivers/media/video/omap3isp/ispqueue.c
>> @@ -867,6 +867,9 @@ int omap3isp_video_queue_qbuf(struct isp_video_queue
>> *queue, if (buf->state != ISP_BUF_STATE_IDLE)
>> goto done;
>>
>> + if (vbuf->length < buf->vbuf.length)
>> + goto done;
>> +
>
> The vbuf->length value passed from userspace isn't used by the driver, so I'm
> not sure if verifying it is really useful. We verify the memory itself
> instead, to make sure that enough pages can be accessed. The application can
> always lie about the length, so we can't rely on it anyway.
According to the spec, it's expected that the application set 'length':
"To enqueue a user pointer buffer applications set [...] length to its
size." (Now that I say that, I realize I should only do this length
check for USERPTR buffers.) If we don't at least sanity check it for the
application, then it has no purpose at all on QBUF. If this is
desirable, I would propose changing the spec.
This patch was born of a mistake when my application set 624x480, which
resulted in sizeimage=640x480=307200 but it used width & height to
calculate the buffer size rather than sizeimage or even to take
bytesperline into account. It was then honest with QBUF, confessing that
it wasn't providing enough space, but QBUF just went ahead. What
followed were random crashes while data was DMA'd into memory not set
aside for the buffer, while I assumed that the buffer size was OK
because QBUF had succeeded and was looking elsewhere in the program for
the culprit. I think it makes sense to give the app an error on QBUF in
this situation.
>
>> if (vbuf->memory == V4L2_MEMORY_USERPTR &&
>> vbuf->m.userptr != buf->vbuf.m.userptr) {
>> isp_video_buffer_cleanup(buf);
>
MATRIX VISION GmbH, Talstrasse 16, DE-71570 Oppenweiler
Registergericht: Amtsgericht Stuttgart, HRB 271090
Geschaeftsfuehrer: Gerhard Thullner, Werner Armingeon, Uwe Furtner, Erhard Meier
--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
