> -----Original Message----- > From: Taneja, Archit > Sent: Friday, September 16, 2011 3:30 PM > To: Hiremath, Vaibhav > Cc: Valkeinen, Tomi; linux-omap@xxxxxxxxxxxxxxx; Semwal, Sumit; linux- > media@xxxxxxxxxxxxxxx; Taneja, Archit > Subject: [PATCH 1/5] [media]: OMAP_VOUT: Fix check in reqbuf & mmap for > buf_size allocation > > The commit 383e4f69879d11c86ebdd38b3356f6d0690fb4cc makes reqbuf and mmap > prevent > requesting a larger size buffer than what is allocated at kernel boot > during > omap_vout_probe. > > The requested size is compared with vout->buffer_size, this isn't correct > as > vout->buffer_size is later set to the size requested in reqbuf. When the > video > device is opened the next time, this check will prevent us to allocate a > buffer > which is larger than what we requested the last time. > > Don't use vout->buffer_size, always check with the parameters > video1_bufsize > or video2_bufsize. > > Signed-off-by: Archit Taneja <archit@xxxxxx> > --- > drivers/media/video/omap/omap_vout.c | 10 ++++++++-- > 1 files changed, 8 insertions(+), 2 deletions(-) > > diff --git a/drivers/media/video/omap/omap_vout.c > b/drivers/media/video/omap/omap_vout.c > index 95daf98..e14c82b 100644 > --- a/drivers/media/video/omap/omap_vout.c > +++ b/drivers/media/video/omap/omap_vout.c > @@ -664,10 +664,14 @@ static int omap_vout_buffer_setup(struct > videobuf_queue *q, unsigned int *count, > u32 phy_addr = 0, virt_addr = 0; > struct omap_vout_device *vout = q->priv_data; > struct omapvideo_info *ovid = &vout->vid_info; > + int vid_max_buf_size; > > if (!vout) > return -EINVAL; > > + vid_max_buf_size = vout->vid == OMAP_VIDEO1 ? video1_bufsize : > + video2_bufsize; > + > if (V4L2_BUF_TYPE_VIDEO_OUTPUT != q->type) > return -EINVAL; > > @@ -690,7 +694,7 @@ static int omap_vout_buffer_setup(struct > videobuf_queue *q, unsigned int *count, > video1_numbuffers : video2_numbuffers; > > /* Check the size of the buffer */ > - if (*size > vout->buffer_size) { > + if (*size > vid_max_buf_size) { Good catch !!! > v4l2_err(&vout->vid_dev->v4l2_dev, > "buffer allocation mismatch [%u] [%u]\n", > *size, vout->buffer_size); > @@ -865,6 +869,8 @@ static int omap_vout_mmap(struct file *file, struct > vm_area_struct *vma) > unsigned long size = (vma->vm_end - vma->vm_start); > struct omap_vout_device *vout = file->private_data; > struct videobuf_queue *q = &vout->vbq; > + int vid_max_buf_size = vout->vid == OMAP_VIDEO1 ? video1_bufsize : > + video2_bufsize; > > v4l2_dbg(1, debug, &vout->vid_dev->v4l2_dev, > " %s pgoff=0x%lx, start=0x%lx, end=0x%lx\n", __func__, > @@ -887,7 +893,7 @@ static int omap_vout_mmap(struct file *file, struct > vm_area_struct *vma) > return -EINVAL; > } > /* Check the size of the buffer */ > - if (size > vout->buffer_size) { > + if (size > vid_max_buf_size) { Don't you think in case of mmap we should still check for the vout->buffer_size, since this is the size user has requested in req_buf. Thanks, Vaibhav > v4l2_err(&vout->vid_dev->v4l2_dev, > "insufficient memory [%lu] [%u]\n", > size, vout->buffer_size); > -- > 1.7.1 -- To unsubscribe from this list: send the line "unsubscribe linux-omap" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html