4.20-stable review patch. If anyone has any objections, please let me know.
------------------
From: Hans Verkuil <hverkuil-cisco@xxxxxxxxx>
commit 62dcb4f41836bd3c44b5b651bb6df07ea4cb1551 upstream.
vb2_core_create_bufs did not check if the memory model for newly added
buffers is the same as for already existing buffers. It should return an
error if they aren't the same.
Signed-off-by: Hans Verkuil <hverkuil-cisco@xxxxxxxxx>
Reported-by: syzbot+e1fb118a2ebb88031d21@xxxxxxxxxxxxxxxxxxxxxxxxx
Cc: <stable@xxxxxxxxxxxxxxx> # for v4.16 and up
Signed-off-by: Mauro Carvalho Chehab <mchehab+samsung@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/media/common/videobuf2/videobuf2-core.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/media/common/videobuf2/videobuf2-core.c
+++ b/drivers/media/common/videobuf2/videobuf2-core.c
@@ -812,6 +812,9 @@ int vb2_core_create_bufs(struct vb2_queu
memset(q->alloc_devs, 0, sizeof(q->alloc_devs));
q->memory = memory;
q->waiting_for_buffers = !q->is_output;
+ } else if (q->memory != memory) {
+ dprintk(1, "memory model mismatch\n");
+ return -EINVAL;
}
num_buffers = min(*count, VB2_MAX_FRAME - q->num_buffers);
