5.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Dave Stevenson <dave.stevenson@xxxxxxxxxxxxxxx> [ Upstream commit 8c589e1794a31e9a381916b0280260ab601e4d6e ] The existing code assumed that there would only ever be 4 components, and never freed the entries once used. Allow arbitrary creation and destruction of components. Signed-off-by: Dave Stevenson <dave.stevenson@xxxxxxxxxxxxxxx> Signed-off-by: Jacopo Mondi <jacopo@xxxxxxxxxx> Signed-off-by: Nicolas Saenz Julienne <nsaenzjulienne@xxxxxxx> Link: https://lore.kernel.org/r/20200623164235.29566-3-nsaenzjulienne@xxxxxxx Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> Stable-dep-of: f37e76abd614 ("staging: vc04_services: fix information leak in create_component()") Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> --- .../vc04_services/bcm2835-camera/mmal-vchiq.c | 29 ++++++++++++------- .../vc04_services/bcm2835-camera/mmal-vchiq.h | 1 + 2 files changed, 20 insertions(+), 10 deletions(-) diff --git a/drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.c b/drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.c index 1c180ead4a20b..9b47ba4d2d3cd 100644 --- a/drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.c +++ b/drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.c @@ -31,8 +31,11 @@ #define USE_VCHIQ_ARM #include "interface/vchi/vchi.h" -/* maximum number of components supported */ -#define VCHIQ_MMAL_MAX_COMPONENTS 4 +/* + * maximum number of components supported. + * This matches the maximum permitted by default on the VPU + */ +#define VCHIQ_MMAL_MAX_COMPONENTS 64 /*#define FULL_MSG_DUMP 1*/ @@ -167,8 +170,6 @@ struct vchiq_mmal_instance { /* protect accesses to context_map */ struct mutex context_map_lock; - /* component to use next */ - int component_idx; struct vchiq_mmal_component component[VCHIQ_MMAL_MAX_COMPONENTS]; /* ordered workqueue to process all bulk operations */ @@ -1616,18 +1617,24 @@ int vchiq_mmal_component_init(struct vchiq_mmal_instance *instance, { int ret; int idx; /* port index */ - struct vchiq_mmal_component *component; + struct vchiq_mmal_component *component = NULL; if (mutex_lock_interruptible(&instance->vchiq_mutex)) return -EINTR; - if (instance->component_idx == VCHIQ_MMAL_MAX_COMPONENTS) { + for (idx = 0; idx < VCHIQ_MMAL_MAX_COMPONENTS; idx++) { + if (!instance->component[idx].in_use) { + component = &instance->component[idx]; + component->in_use = 1; + break; + } + } + + if (!component) { ret = -EINVAL; /* todo is this correct error? */ goto unlock; } - component = &instance->component[instance->component_idx]; - ret = create_component(instance, component, name); if (ret < 0) { pr_err("%s: failed to create component %d (Not enough GPU mem?)\n", @@ -1678,8 +1685,6 @@ int vchiq_mmal_component_init(struct vchiq_mmal_instance *instance, goto release_component; } - instance->component_idx++; - *component_out = component; mutex_unlock(&instance->vchiq_mutex); @@ -1689,6 +1694,8 @@ int vchiq_mmal_component_init(struct vchiq_mmal_instance *instance, release_component: destroy_component(instance, component); unlock: + if (component) + component->in_use = 0; mutex_unlock(&instance->vchiq_mutex); return ret; @@ -1710,6 +1717,8 @@ int vchiq_mmal_component_finalise(struct vchiq_mmal_instance *instance, ret = destroy_component(instance, component); + component->in_use = 0; + mutex_unlock(&instance->vchiq_mutex); return ret; diff --git a/drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.h b/drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.h index 47897e81ec586..4e34728d87e53 100644 --- a/drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.h +++ b/drivers/staging/vc04_services/bcm2835-camera/mmal-vchiq.h @@ -82,6 +82,7 @@ struct vchiq_mmal_port { }; struct vchiq_mmal_component { + u32 in_use:1; u32 enabled:1; u32 handle; /* VideoCore handle for component */ u32 inputs; /* Number of input ports */ -- 2.43.0