Re: [PATCH] omap_vout: Added check in reqbuf mmap for buf_size allocation
Hi,
On Friday 17 June 2011 01:44 AM, Hiremath, Vaibhav wrote:
From: Vaibhav Hiremathhvaib...@ti.com
The usecase where, user allocates small size of buffer
through bootargs (video1_bufsize/video2_bufsize) and later from application
tries to set the format which requires larger buffer size, driver doesn't
check for insufficient buffer size and allows application to map extra buffer.
This leads to kernel crash, when user application tries to access memory
beyond the allocation size.
Query: Why do we pass the bufsize as bootargs in the first place? Is it
needed at probe time?
Thanks,
Archit
Added check in both mmap and reqbuf call back function,
and return error if the size of the buffer allocated by user through
bootargs is less than the S_FMT size.
Signed-off-by: Vaibhav Hiremathhvaib...@ti.com
---
drivers/media/video/omap/omap_vout.c | 16
1 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/drivers/media/video/omap/omap_vout.c
b/drivers/media/video/omap/omap_vout.c
index 3bc909a..343b50c 100644
--- a/drivers/media/video/omap/omap_vout.c
+++ b/drivers/media/video/omap/omap_vout.c
@@ -678,6 +678,14 @@ static int omap_vout_buffer_setup(struct videobuf_queue
*q, unsigned int *count,
startindex = (vout-vid == OMAP_VIDEO1) ?
video1_numbuffers : video2_numbuffers;
+ /* Check the size of the buffer */
+ if (*size vout-buffer_size) {
+ v4l2_err(vout-vid_dev-v4l2_dev,
+ buffer allocation mismatch [%u] [%u]\n,
+ *size, vout-buffer_size);
+ return -ENOMEM;
+ }
+
for (i = startindex; i *count; i++) {
vout-buffer_size = *size;
@@ -856,6 +864,14 @@ static int omap_vout_mmap(struct file *file, struct
vm_area_struct *vma)
(vma-vm_pgoff PAGE_SHIFT));
return -EINVAL;
}
+ /* Check the size of the buffer */
+ if (size vout-buffer_size) {
+ v4l2_err(vout-vid_dev-v4l2_dev,
+ insufficient memory [%lu] [%u]\n,
+ size, vout-buffer_size);
+ return -ENOMEM;
+ }
+
q-bufs[i]-baddr = vma-vm_start;
vma-vm_flags |= VM_RESERVED;
--
1.6.2.4
--
To unsubscribe from this list: send the line unsubscribe linux-media in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line unsubscribe linux-media in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
RE: [PATCH] omap_vout: Added check in reqbuf mmap for buf_size allocation
-Original Message-
From: Taneja, Archit
Sent: Friday, June 17, 2011 2:16 PM
To: Hiremath, Vaibhav
Cc: linux-media@vger.kernel.org; mche...@redhat.com; hverk...@xs4all.nl
Subject: Re: [PATCH] omap_vout: Added check in reqbuf mmap for buf_size
allocation
Hi,
On Friday 17 June 2011 01:44 AM, Hiremath, Vaibhav wrote:
From: Vaibhav Hiremathhvaib...@ti.com
The usecase where, user allocates small size of buffer
through bootargs (video1_bufsize/video2_bufsize) and later from
application
tries to set the format which requires larger buffer size, driver
doesn't
check for insufficient buffer size and allows application to map extra
buffer.
This leads to kernel crash, when user application tries to access memory
beyond the allocation size.
Query: Why do we pass the bufsize as bootargs in the first place? Is it
needed at probe time?
[Hiremath, Vaibhav] Yes, look out for variable (video1_bufsize/video2_bufsize)
in code.
Thanks,
Vaibhav
Thanks,
Archit
Added check in both mmap and reqbuf call back function,
and return error if the size of the buffer allocated by user through
bootargs is less than the S_FMT size.
Signed-off-by: Vaibhav Hiremathhvaib...@ti.com
---
drivers/media/video/omap/omap_vout.c | 16
1 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/drivers/media/video/omap/omap_vout.c
b/drivers/media/video/omap/omap_vout.c
index 3bc909a..343b50c 100644
--- a/drivers/media/video/omap/omap_vout.c
+++ b/drivers/media/video/omap/omap_vout.c
@@ -678,6 +678,14 @@ static int omap_vout_buffer_setup(struct
videobuf_queue *q, unsigned int *count,
startindex = (vout-vid == OMAP_VIDEO1) ?
video1_numbuffers : video2_numbuffers;
+ /* Check the size of the buffer */
+ if (*size vout-buffer_size) {
+ v4l2_err(vout-vid_dev-v4l2_dev,
+ buffer allocation mismatch [%u] [%u]\n,
+ *size, vout-buffer_size);
+ return -ENOMEM;
+ }
+
for (i = startindex; i *count; i++) {
vout-buffer_size = *size;
@@ -856,6 +864,14 @@ static int omap_vout_mmap(struct file *file, struct
vm_area_struct *vma)
(vma-vm_pgoff PAGE_SHIFT));
return -EINVAL;
}
+ /* Check the size of the buffer */
+ if (size vout-buffer_size) {
+ v4l2_err(vout-vid_dev-v4l2_dev,
+ insufficient memory [%lu] [%u]\n,
+ size, vout-buffer_size);
+ return -ENOMEM;
+ }
+
q-bufs[i]-baddr = vma-vm_start;
vma-vm_flags |= VM_RESERVED;
--
1.6.2.4
--
To unsubscribe from this list: send the line unsubscribe linux-media
in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line unsubscribe linux-media in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] omap_vout: Added check in reqbuf mmap for buf_size allocation
Hi,
On Friday 17 June 2011 03:33 PM, Hiremath, Vaibhav wrote:
-Original Message-
From: Taneja, Archit
Sent: Friday, June 17, 2011 2:16 PM
To: Hiremath, Vaibhav
Cc: linux-media@vger.kernel.org; mche...@redhat.com; hverk...@xs4all.nl
Subject: Re: [PATCH] omap_vout: Added check in reqbuf mmap for buf_size
allocation
Hi,
On Friday 17 June 2011 01:44 AM, Hiremath, Vaibhav wrote:
From: Vaibhav Hiremathhvaib...@ti.com
The usecase where, user allocates small size of buffer
through bootargs (video1_bufsize/video2_bufsize) and later from
application
tries to set the format which requires larger buffer size, driver
doesn't
check for insufficient buffer size and allows application to map extra
buffer.
This leads to kernel crash, when user application tries to access memory
beyond the allocation size.
Query: Why do we pass the bufsize as bootargs in the first place? Is it
needed at probe time?
[Hiremath, Vaibhav] Yes, look out for variable (video1_bufsize/video2_bufsize)
in code.
Yes, but why do we need to allocate some fixed size buffers at boot
time? Is it done because it makes our allocation happens faster during
reqbufs? Or is it required for VRFB?
Could you explain the reason/startegy behind allocating buffers of a
particular size at boot time?
Thanks,
Archit
Thanks,
Vaibhav
Thanks,
Archit
Added check in both mmap and reqbuf call back function,
and return error if the size of the buffer allocated by user through
bootargs is less than the S_FMT size.
Signed-off-by: Vaibhav Hiremathhvaib...@ti.com
---
drivers/media/video/omap/omap_vout.c | 16
1 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/drivers/media/video/omap/omap_vout.c
b/drivers/media/video/omap/omap_vout.c
index 3bc909a..343b50c 100644
--- a/drivers/media/video/omap/omap_vout.c
+++ b/drivers/media/video/omap/omap_vout.c
@@ -678,6 +678,14 @@ static int omap_vout_buffer_setup(struct
videobuf_queue *q, unsigned int *count,
startindex = (vout-vid == OMAP_VIDEO1) ?
video1_numbuffers : video2_numbuffers;
+ /* Check the size of the buffer */
+ if (*size vout-buffer_size) {
+ v4l2_err(vout-vid_dev-v4l2_dev,
+ buffer allocation mismatch [%u] [%u]\n,
+ *size, vout-buffer_size);
+ return -ENOMEM;
+ }
+
for (i = startindex; i *count; i++) {
vout-buffer_size = *size;
@@ -856,6 +864,14 @@ static int omap_vout_mmap(struct file *file, struct
vm_area_struct *vma)
(vma-vm_pgoff PAGE_SHIFT));
return -EINVAL;
}
+ /* Check the size of the buffer */
+ if (size vout-buffer_size) {
+ v4l2_err(vout-vid_dev-v4l2_dev,
+ insufficient memory [%lu] [%u]\n,
+ size, vout-buffer_size);
+ return -ENOMEM;
+ }
+
q-bufs[i]-baddr = vma-vm_start;
vma-vm_flags |= VM_RESERVED;
--
1.6.2.4
--
To unsubscribe from this list: send the line unsubscribe linux-media
in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line unsubscribe linux-media in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
RE: [PATCH] omap_vout: Added check in reqbuf mmap for buf_size allocation
-Original Message-
From: Taneja, Archit
Sent: Friday, June 17, 2011 3:57 PM
To: Hiremath, Vaibhav
Cc: linux-media@vger.kernel.org; mche...@redhat.com; hverk...@xs4all.nl
Subject: Re: [PATCH] omap_vout: Added check in reqbuf mmap for buf_size
allocation
Hi,
On Friday 17 June 2011 03:33 PM, Hiremath, Vaibhav wrote:
-Original Message-
From: Taneja, Archit
Sent: Friday, June 17, 2011 2:16 PM
To: Hiremath, Vaibhav
Cc: linux-media@vger.kernel.org; mche...@redhat.com; hverk...@xs4all.nl
Subject: Re: [PATCH] omap_vout: Added check in reqbuf mmap for
buf_size
allocation
Hi,
On Friday 17 June 2011 01:44 AM, Hiremath, Vaibhav wrote:
From: Vaibhav Hiremathhvaib...@ti.com
The usecase where, user allocates small size of buffer
through bootargs (video1_bufsize/video2_bufsize) and later from
application
tries to set the format which requires larger buffer size, driver
doesn't
check for insufficient buffer size and allows application to map extra
buffer.
This leads to kernel crash, when user application tries to access
memory
beyond the allocation size.
Query: Why do we pass the bufsize as bootargs in the first place? Is it
needed at probe time?
[Hiremath, Vaibhav] Yes, look out for variable
(video1_bufsize/video2_bufsize) in code.
Yes, but why do we need to allocate some fixed size buffers at boot
time? Is it done because it makes our allocation happens faster during
reqbufs? Or is it required for VRFB?
Could you explain the reason/startegy behind allocating buffers of a
particular size at boot time?
[Hiremath, Vaibhav] This is required to get rid of Linux memory fragmentation,
user can reserve the memory based on usecase during boot time itself.
Thanks,
Vaibhav
Thanks,
Archit
Thanks,
Vaibhav
Thanks,
Archit
Added check in both mmap and reqbuf call back function,
and return error if the size of the buffer allocated by user through
bootargs is less than the S_FMT size.
Signed-off-by: Vaibhav Hiremathhvaib...@ti.com
---
drivers/media/video/omap/omap_vout.c | 16
1 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/drivers/media/video/omap/omap_vout.c
b/drivers/media/video/omap/omap_vout.c
index 3bc909a..343b50c 100644
--- a/drivers/media/video/omap/omap_vout.c
+++ b/drivers/media/video/omap/omap_vout.c
@@ -678,6 +678,14 @@ static int omap_vout_buffer_setup(struct
videobuf_queue *q, unsigned int *count,
startindex = (vout-vid == OMAP_VIDEO1) ?
video1_numbuffers : video2_numbuffers;
+ /* Check the size of the buffer */
+ if (*size vout-buffer_size) {
+ v4l2_err(vout-vid_dev-v4l2_dev,
+ buffer allocation mismatch [%u] [%u]\n,
+ *size, vout-buffer_size);
+ return -ENOMEM;
+ }
+
for (i = startindex; i *count; i++) {
vout-buffer_size = *size;
@@ -856,6 +864,14 @@ static int omap_vout_mmap(struct file *file,
struct
vm_area_struct *vma)
(vma-vm_pgoff PAGE_SHIFT));
return -EINVAL;
}
+ /* Check the size of the buffer */
+ if (size vout-buffer_size) {
+ v4l2_err(vout-vid_dev-v4l2_dev,
+ insufficient memory [%lu] [%u]\n,
+ size, vout-buffer_size);
+ return -ENOMEM;
+ }
+
q-bufs[i]-baddr = vma-vm_start;
vma-vm_flags |= VM_RESERVED;
--
1.6.2.4
--
To unsubscribe from this list: send the line unsubscribe linux-media
in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line unsubscribe linux-media in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] omap_vout: Added check in reqbuf mmap for buf_size allocation
Hi,
On Friday 17 June 2011 03:53 PM, Hiremath, Vaibhav wrote:
-Original Message-
From: Taneja, Archit
Sent: Friday, June 17, 2011 3:57 PM
To: Hiremath, Vaibhav
Cc: linux-media@vger.kernel.org; mche...@redhat.com; hverk...@xs4all.nl
Subject: Re: [PATCH] omap_vout: Added check in reqbuf mmap for buf_size
allocation
Hi,
On Friday 17 June 2011 03:33 PM, Hiremath, Vaibhav wrote:
-Original Message-
From: Taneja, Archit
Sent: Friday, June 17, 2011 2:16 PM
To: Hiremath, Vaibhav
Cc: linux-media@vger.kernel.org; mche...@redhat.com; hverk...@xs4all.nl
Subject: Re: [PATCH] omap_vout: Added check in reqbuf mmap for
buf_size
allocation
Hi,
On Friday 17 June 2011 01:44 AM, Hiremath, Vaibhav wrote:
From: Vaibhav Hiremathhvaib...@ti.com
The usecase where, user allocates small size of buffer
through bootargs (video1_bufsize/video2_bufsize) and later from
application
tries to set the format which requires larger buffer size, driver
doesn't
check for insufficient buffer size and allows application to map extra
buffer.
This leads to kernel crash, when user application tries to access
memory
beyond the allocation size.
Query: Why do we pass the bufsize as bootargs in the first place? Is it
needed at probe time?
[Hiremath, Vaibhav] Yes, look out for variable
(video1_bufsize/video2_bufsize) in code.
Yes, but why do we need to allocate some fixed size buffers at boot
time? Is it done because it makes our allocation happens faster during
reqbufs? Or is it required for VRFB?
Could you explain the reason/startegy behind allocating buffers of a
particular size at boot time?
[Hiremath, Vaibhav] This is required to get rid of Linux memory fragmentation,
user can reserve the memory based on usecase during boot time itself.
Ah okay, so if someone has passed this bootarg then he/she is certain
about the max size needed for their use cases, now if they request for a
larger buffer, its their fault, and hence we can return an error.
The patch makes sense now :)
I think we now need to work on what happens if the user doesn't enter
video1_bufsize/video2_bufsize bootargs at all. OMAP_VOUT_MAX_BUF_SIZE
doesn't look scalable I guess. Should we try not to allocate anything if
video1_bufsize/video2_bufsize are not mentioned in bootargs? Another
approach could be to replace OMAP_VOUT_MAX_BUF_SIZE with an inline
function which returns the max buffer size based on what maximum
dimensions the DSS for the current OMAP can support?
Thanks,
Archit
Thanks,
Vaibhav
Thanks,
Archit
Thanks,
Vaibhav
Thanks,
Archit
Added check in both mmap and reqbuf call back function,
and return error if the size of the buffer allocated by user through
bootargs is less than the S_FMT size.
Signed-off-by: Vaibhav Hiremathhvaib...@ti.com
---
drivers/media/video/omap/omap_vout.c | 16
1 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/drivers/media/video/omap/omap_vout.c
b/drivers/media/video/omap/omap_vout.c
index 3bc909a..343b50c 100644
--- a/drivers/media/video/omap/omap_vout.c
+++ b/drivers/media/video/omap/omap_vout.c
@@ -678,6 +678,14 @@ static int omap_vout_buffer_setup(struct
videobuf_queue *q, unsigned int *count,
startindex = (vout-vid == OMAP_VIDEO1) ?
video1_numbuffers : video2_numbuffers;
+ /* Check the size of the buffer */
+ if (*sizevout-buffer_size) {
+ v4l2_err(vout-vid_dev-v4l2_dev,
+ buffer allocation mismatch [%u] [%u]\n,
+ *size, vout-buffer_size);
+ return -ENOMEM;
+ }
+
for (i = startindex; i*count; i++) {
vout-buffer_size = *size;
@@ -856,6 +864,14 @@ static int omap_vout_mmap(struct file *file,
struct
vm_area_struct *vma)
(vma-vm_pgoffPAGE_SHIFT));
return -EINVAL;
}
+ /* Check the size of the buffer */
+ if (sizevout-buffer_size) {
+ v4l2_err(vout-vid_dev-v4l2_dev,
+ insufficient memory [%lu] [%u]\n,
+ size, vout-buffer_size);
+ return -ENOMEM;
+ }
+
q-bufs[i]-baddr = vma-vm_start;
vma-vm_flags |= VM_RESERVED;
--
1.6.2.4
--
To unsubscribe from this list: send the line unsubscribe linux-media
in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line unsubscribe linux-media in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] omap_vout: Added check in reqbuf mmap for buf_size allocation
From: Vaibhav Hiremath hvaib...@ti.com
The usecase where, user allocates small size of buffer
through bootargs (video1_bufsize/video2_bufsize) and later from application
tries to set the format which requires larger buffer size, driver doesn't
check for insufficient buffer size and allows application to map extra buffer.
This leads to kernel crash, when user application tries to access memory
beyond the allocation size.
Added check in both mmap and reqbuf call back function,
and return error if the size of the buffer allocated by user through
bootargs is less than the S_FMT size.
Signed-off-by: Vaibhav Hiremath hvaib...@ti.com
---
drivers/media/video/omap/omap_vout.c | 16
1 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/drivers/media/video/omap/omap_vout.c
b/drivers/media/video/omap/omap_vout.c
index 3bc909a..343b50c 100644
--- a/drivers/media/video/omap/omap_vout.c
+++ b/drivers/media/video/omap/omap_vout.c
@@ -678,6 +678,14 @@ static int omap_vout_buffer_setup(struct videobuf_queue
*q, unsigned int *count,
startindex = (vout-vid == OMAP_VIDEO1) ?
video1_numbuffers : video2_numbuffers;
+ /* Check the size of the buffer */
+ if (*size vout-buffer_size) {
+ v4l2_err(vout-vid_dev-v4l2_dev,
+ buffer allocation mismatch [%u] [%u]\n,
+ *size, vout-buffer_size);
+ return -ENOMEM;
+ }
+
for (i = startindex; i *count; i++) {
vout-buffer_size = *size;
@@ -856,6 +864,14 @@ static int omap_vout_mmap(struct file *file, struct
vm_area_struct *vma)
(vma-vm_pgoff PAGE_SHIFT));
return -EINVAL;
}
+ /* Check the size of the buffer */
+ if (size vout-buffer_size) {
+ v4l2_err(vout-vid_dev-v4l2_dev,
+ insufficient memory [%lu] [%u]\n,
+ size, vout-buffer_size);
+ return -ENOMEM;
+ }
+
q-bufs[i]-baddr = vma-vm_start;
vma-vm_flags |= VM_RESERVED;
--
1.6.2.4
--
To unsubscribe from this list: send the line unsubscribe linux-media in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
