Re: [PATCH] Revert "[media] videobuf2-v4l2: Verify planes array in buffer dequeueing"
Hi Nicolas, Nicolas Dufresne wrote: > Le mercredi 11 mai 2016 à 13:27 -0300, Mauro Carvalho Chehab a écrit : >> This patch causes a Kernel panic when called on a DVB driver. >> >> This reverts commit 2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab. > > Seems rather tricky, since this commit fixed a possible (user induced) > buffer overflow according to Sakari comment. Would be nice to fix and > resubmit. I have updated patches here: https://git.linuxtv.org/sailus/media_tree.git/log/?h=vb2-overwrite-fix-error-on-fixes-v2> These are tested on V4L2 streaming API only so far, I'll test file I/O today but with DVB I'd need some help with testing. I'd very much appreciate test reports if someone has a chance to test the two patches with a DVB adapter using VB2. Thanks. -- Kind regards, Sakari Ailus sakari.ai...@linux.intel.com -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] Revert "[media] videobuf2-v4l2: Verify planes array in buffer dequeueing"
Le mercredi 11 mai 2016 à 13:27 -0300, Mauro Carvalho Chehab a écrit :
> This patch causes a Kernel panic when called on a DVB driver.
>
> This reverts commit 2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab.
Seems rather tricky, since this commit fixed a possible (user induced)
buffer overflow according to Sakari comment. Would be nice to fix and
resubmit.
>
> Cc: Sakari Ailus
> Cc: Hans Verkuil
> Cc: sta...@vgar.kernel.org
> Fixes: 2c1f6951a8a8 ("[media] videobuf2-v4l2: Verify planes array in
> buffer dequeueing")
> Signed-off-by: Mauro Carvalho Chehab
> ---
> drivers/media/v4l2-core/videobuf2-v4l2.c | 6 --
> 1 file changed, 6 deletions(-)
>
> diff --git a/drivers/media/v4l2-core/videobuf2-v4l2.c
> b/drivers/media/v4l2-core/videobuf2-v4l2.c
> index 7f366f1b0377..0b1b8c7b6ce5 100644
> --- a/drivers/media/v4l2-core/videobuf2-v4l2.c
> +++ b/drivers/media/v4l2-core/videobuf2-v4l2.c
> @@ -74,11 +74,6 @@ static int __verify_planes_array(struct vb2_buffer
> *vb, const struct v4l2_buffer
> return 0;
> }
>
> -static int __verify_planes_array_core(struct vb2_buffer *vb, const
> void *pb)
> -{
> - return __verify_planes_array(vb, pb);
> -}
> -
> /**
> * __verify_length() - Verify that the bytesused value for each
> plane fits in
> * the plane length and that the data offset doesn't exceed the
> bytesused value.
> @@ -442,7 +437,6 @@ static int __fill_vb2_buffer(struct vb2_buffer
> *vb,
> }
>
> static const struct vb2_buf_ops v4l2_buf_ops = {
> - .verify_planes_array= __verify_planes_array_core,
> .fill_user_buffer = __fill_v4l2_buffer,
> .fill_vb2_buffer= __fill_vb2_buffer,
> .copy_timestamp = __copy_timestamp,
--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] Revert "[media] videobuf2-v4l2: Verify planes array in buffer dequeueing"
This patch causes a Kernel panic when called on a DVB driver.
This reverts commit 2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab.
Cc: Sakari Ailus
Cc: Hans Verkuil
Cc: sta...@vgar.kernel.org
Fixes: 2c1f6951a8a8 ("[media] videobuf2-v4l2: Verify planes array in buffer
dequeueing")
Signed-off-by: Mauro Carvalho Chehab
---
drivers/media/v4l2-core/videobuf2-v4l2.c | 6 --
1 file changed, 6 deletions(-)
diff --git a/drivers/media/v4l2-core/videobuf2-v4l2.c
b/drivers/media/v4l2-core/videobuf2-v4l2.c
index 7f366f1b0377..0b1b8c7b6ce5 100644
--- a/drivers/media/v4l2-core/videobuf2-v4l2.c
+++ b/drivers/media/v4l2-core/videobuf2-v4l2.c
@@ -74,11 +74,6 @@ static int __verify_planes_array(struct vb2_buffer *vb,
const struct v4l2_buffer
return 0;
}
-static int __verify_planes_array_core(struct vb2_buffer *vb, const void *pb)
-{
- return __verify_planes_array(vb, pb);
-}
-
/**
* __verify_length() - Verify that the bytesused value for each plane fits in
* the plane length and that the data offset doesn't exceed the bytesused
value.
@@ -442,7 +437,6 @@ static int __fill_vb2_buffer(struct vb2_buffer *vb,
}
static const struct vb2_buf_ops v4l2_buf_ops = {
- .verify_planes_array= __verify_planes_array_core,
.fill_user_buffer = __fill_v4l2_buffer,
.fill_vb2_buffer= __fill_vb2_buffer,
.copy_timestamp = __copy_timestamp,
--
2.5.5
--
To unsubscribe from this list: send the line "unsubscribe linux-media" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
