From: Greg KH <greg@kroah.com>
To: Ovidiu Panait <ovidiu.panait@windriver.com>
Cc: stable@vger.kernel.org, wenst@chromium.org,
hverkuil-cisco@xs4all.nl, mchehab@kernel.org,
linux-media@vger.kernel.org
Subject: Re: [PATCH 5.4 1/1] media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
Date: Mon, 8 Aug 2022 15:27:25 +0200 [thread overview]
Message-ID: <YvEPPU5YjddehpiZ@kroah.com> (raw)
In-Reply-To: <20220808124130.1928411-2-ovidiu.panait@windriver.com>
On Mon, Aug 08, 2022 at 03:41:30PM +0300, Ovidiu Panait wrote:
> From: Chen-Yu Tsai <wenst@chromium.org>
>
> commit 8310ca94075e784bbb06593cd6c068ee6b6e4ca6 upstream.
>
> DST_QUEUE_OFF_BASE is applied to offset/mem_offset on MMAP capture buffers
> only for the VIDIOC_QUERYBUF ioctl, while the userspace fields (including
> offset/mem_offset) are filled in for VIDIOC_{QUERY,PREPARE,Q,DQ}BUF
> ioctls. This leads to differences in the values presented to userspace.
> If userspace attempts to mmap the capture buffer directly using values
> from DQBUF, it will fail.
>
> Move the code that applies the magic offset into a helper, and call
> that helper from all four ioctl entry points.
>
> [hverkuil: drop unnecessary '= 0' in v4l2_m2m_querybuf() for ret]
>
> Fixes: 7f98639def42 ("V4L/DVB: add memory-to-memory device helper framework for videobuf")
> Fixes: 908a0d7c588e ("[media] v4l: mem2mem: port to videobuf2")
> Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
> Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
> Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
> [OP: backport to 5.4: adjusted return logic in v4l2_m2m_qbuf() to match the
> logic in the original commit: call v4l2_m2m_adjust_mem_offset() only if !ret
> and before the v4l2_m2m_try_schedule() call]
> Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
> ---
> drivers/media/v4l2-core/v4l2-mem2mem.c | 60 ++++++++++++++++++++------
> 1 file changed, 46 insertions(+), 14 deletions(-)
Now queued up, thanks.
greg k-h
prev parent reply other threads:[~2022-08-08 13:27 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-08 12:41 [PATCH 5.4 0/1] media: v4l2-mem2mem: backport fix for CVE-2022-20369 Ovidiu Panait
2022-08-08 12:41 ` [PATCH 5.4 1/1] media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls Ovidiu Panait
2022-08-08 13:27 ` Greg KH [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YvEPPU5YjddehpiZ@kroah.com \
--to=greg@kroah.com \
--cc=hverkuil-cisco@xs4all.nl \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=ovidiu.panait@windriver.com \
--cc=stable@vger.kernel.org \
--cc=wenst@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.