From: Pawel Osciak <p.osciak@samsung.com>
To: linux-media@vger.kernel.org
Subject: Re: [PATCH] Fix VIDIOC_QBUF compat ioctl32
Date: Wed, 14 Jul 2010 16:41:20 +0000 (UTC) [thread overview]
Message-ID: <i1kpbf$7h4$1@dough.gmane.org> (raw)
In-Reply-To: m3bpgi448o.fsf@anduin.mandriva.com
Hi,
On Mon, 25 Jan 2010 16:02:31 +0100, Arnaud Patard wrote:
> When using VIDIOC_QBUF with memory type set to V4L2_MEMORY_MMAP, the
> v4l2_buffer buffer gets unmodified on drivers like uvc (well, only
> bytesused field is modified). Then some apps like gstreamer are reusing
> the same buffer later to call munmap (eg passing the buffer "length"
> field as 2nd parameter of munmap).
>
> It's working fine on full 32bits but on 32bits systems with 64bit
> kernel, the get_v4l2_buffer32() doesn't copy length/m.offset values and
> then copy garbage to userspace in put_v4l2_buffer32().
>
> This has for consequence things like that in the libv4l2 logs:
>
> libv4l2: v4l2 unknown munmap 0x2e2b0000, -2145144908 libv4l2: v4l2
> unknown munmap 0x2e530000, -2145144908
>
> The buffer are not unmap'ed and then if the application close and open
> again the device, it won't work and logs will show something like:
>
> libv4l2: error setting pixformat: Device or resource busy
>
> The easy solution is to read length and m.offset in get_v4l2_buffer32().
>
>
> Signed-off-by: Arnaud Patard <apatard@mandriva.com> ---
> ---
> drivers/media/video/v4l2-compat-ioctl32.c | 5 5 + 0 - 0 ! 1 file
> changed, 5 insertions(+)
>
> Index: linux-2.6/drivers/media/video/v4l2-compat-ioctl32.c
> =================================================================== ---
> linux-2.6.orig/drivers/media/video/v4l2-compat-ioctl32.c +++
> linux-2.6/drivers/media/video/v4l2-compat-ioctl32.c @@ -475,6 +475,9 @@
> static int get_v4l2_buffer32(struct v4l2
> return -EFAULT;
> switch (kp->memory) {
> case V4L2_MEMORY_MMAP:
> + if (get_user(kp->length, &up->length) ||
> + get_user(kp->m.offset, &up->m.offset))
> + return -EFAULT;
> break;
> case V4L2_MEMORY_USERPTR:
> {
Could you give more details on how this helps your application? Especially, why
is length needed? Length should be returned by driver, but this is the get_*
function, so userspace->kernel...
Could you explain this with a bit more context please? Thanks!
Best regards,
--
Pawel Osciak
Linux Platform Group
Samsung Poland R&D Center
prev parent reply other threads:[~2010-07-14 16:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-25 15:02 [PATCH] Fix VIDIOC_QBUF compat ioctl32 Arnaud Patard
2010-01-26 7:55 ` Stefan Kost
2010-01-26 10:11 ` Arnaud Patard
2010-07-14 16:41 ` Pawel Osciak [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='i1kpbf$7h4$1@dough.gmane.org' \
--to=p.osciak@samsung.com \
--cc=linux-media@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.