From: Pawel Osciak <p.osciak@samsung.com>
To: linux-media@vger.kernel.org
Subject: Re: [PATCH] Fix VIDIOC_QBUF compat ioctl32
Date: Wed, 14 Jul 2010 16:41:20 +0000 (UTC) [thread overview]
Message-ID: <i1kpbf$7h4$1@dough.gmane.org> (raw)
In-Reply-To: m3bpgi448o.fsf@anduin.mandriva.com
Hi,
On Mon, 25 Jan 2010 16:02:31 +0100, Arnaud Patard wrote:
> When using VIDIOC_QBUF with memory type set to V4L2_MEMORY_MMAP, the
> v4l2_buffer buffer gets unmodified on drivers like uvc (well, only
> bytesused field is modified). Then some apps like gstreamer are reusing
> the same buffer later to call munmap (eg passing the buffer "length"
> field as 2nd parameter of munmap).
>
> It's working fine on full 32bits but on 32bits systems with 64bit
> kernel, the get_v4l2_buffer32() doesn't copy length/m.offset values and
> then copy garbage to userspace in put_v4l2_buffer32().
>
> This has for consequence things like that in the libv4l2 logs:
>
> libv4l2: v4l2 unknown munmap 0x2e2b0000, -2145144908 libv4l2: v4l2
> unknown munmap 0x2e530000, -2145144908
>
> The buffer are not unmap'ed and then if the application close and open
> again the device, it won't work and logs will show something like:
>
> libv4l2: error setting pixformat: Device or resource busy
>
> The easy solution is to read length and m.offset in get_v4l2_buffer32().
>
>
> Signed-off-by: Arnaud Patard <apatard@mandriva.com> ---
> ---
> drivers/media/video/v4l2-compat-ioctl32.c | 5 5 + 0 - 0 ! 1 file
> changed, 5 insertions(+)
>
> Index: linux-2.6/drivers/media/video/v4l2-compat-ioctl32.c
> =================================================================== ---
> linux-2.6.orig/drivers/media/video/v4l2-compat-ioctl32.c +++
> linux-2.6/drivers/media/video/v4l2-compat-ioctl32.c @@ -475,6 +475,9 @@
> static int get_v4l2_buffer32(struct v4l2
> return -EFAULT;
> switch (kp->memory) {
> case V4L2_MEMORY_MMAP:
> + if (get_user(kp->length, &up->length) ||
> + get_user(kp->m.offset, &up->m.offset))
> + return -EFAULT;
> break;
> case V4L2_MEMORY_USERPTR:
> {
Could you give more details on how this helps your application? Especially, why
is length needed? Length should be returned by driver, but this is the get_*
function, so userspace->kernel...
Could you explain this with a bit more context please? Thanks!
Best regards,
--
Pawel Osciak
Linux Platform Group
Samsung Poland R&D Center
prev parent reply other threads:[~2010-07-14 16:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-01-25 15:02 [PATCH] Fix VIDIOC_QBUF compat ioctl32 Arnaud Patard
2010-01-26 7:55 ` Stefan Kost
2010-01-26 10:11 ` Arnaud Patard
2010-07-14 16:41 ` Pawel Osciak [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='i1kpbf$7h4$1@dough.gmane.org' \
--to=p.osciak@samsung.com \
--cc=linux-media@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox