media: gspca: fix frame overflow error

commit f96d8448 upstream. When converting gspca to vb2 I missed that fact that the buffer sizes were rounded up to the next page size. As a result some gspca drivers (spca561 being one of them) reported frame overflows. Modify the code to align the buffer sizes to the next page size, just as the original code did. Fixes: 1f5965c4 ("media: gspca: convert to vb2") Tested-off-by: N Hans Verkuil <hans.verkuil@cisco.com> Signed-off-by: N Hans Verkuil <hans.verkuil@cisco.com> Reported-by: N softwarebugs <softwarebugs@protonmail.com> Cc: <stable@vger.kernel.org> # for v4.18 and up Signed-off-by: N Mauro Carvalho Chehab <mchehab+samsung@kernel.org> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org>

media: gspca: fix frame overflow error
commit f96d8448 upstream. When converting gspca to vb2 I missed that fact that the buffer sizes were rounded up to the next page size. As a result some gspca drivers (spca561 being one of them) reported frame overflows. Modify the code to align the buffer sizes to the next page size, just as the original code did. Fixes: 1f5965c4 ("media: gspca: convert to vb2") Tested-off-by: N Hans Verkuil <hans.verkuil@cisco.com> Signed-off-by: N Hans Verkuil <hans.verkuil@cisco.com> Reported-by: N softwarebugs <softwarebugs@protonmail.com> Cc: <stable@vger.kernel.org> # for v4.18 and up Signed-off-by: N Mauro Carvalho Chehab <mchehab+samsung@kernel.org> Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org>
c4dabf37 · Hans Verkuil · Greg Kroah-Hartman · fbb982c6 · c4dabf37
隐藏空白更改
内联并排

Showing with 6 addition and 5 deletion

drivers/media/usb/gspca/gspca.c drivers/media/usb/gspca/gspca.c +6 -5

未找到文件。
--- a/drivers/media/usb/gspca/gspca.c
+++ b/drivers/media/usb/gspca/gspca.c
@@ -426,10 +426,10 @@ void gspca_frame_add(struct gspca_dev *gspca_dev,

 	/* append the packet to the frame buffer */
 	if (len > 0) {
-		if (gspca_dev->image_len + len > gspca_dev->pixfmt.sizeimage) {
+		if (gspca_dev->image_len + len > PAGE_ALIGN(gspca_dev->pixfmt.sizeimage)) {
 			gspca_err(gspca_dev, "frame overflow %d > %d\n",
 				  gspca_dev->image_len + len,
-				  gspca_dev->pixfmt.sizeimage);
+				  PAGE_ALIGN(gspca_dev->pixfmt.sizeimage));
 			packet_type = DISCARD_PACKET;
 		} else {
 /* !! image is NULL only when last pkt is LAST or DISCARD
@@ -1297,18 +1297,19 @@ static int gspca_queue_setup(struct vb2_queue *vq,
 			     unsigned int sizes[], struct device *alloc_devs[])
 {
 	struct gspca_dev *gspca_dev = vb2_get_drv_priv(vq);
+	unsigned int size = PAGE_ALIGN(gspca_dev->pixfmt.sizeimage);

 	if (*nplanes)
-		return sizes[0] < gspca_dev->pixfmt.sizeimage ? -EINVAL : 0;
+		return sizes[0] < size ? -EINVAL : 0;
 	*nplanes = 1;
-	sizes[0] = gspca_dev->pixfmt.sizeimage;
+	sizes[0] = size;
 	return 0;
 }

 static int gspca_buffer_prepare(struct vb2_buffer *vb)
 {
 	struct gspca_dev *gspca_dev = vb2_get_drv_priv(vb->vb2_queue);
-	unsigned long size = gspca_dev->pixfmt.sizeimage;
+	unsigned long size = PAGE_ALIGN(gspca_dev->pixfmt.sizeimage);

 	if (vb2_plane_size(vb, 0) < size) {
 		gspca_err(gspca_dev, "buffer too small (%lu < %lu)\n",