提交 22c859fa 编写于 作者: A Arnaud Patard 提交者: Mauro Carvalho Chehab

V4L/DVB: Fix VIDIOC_QBUF compat ioctl32

When using VIDIOC_QBUF with memory type set to V4L2_MEMORY_MMAP, the
v4l2_buffer buffer gets unmodified on drivers like uvc (well, only
bytesused field is modified). Then some apps like gstreamer are reusing
the same buffer later to call munmap (eg passing the buffer "length"
field as 2nd parameter of munmap).

It's working fine on full 32bits but on 32bits systems with 64bit
kernel, the get_v4l2_buffer32() doesn't copy length/m.offset values and
then copy garbage to userspace in put_v4l2_buffer32().

This has for consequence things like that in the libv4l2 logs:

libv4l2: v4l2 unknown munmap 0x2e2b0000, -2145144908
libv4l2: v4l2 unknown munmap 0x2e530000, -2145144908

The buffer are not unmap'ed and then if the application close and open
again the device, it won't work and logs will show something like:

libv4l2: error setting pixformat: Device or resource busy

The easy solution is to read length and m.offset in get_v4l2_buffer32().
Signed-off-by: NArnaud Patard <apatard@mandriva.com>
Signed-off-by: NMauro Carvalho Chehab <mchehab@redhat.com>
上级 6aba72cf
...@@ -475,6 +475,9 @@ static int get_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user ...@@ -475,6 +475,9 @@ static int get_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user
return -EFAULT; return -EFAULT;
switch (kp->memory) { switch (kp->memory) {
case V4L2_MEMORY_MMAP: case V4L2_MEMORY_MMAP:
if (get_user(kp->length, &up->length) ||
get_user(kp->m.offset, &up->m.offset))
return -EFAULT;
break; break;
case V4L2_MEMORY_USERPTR: case V4L2_MEMORY_USERPTR:
{ {
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册