[media] saa7164: add guard bytes around critical buffers to detect failure
If the guard bytes are trampled then we have a memory related problem. Signed-off-by: Steven Toth <stoth@kernellabs.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
This commit is contained in:
parent
58acca1056
commit
46eeb8dd30
2 changed files with 37 additions and 6 deletions
drivers/media/video/saa7164
|
@ -216,6 +216,7 @@ static void saa7164_work_enchandler(struct work_struct *w)
|
|||
struct saa7164_user_buffer *ubuf;
|
||||
struct list_head *c, *n;
|
||||
int wp, rp, i = 0;
|
||||
u8 *p;
|
||||
|
||||
port->last_svc_msecs_diff = port->last_svc_msecs;
|
||||
port->last_svc_msecs = jiffies_to_msecs(jiffies);
|
||||
|
@ -262,6 +263,20 @@ static void saa7164_work_enchandler(struct work_struct *w)
|
|||
break;
|
||||
}
|
||||
|
||||
p = (u8 *)buf->cpu;
|
||||
if ( (*(p + buf->actual_size + 0) != 0xff) ||
|
||||
(*(p + buf->actual_size + 1) != 0xff) ||
|
||||
(*(p + buf->actual_size + 2) != 0xff) ||
|
||||
(*(p + buf->actual_size + 3) != 0xff) ||
|
||||
(*(p + buf->actual_size + 0x10) != 0xff) ||
|
||||
(*(p + buf->actual_size + 0x11) != 0xff) ||
|
||||
(*(p + buf->actual_size + 0x12) != 0xff) ||
|
||||
(*(p + buf->actual_size + 0x13) != 0xff) )
|
||||
{
|
||||
printk(KERN_ERR "buf %p failed guard check\n", buf);
|
||||
saa7164_dumphex16(dev, p + buf->actual_size - 32, 64);
|
||||
}
|
||||
|
||||
if (buf->idx == rp) {
|
||||
/* Found the buffer, deal with it */
|
||||
dprintk(DBGLVL_IRQ, "%s() wp: %d processing: %d\n",
|
||||
|
@ -278,9 +293,12 @@ static void saa7164_work_enchandler(struct work_struct *w)
|
|||
ubuf = list_first_entry(&port->list_buf_free.list,
|
||||
struct saa7164_user_buffer, list);
|
||||
|
||||
if (ubuf->actual_size == buf->actual_size)
|
||||
if (ubuf->actual_size == buf->actual_size) {
|
||||
memcpy(ubuf->data, buf->cpu,
|
||||
ubuf->actual_size);
|
||||
} else {
|
||||
printk(KERN_ERR "buf %p actual fails match\n", buf);
|
||||
}
|
||||
|
||||
/* Requeue the buffer on the free list */
|
||||
ubuf->pos = 0;
|
||||
|
@ -297,7 +315,7 @@ static void saa7164_work_enchandler(struct work_struct *w)
|
|||
/* Ensure offset into buffer remains 0, fill buffer
|
||||
* with known bad data. */
|
||||
saa7164_buffer_zero_offsets(port, rp);
|
||||
memset(buf->cpu, 0xDE, buf->pci_size);
|
||||
memset(buf->cpu, 0xff, buf->pci_size);
|
||||
|
||||
break;
|
||||
}
|
||||
|
|
|
@ -1038,14 +1038,18 @@ static ssize_t fops_read(struct file *file, char __user *buffer,
|
|||
saa7164_histogram_update(&port->read_interval,
|
||||
port->last_read_msecs_diff);
|
||||
|
||||
if (*pos)
|
||||
if (*pos) {
|
||||
printk(KERN_ERR "%s() ESPIPE\n", __func__);
|
||||
return -ESPIPE;
|
||||
}
|
||||
|
||||
if (atomic_cmpxchg(&fh->v4l_reading, 0, 1) == 0) {
|
||||
if (atomic_inc_return(&port->v4l_reader_count) == 1) {
|
||||
|
||||
if (saa7164_encoder_initialize(port) < 0)
|
||||
if (saa7164_encoder_initialize(port) < 0) {
|
||||
printk(KERN_ERR "%s() EINVAL\n", __func__);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
saa7164_encoder_start_streaming(port);
|
||||
msleep(200);
|
||||
|
@ -1056,6 +1060,7 @@ static ssize_t fops_read(struct file *file, char __user *buffer,
|
|||
if ((file->f_flags & O_NONBLOCK) == 0) {
|
||||
if (wait_event_interruptible(port->wait_read,
|
||||
saa7164_enc_next_buf(port))) {
|
||||
printk(KERN_ERR "%s() ERESTARTSYS\n", __func__);
|
||||
return -ERESTARTSYS;
|
||||
}
|
||||
}
|
||||
|
@ -1077,8 +1082,10 @@ static ssize_t fops_read(struct file *file, char __user *buffer,
|
|||
|
||||
if (copy_to_user(buffer, p, cnt)) {
|
||||
printk(KERN_ERR "%s() copy_to_user failed\n", __func__);
|
||||
if (!ret)
|
||||
if (!ret) {
|
||||
printk(KERN_ERR "%s() EFAULT\n", __func__);
|
||||
ret = -EFAULT;
|
||||
}
|
||||
goto err;
|
||||
}
|
||||
|
||||
|
@ -1087,6 +1094,10 @@ static ssize_t fops_read(struct file *file, char __user *buffer,
|
|||
buffer += cnt;
|
||||
ret += cnt;
|
||||
|
||||
if (ubuf->pos > ubuf->actual_size) {
|
||||
printk(KERN_ERR "read() pos > actual, huh?\n");
|
||||
}
|
||||
|
||||
if (ubuf->pos == ubuf->actual_size) {
|
||||
|
||||
/* finished with current buffer, take next buffer */
|
||||
|
@ -1109,8 +1120,10 @@ static ssize_t fops_read(struct file *file, char __user *buffer,
|
|||
}
|
||||
}
|
||||
err:
|
||||
if (!ret && !ubuf)
|
||||
if (!ret && !ubuf) {
|
||||
printk(KERN_ERR "%s() EAGAIN\n", __func__);
|
||||
ret = -EAGAIN;
|
||||
}
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue