From 46eeb8dd30d3651e6ea55c2e60594206cd591d79 Mon Sep 17 00:00:00 2001 From: Steven Toth Date: Sat, 31 Jul 2010 15:11:59 -0300 Subject: [PATCH] [media] saa7164: add guard bytes around critical buffers to detect failure If the guard bytes are trampled then we have a memory related problem. Signed-off-by: Steven Toth Signed-off-by: Mauro Carvalho Chehab --- drivers/media/video/saa7164/saa7164-core.c | 22 +++++++++++++++++-- drivers/media/video/saa7164/saa7164-encoder.c | 21 ++++++++++++++---- 2 files changed, 37 insertions(+), 6 deletions(-) diff --git a/drivers/media/video/saa7164/saa7164-core.c b/drivers/media/video/saa7164/saa7164-core.c index 624ad3e1b61d..e96bbe4698b9 100644 --- a/drivers/media/video/saa7164/saa7164-core.c +++ b/drivers/media/video/saa7164/saa7164-core.c @@ -216,6 +216,7 @@ static void saa7164_work_enchandler(struct work_struct *w) struct saa7164_user_buffer *ubuf; struct list_head *c, *n; int wp, rp, i = 0; + u8 *p; port->last_svc_msecs_diff = port->last_svc_msecs; port->last_svc_msecs = jiffies_to_msecs(jiffies); @@ -262,6 +263,20 @@ static void saa7164_work_enchandler(struct work_struct *w) break; } + p = (u8 *)buf->cpu; + if ( (*(p + buf->actual_size + 0) != 0xff) || + (*(p + buf->actual_size + 1) != 0xff) || + (*(p + buf->actual_size + 2) != 0xff) || + (*(p + buf->actual_size + 3) != 0xff) || + (*(p + buf->actual_size + 0x10) != 0xff) || + (*(p + buf->actual_size + 0x11) != 0xff) || + (*(p + buf->actual_size + 0x12) != 0xff) || + (*(p + buf->actual_size + 0x13) != 0xff) ) + { + printk(KERN_ERR "buf %p failed guard check\n", buf); + saa7164_dumphex16(dev, p + buf->actual_size - 32, 64); + } + if (buf->idx == rp) { /* Found the buffer, deal with it */ dprintk(DBGLVL_IRQ, "%s() wp: %d processing: %d\n", @@ -278,9 +293,12 @@ static void saa7164_work_enchandler(struct work_struct *w) ubuf = list_first_entry(&port->list_buf_free.list, struct saa7164_user_buffer, list); - if (ubuf->actual_size == buf->actual_size) + if (ubuf->actual_size == buf->actual_size) { memcpy(ubuf->data, buf->cpu, ubuf->actual_size); + } else { + printk(KERN_ERR "buf %p actual fails match\n", buf); + } /* Requeue the buffer on the free list */ ubuf->pos = 0; @@ -297,7 +315,7 @@ static void saa7164_work_enchandler(struct work_struct *w) /* Ensure offset into buffer remains 0, fill buffer * with known bad data. */ saa7164_buffer_zero_offsets(port, rp); - memset(buf->cpu, 0xDE, buf->pci_size); + memset(buf->cpu, 0xff, buf->pci_size); break; } diff --git a/drivers/media/video/saa7164/saa7164-encoder.c b/drivers/media/video/saa7164/saa7164-encoder.c index 5f73ceded31b..c61907d0efb9 100644 --- a/drivers/media/video/saa7164/saa7164-encoder.c +++ b/drivers/media/video/saa7164/saa7164-encoder.c @@ -1038,14 +1038,18 @@ static ssize_t fops_read(struct file *file, char __user *buffer, saa7164_histogram_update(&port->read_interval, port->last_read_msecs_diff); - if (*pos) + if (*pos) { + printk(KERN_ERR "%s() ESPIPE\n", __func__); return -ESPIPE; + } if (atomic_cmpxchg(&fh->v4l_reading, 0, 1) == 0) { if (atomic_inc_return(&port->v4l_reader_count) == 1) { - if (saa7164_encoder_initialize(port) < 0) + if (saa7164_encoder_initialize(port) < 0) { + printk(KERN_ERR "%s() EINVAL\n", __func__); return -EINVAL; + } saa7164_encoder_start_streaming(port); msleep(200); @@ -1056,6 +1060,7 @@ static ssize_t fops_read(struct file *file, char __user *buffer, if ((file->f_flags & O_NONBLOCK) == 0) { if (wait_event_interruptible(port->wait_read, saa7164_enc_next_buf(port))) { + printk(KERN_ERR "%s() ERESTARTSYS\n", __func__); return -ERESTARTSYS; } } @@ -1077,8 +1082,10 @@ static ssize_t fops_read(struct file *file, char __user *buffer, if (copy_to_user(buffer, p, cnt)) { printk(KERN_ERR "%s() copy_to_user failed\n", __func__); - if (!ret) + if (!ret) { + printk(KERN_ERR "%s() EFAULT\n", __func__); ret = -EFAULT; + } goto err; } @@ -1087,6 +1094,10 @@ static ssize_t fops_read(struct file *file, char __user *buffer, buffer += cnt; ret += cnt; + if (ubuf->pos > ubuf->actual_size) { + printk(KERN_ERR "read() pos > actual, huh?\n"); + } + if (ubuf->pos == ubuf->actual_size) { /* finished with current buffer, take next buffer */ @@ -1109,8 +1120,10 @@ static ssize_t fops_read(struct file *file, char __user *buffer, } } err: - if (!ret && !ubuf) + if (!ret && !ubuf) { + printk(KERN_ERR "%s() EAGAIN\n", __func__); ret = -EAGAIN; + } return ret; }