UbiquitousOS
/
anolis-cloud-kernel
mirror of https://gitee.com/anolis/cloud-kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
anolis-cloud-kernel/drivers/media/v4l2-core
History
Chen-Yu Tsai d3988a0276 media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls 
ANBZ: #3101

commit 8310ca9407 upstream.

DST_QUEUE_OFF_BASE is applied to offset/mem_offset on MMAP capture buffers
only for the VIDIOC_QUERYBUF ioctl, while the userspace fields (including
offset/mem_offset) are filled in for VIDIOC_{QUERY,PREPARE,Q,DQ}BUF
ioctls. This leads to differences in the values presented to userspace.
If userspace attempts to mmap the capture buffer directly using values
from DQBUF, it will fail.

Move the code that applies the magic offset into a helper, and call
that helper from all four ioctl entry points.

[hverkuil: drop unnecessary '= 0' in v4l2_m2m_querybuf() for ret]

Fixes: 7f98639def ("V4L/DVB: add memory-to-memory device helper framework for videobuf")
Fixes: 908a0d7c58 ("[media] v4l: mem2mem: port to videobuf2")
Signed-off-by: Chen-Yu Tsai <wenst@chromium.org>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
[OP: adjusted return logic for 4.19]
Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Fixes: CVE-2022-20369
Signed-off-by: Shile Zhang <shile.zhang@linux.alibaba.com>
Signed-off-by: Xiaolong <xiaolong@openanolis.org>
Reviewed-by: Xunlei Pang <xlpang@linux.alibaba.com>
Link: https://gitee.com/anolis/cloud-kernel/pulls/876
 		2022-12-02 05:58:26 +00:00
..
Kconfig media: Remove depends on HAS_DMA in case of platform dependency 2018-05-28 16:17:08 -04:00
Makefile media: v4l2-core: get rid of videobuf-dvb 2018-05-04 10:57:31 -04:00
tuner-core.c media: add tuner standby op, use where needed 2018-03-21 12:05:39 -04:00
v4l2-async.c media: v4l2-async: simplify v4l2_async_subdev structure 2017-12-29 07:14:28 -05:00
v4l2-clk.c media: Convert to using %pOF instead of full_name 2017-08-20 08:20:20 -04:00
v4l2-common.c media: v4l: common: Remove v4l2_find_nearest_format 2018-03-21 11:21:33 -04:00
v4l2-compat-ioctl32.c media: v4l2-compat-ioctl32: better document the code 2018-04-20 08:24:13 -04:00
v4l2-ctrls.c media: v4l2-ctrl: fix flags for DO_WHITE_BALANCE 2019-12-05 09:21:28 +01:00
v4l2-dev.c media: add helpers for memory-to-memory media controller 2018-07-04 08:43:47 -04:00
v4l2-device.c media: mark entity-intf links as IMMUTABLE 2018-07-04 08:40:49 -04:00
v4l2-dv-timings.c media: cec/v4l2: move V4L2 specific CEC functions to V4L2 2019-09-16 08:21:46 +02:00
v4l2-event.c media: v4l: event: Add subscription to list before calling "add" operation 2018-11-27 16:13:08 +01:00
v4l2-fh.c media: v4l: event: Prevent freeing event subscriptions while accessed 2018-10-03 06:32:51 -04:00
v4l2-flash-led-class.c treewide: devm_kzalloc() -> devm_kcalloc() 2018-06-12 16:19:22 -07:00
v4l2-fwnode.c media updates for v4.19-rc1 2018-08-15 18:29:14 -07:00
v4l2-ioctl.c media: v4l: ioctl: Validate num_planes for debug messages 2019-01-22 21:40:34 +01:00
v4l2-mc.c media: v4l2-core: v4l2-mc: Add SPDX license identifier 2018-02-26 07:42:03 -05:00
v4l2-mem2mem.c media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls 2022-12-02 05:58:26 +00:00
v4l2-subdev.c media: v4l: Add support for STD ioctls on subdev nodes 2018-07-24 17:39:28 -04:00
v4l2-trace.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
videobuf-core.c MAINTAINERS & files: Canonize the e-mails I use at files 2018-05-04 06:21:06 -04:00
videobuf-dma-contig.c MAINTAINERS & files: Canonize the e-mails I use at files 2018-05-04 06:21:06 -04:00
videobuf-dma-sg.c treewide: Use array_size() in vzalloc() 2018-06-12 16:19:22 -07:00
videobuf-vmalloc.c MAINTAINERS & files: Canonize the e-mails I use at files 2018-05-04 06:21:06 -04:00