kernel-ark/drivers/media/video
Hans Verkuil 2fc11536cf V4L/DVB: videobuf-dma-sg: set correct size in last sg element
This fixes a nasty memory corruption bug when using userptr I/O.
The function videobuf_pages_to_sg() sets up the scatter-gather list for the
DMA transfer to the userspace pages. The first transfer is setup correctly
(the size is set to PAGE_SIZE - offset), but all other transfers have size
PAGE_SIZE. This is wrong for the last transfer which may be less than PAGE_SIZE.

Most, if not all, drivers will program the boards DMA engine correctly, i.e.
even though the size in the last sg element is wrong, they will do their
own size calculations and make sure the right amount is DMA-ed, and so seemingly
prevent memory corruption.

However, behind the scenes the dynamic DMA mapping support (in lib/swiotlb.c)
may create bounce buffers if the memory pages are not in DMA-able memory.
This happens for example on a 64-bit linux with a board that only supports
32-bit DMA.

These bounce buffers DO use the information in the sg list to determine the
size. So while the DMA engine transfers the correct amount of data, when the
data is 'bounced' back too much is copied, causing buffer overwrites.

The fix is simple: calculate and set the correct size for the last sg list
element.

Signed-off-by: Hans Verkuil <hans.verkuil@tandberg.com>
Cc: stable@kernel.org
Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
2010-09-27 22:22:01 -03:00
..
au0828 V4L/DVB: au0828: move dereference below sanity checks 2010-08-02 16:43:01 -03:00
bt8xx Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6 2010-08-13 10:44:24 -07:00
cpia2 V4L/DVB: v4l2-common: simplify prio utility functions 2010-05-19 12:58:54 -03:00
cx18 Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6 2010-08-13 10:44:24 -07:00
cx88 V4L/DVB: cx88: Kconfig: Remove EXPERIMENTAL dependency from VIDEO_CX88_ALSA 2010-09-27 22:21:44 -03:00
cx231xx V4L/DVB: cx231xx: Avoid an OOPS when card is unknown (card=0) 2010-09-27 22:22:00 -03:00
cx23885 Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6 2010-08-13 10:44:24 -07:00
cx25840 V4L/DVB: cx25840: convert to the new control framework 2010-08-08 23:43:05 -03:00
davinci V4L/DVB: vpfe_capture: Create separate Kconfig file for davinci devices 2010-08-02 15:30:36 -03:00
em28xx Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6 2010-08-13 10:44:24 -07:00
et61x251 V4L/DVB: video/et61x251: improve error handling 2010-05-19 12:57:26 -03:00
gspca V4L/DVB: gspca - main: Fix a crash of some webcams on ARM arch 2010-09-27 22:21:51 -03:00
hdpvr V4L/DVB: drivers/media: Remove unnecessary casts of private_data 2010-08-02 16:42:53 -03:00
ivtv Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6 2010-08-13 10:44:24 -07:00
omap V4L/DVB: drivers/media/video: Remove dead CONFIG_FB_OMAP2_FORCE_AUTO_UPDATE 2010-08-02 16:42:54 -03:00
pvrusb2 V4L/DVB: pvrusb2: remove unneeded NULL checks 2010-09-27 22:21:48 -03:00
pwc V4L/DVB: pwc Kconfig dependency fix 2010-05-19 12:57:20 -03:00
s5p-fimc V4L/DVB: unlock on error path 2010-09-27 22:21:45 -03:00
saa7134 V4L/DVB: Fix regression for BeholdTV Columbus 2010-09-27 22:21:50 -03:00
saa7164 V4L/DVB: saa7164: move dereference under NULL check 2010-09-27 22:21:49 -03:00
sn9c102 V4L/DVB: gspca - sonixb: Have 0c45:602e handled by sonixb instead of sn9c102 2010-06-01 01:20:00 -03:00
tlg2300 V4L/DVB: fix Kconfig to depends on VIDEO_IR 2010-08-12 15:07:57 -03:00
usbvideo V4L/DVB: drivers: usbvideo: remove custom implementation of hex_to_bin() 2010-08-08 23:43:06 -03:00
usbvision V4L/DVB: drivers/media: Eliminate a NULL pointer dereference 2010-06-01 01:24:22 -03:00
uvc V4L/DVB: uvcvideo: Add support for Miricle 307K thermal webcam 2010-08-08 23:43:01 -03:00
zoran Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-08-04 15:31:02 -07:00
adv7170.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
adv7175.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
adv7180.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
adv7343_regs.h
adv7343.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ak881x.c V4L/DVB: mediabus: fix ambiguous pixel code names 2010-08-02 16:43:36 -03:00
arv.c V4L/DVB: arv: convert to V4L2 2010-05-18 00:52:42 -03:00
bt819.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
bt856.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
bt866.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
btcx-risc.c
btcx-risc.h
bw-qcam.c V4L/DVB: bw-qcam: convert to V4L2 2010-06-01 01:19:04 -03:00
c-qcam.c V4L/DVB: c-qcam: convert to V4L2 2010-06-01 01:19:41 -03:00
cafe_ccic-regs.h
cafe_ccic.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
cpia_pp.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
cpia_usb.c V4L/DVB: cpia_usb: remove unneeded variable 2010-08-02 15:28:06 -03:00
cpia.c V4L/DVB: drivers/media: Correct NULL test 2010-02-26 15:10:57 -03:00
cpia.h
cs53l32a.c V4L/DVB: cs53l32a: convert to new control framework 2010-08-08 23:43:05 -03:00
cs5345.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
cs8420.h
cx2341x.c V4L/DVB: cx2341x: convert to the control framework 2010-08-08 23:43:05 -03:00
dabusb.c V4L/DVB: drivers/media: Use memdup_user 2010-08-02 15:20:28 -03:00
dabusb.h
fsl-viu.c of/device: Replace struct of_device with struct platform_device 2010-08-06 09:25:50 -06:00
hexium_gemini.c V4L/DVB: saa7146: fix regression of the av7110/budget-av driver 2010-05-06 19:20:50 -03:00
hexium_orion.c V4L/DVB: saa7146: fix regression of the av7110/budget-av driver 2010-05-06 19:20:50 -03:00
ibmmpeg2.h
indycam.c
indycam.h
ir-kbd-i2c.c V4L/DVB: ir-core: partially convert ir-kbd-i2c.c to not use ir-functions.c 2010-08-02 14:53:59 -03:00
Kconfig V4L/DVB: mt9m111: Added indication that MT9M131 is supported by this driver 2010-08-08 23:43:03 -03:00
ks0127.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ks0127.h
m52790.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
Makefile V4L/DVB: v4l2: Add new control handling framework 2010-08-08 23:43:03 -03:00
mem2mem_testdev.c V4L/DVB: drivers/media: Remove unnecessary casts of private_data 2010-08-02 16:42:53 -03:00
meye.c V4L/DVB: meye: remove last V4L1 remnants from the code and add v4l2_device 2010-05-18 00:52:36 -03:00
meye.h V4L/DVB: meye: remove last V4L1 remnants from the code and add v4l2_device 2010-05-18 00:52:36 -03:00
msp3400-driver.c V4L/DVB: msp3400: convert to the new control framework 2010-08-08 23:43:04 -03:00
msp3400-driver.h V4L/DVB: msp3400: convert to the new control framework 2010-08-08 23:43:04 -03:00
msp3400-kthreads.c V4L/DVB: msp3400: convert to the new control framework 2010-08-08 23:43:04 -03:00
mt9m001.c Merge branch 'v4l_for_2.6.35' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6 2010-06-04 15:38:12 -07:00
mt9m111.c V4L/DVB: mt9m111: init chip after read CHIP_VERSION 2010-08-08 23:43:03 -03:00
mt9t031.c Merge branch 'v4l_for_2.6.35' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6 2010-06-04 15:38:12 -07:00
mt9t112.c V4L/DVB: mediabus: fix ambiguous pixel code names 2010-08-02 16:43:36 -03:00
mt9v011.c V4L/DVB: mt9v011: add enum/try/s_mbus_fmt support 2010-06-01 01:21:35 -03:00
mt9v011.h
mt9v022.c Merge branch 'v4l_for_2.6.35' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6 2010-06-04 15:38:12 -07:00
mx1_camera.c V4L/DVB: V4L2: Replace loops for finding max buffers in VIDIOC_REQBUFS callbacks 2010-05-19 12:57:13 -03:00
mx2_camera.c V4L/DVB: mx2_camera: add rising edge for pixclock 2010-08-08 23:43:03 -03:00
mx3_camera.c V4L/DVB: v4l2-subdev.h: fix enum_mbus_fmt prototype 2010-06-01 01:21:40 -03:00
mxb.c V4L/DVB: saa7146: fix regression of the av7110/budget-av driver 2010-05-06 19:20:50 -03:00
mxb.h
omap24xxcam-dma.c
omap24xxcam.c V4L/DVB: videobuf: Remove the videobuf_sg_dma_map/unmap functions 2010-08-02 15:21:45 -03:00
omap24xxcam.h
ov772x.c V4L/DVB: mediabus: fix ambiguous pixel code names 2010-08-02 16:43:36 -03:00
ov7670.c V4L/DVB: ov7670: silence some compiler warnings 2010-05-18 00:51:25 -03:00
ov9640.c V4L/DVB: mediabus: fix ambiguous pixel code names 2010-08-02 16:43:36 -03:00
ov9640.h
pms.c V4L/DVB: pms: remove unnecessary exclusive open/close 2010-05-18 00:51:30 -03:00
pxa_camera.c V4L/DVB: mediabus: fix ambiguous pixel code names 2010-08-02 16:43:36 -03:00
rj54n1cb0c.c V4L/DVB: rj54n1cb0c: fix a comment in the driver 2010-08-02 16:43:42 -03:00
s2255drv.c V4L/DVB: s2255drv: cleanup of device structure 2010-08-02 15:28:22 -03:00
saa711x_regs.h
saa717x.c V4L/DVB: saa717x: convert to the new control framework 2010-08-08 23:43:04 -03:00
saa5246a.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
saa5249.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
saa6588.c
saa7110.c V4L/DVB (13241): Cleanup redundant tests on unsigned 2009-12-05 18:41:04 -02:00
saa7115.c V4L/DVB: saa7115: convert to the new control framework 2010-08-08 23:43:04 -03:00
saa7121.h
saa7127.c V4L/DVB: saa7127: remove obsolete g_fmt support 2010-06-01 01:21:21 -03:00
saa7146.h
saa7146reg.h
saa7185.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
saa7191.c
saa7191.h
se401.c V4L/DVB (13550): v4l: Use the new video_device_node_name function 2009-12-16 00:17:55 -02:00
se401.h
sh_mobile_ceu_camera.c V4L/DVB: V4L2: sh_mobile_camera_ceu: add support for CSI2 2010-08-02 16:43:40 -03:00
sh_mobile_csi2.c V4L/DVB: V4L2: soc-camera: add a MIPI CSI-2 driver for SH-Mobile platforms 2010-08-02 16:43:39 -03:00
sh_vou.c V4L/DVB: V4L2: sh_vou: VOU does support the full PAL resolution too 2010-08-02 16:43:41 -03:00
soc_camera_platform.c V4L/DVB: soc_camera_platform: Add necessary v4l2_subdev_video_ops method 2010-08-02 14:05:37 -03:00
soc_camera.c V4L/DVB: soc-camera: prohibit S_CROP, if internal G_CROP has failed 2010-08-08 23:43:02 -03:00
soc_mediabus.c V4L/DVB: mediabus: fix ambiguous pixel code names 2010-08-02 16:43:36 -03:00
stk-sensor.c
stk-webcam.c V4L/DVB (13556): v4l: Remove unneeded video_device::minor assignments 2009-12-16 00:17:57 -02:00
stk-webcam.h
stradis.c V4L/DVB (13556): v4l: Remove unneeded video_device::minor assignments 2009-12-16 00:17:57 -02:00
tcm825x.c i2c: Remove all i2c_set_clientdata(client, NULL) in drivers 2010-06-03 11:33:58 +02:00
tcm825x.h
tda7432.c
tda9840.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
tda9875.c
tea6415c.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
tea6415c.h
tea6420.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
tea6420.h
ths7303.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
tlv320aic23b.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
tuner-core.c V4L/DVB (13964): tuner-core, fix memory leak 2010-02-26 15:10:34 -03:00
tvaudio.c V4L/DVB (13166): remove duplicate structure field initialization 2009-12-05 18:40:40 -02:00
tveeprom.c V4L/DVB: tveeprom: Add an entry for tuner code 168: a TCL M30WTP-4N-E tuner 2010-07-08 16:49:59 -03:00
tvp514x_regs.h
tvp514x.c V4L/DVB: tvp514x: simplify try/g/s_fmt handling 2010-06-01 01:21:48 -03:00
tvp5150_reg.h
tvp5150.c V4L/DVB: tvp5150: remove obsolete g/s_fmt ops 2010-06-01 01:21:36 -03:00
tvp7002_reg.h V4L/DVB: Definitions for TVP7002 in DM365 2010-02-26 15:11:01 -03:00
tvp7002.c V4L/DVB: tvp7002: fix write to H-PLL Feedback Divider LSB register 2010-08-08 23:43:07 -03:00
tw9910.c V4L/DVB: mediabus: fix ambiguous pixel code names 2010-08-02 16:43:36 -03:00
upd64031a.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
upd64083.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
v4l1-compat.c
v4l2-common.c i2c: Add support for custom probe function 2010-08-11 18:20:56 +02:00
v4l2-compat-ioctl32.c v4l: Remove reference to bkl ioctl in compat ioctl handling 2010-08-14 00:24:24 +02:00
v4l2-ctrls.c V4L/DVB: v4l2-ctrls.c: needs to include slab.h 2010-08-12 15:08:05 -03:00
v4l2-dev.c Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-2.6 2010-08-10 15:09:54 -07:00
v4l2-device.c V4L/DVB: v4l2: hook up the new control framework into the core framework 2010-08-08 23:43:04 -03:00
v4l2-event.c V4L/DVB: event: Export the v4l2_event_init and v4l2_event_dequeue functions 2010-05-19 12:58:24 -03:00
v4l2-fh.c V4L/DVB: V4L: Events: Support event handling in do_ioctl 2010-05-19 12:58:07 -03:00
v4l2-int-device.c
v4l2-ioctl.c V4L/DVB: v4l2: hook up the new control framework into the core framework 2010-08-08 23:43:04 -03:00
v4l2-mem2mem.c V4L/DVB: add memory-to-memory device helper framework for videobuf 2010-05-19 12:58:03 -03:00
videobuf-core.c V4L/DVB: videobuf: rename videobuf_mmap_free and add sanity checks 2010-08-02 15:21:29 -03:00
videobuf-dma-contig.c V4L/DVB: videobuf: Remove videobuf_mapping start and end fields 2010-08-02 15:23:09 -03:00
videobuf-dma-sg.c V4L/DVB: videobuf-dma-sg: set correct size in last sg element 2010-09-27 22:22:01 -03:00
videobuf-dvb.c V4L/DVB: v4l videobuf: rename videobuf_queue_to_vmalloc to videobuf_queue_to_vaddr 2010-05-19 12:57:52 -03:00
videobuf-vmalloc.c V4L/DVB: videobuf: Rename vmalloc fields to vaddr 2010-08-02 15:25:57 -03:00
vino.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
vino.h
vivi.c V4L/DVB: vivi and mem2mem_testdev need slab.h to build 2010-05-19 12:59:18 -03:00
vp27smpx.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
vpx3220.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
w9966.c V4L/DVB: w9966: convert to V4L2 2010-05-19 12:57:09 -03:00
wm8739.c V4L/DVB: wm8739: convert to the new control framework 2010-08-08 23:43:05 -03:00
wm8775.c V4L/DVB: wm8775: convert to the new control framework 2010-08-08 23:43:05 -03:00
zr364xx.c V4L/DVB: V4L2: Replace loops for finding max buffers in VIDIOC_REQBUFS callbacks 2010-05-19 12:57:13 -03:00