Commit 46eeb8dd authored by Steven Toth's avatar Steven Toth Committed by Mauro Carvalho Chehab

[media] saa7164: add guard bytes around critical buffers to detect failure

If the guard bytes are trampled then we have a memory related problem.
Signed-off-by: default avatarSteven Toth <stoth@kernellabs.com>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@redhat.com>
parent 58acca10
...@@ -216,6 +216,7 @@ static void saa7164_work_enchandler(struct work_struct *w) ...@@ -216,6 +216,7 @@ static void saa7164_work_enchandler(struct work_struct *w)
struct saa7164_user_buffer *ubuf; struct saa7164_user_buffer *ubuf;
struct list_head *c, *n; struct list_head *c, *n;
int wp, rp, i = 0; int wp, rp, i = 0;
u8 *p;
port->last_svc_msecs_diff = port->last_svc_msecs; port->last_svc_msecs_diff = port->last_svc_msecs;
port->last_svc_msecs = jiffies_to_msecs(jiffies); port->last_svc_msecs = jiffies_to_msecs(jiffies);
...@@ -262,6 +263,20 @@ static void saa7164_work_enchandler(struct work_struct *w) ...@@ -262,6 +263,20 @@ static void saa7164_work_enchandler(struct work_struct *w)
break; break;
} }
p = (u8 *)buf->cpu;
if ( (*(p + buf->actual_size + 0) != 0xff) ||
(*(p + buf->actual_size + 1) != 0xff) ||
(*(p + buf->actual_size + 2) != 0xff) ||
(*(p + buf->actual_size + 3) != 0xff) ||
(*(p + buf->actual_size + 0x10) != 0xff) ||
(*(p + buf->actual_size + 0x11) != 0xff) ||
(*(p + buf->actual_size + 0x12) != 0xff) ||
(*(p + buf->actual_size + 0x13) != 0xff) )
{
printk(KERN_ERR "buf %p failed guard check\n", buf);
saa7164_dumphex16(dev, p + buf->actual_size - 32, 64);
}
if (buf->idx == rp) { if (buf->idx == rp) {
/* Found the buffer, deal with it */ /* Found the buffer, deal with it */
dprintk(DBGLVL_IRQ, "%s() wp: %d processing: %d\n", dprintk(DBGLVL_IRQ, "%s() wp: %d processing: %d\n",
...@@ -278,9 +293,12 @@ static void saa7164_work_enchandler(struct work_struct *w) ...@@ -278,9 +293,12 @@ static void saa7164_work_enchandler(struct work_struct *w)
ubuf = list_first_entry(&port->list_buf_free.list, ubuf = list_first_entry(&port->list_buf_free.list,
struct saa7164_user_buffer, list); struct saa7164_user_buffer, list);
if (ubuf->actual_size == buf->actual_size) if (ubuf->actual_size == buf->actual_size) {
memcpy(ubuf->data, buf->cpu, memcpy(ubuf->data, buf->cpu,
ubuf->actual_size); ubuf->actual_size);
} else {
printk(KERN_ERR "buf %p actual fails match\n", buf);
}
/* Requeue the buffer on the free list */ /* Requeue the buffer on the free list */
ubuf->pos = 0; ubuf->pos = 0;
...@@ -297,7 +315,7 @@ static void saa7164_work_enchandler(struct work_struct *w) ...@@ -297,7 +315,7 @@ static void saa7164_work_enchandler(struct work_struct *w)
/* Ensure offset into buffer remains 0, fill buffer /* Ensure offset into buffer remains 0, fill buffer
* with known bad data. */ * with known bad data. */
saa7164_buffer_zero_offsets(port, rp); saa7164_buffer_zero_offsets(port, rp);
memset(buf->cpu, 0xDE, buf->pci_size); memset(buf->cpu, 0xff, buf->pci_size);
break; break;
} }
......
...@@ -1038,14 +1038,18 @@ static ssize_t fops_read(struct file *file, char __user *buffer, ...@@ -1038,14 +1038,18 @@ static ssize_t fops_read(struct file *file, char __user *buffer,
saa7164_histogram_update(&port->read_interval, saa7164_histogram_update(&port->read_interval,
port->last_read_msecs_diff); port->last_read_msecs_diff);
if (*pos) if (*pos) {
printk(KERN_ERR "%s() ESPIPE\n", __func__);
return -ESPIPE; return -ESPIPE;
}
if (atomic_cmpxchg(&fh->v4l_reading, 0, 1) == 0) { if (atomic_cmpxchg(&fh->v4l_reading, 0, 1) == 0) {
if (atomic_inc_return(&port->v4l_reader_count) == 1) { if (atomic_inc_return(&port->v4l_reader_count) == 1) {
if (saa7164_encoder_initialize(port) < 0) if (saa7164_encoder_initialize(port) < 0) {
printk(KERN_ERR "%s() EINVAL\n", __func__);
return -EINVAL; return -EINVAL;
}
saa7164_encoder_start_streaming(port); saa7164_encoder_start_streaming(port);
msleep(200); msleep(200);
...@@ -1056,6 +1060,7 @@ static ssize_t fops_read(struct file *file, char __user *buffer, ...@@ -1056,6 +1060,7 @@ static ssize_t fops_read(struct file *file, char __user *buffer,
if ((file->f_flags & O_NONBLOCK) == 0) { if ((file->f_flags & O_NONBLOCK) == 0) {
if (wait_event_interruptible(port->wait_read, if (wait_event_interruptible(port->wait_read,
saa7164_enc_next_buf(port))) { saa7164_enc_next_buf(port))) {
printk(KERN_ERR "%s() ERESTARTSYS\n", __func__);
return -ERESTARTSYS; return -ERESTARTSYS;
} }
} }
...@@ -1077,8 +1082,10 @@ static ssize_t fops_read(struct file *file, char __user *buffer, ...@@ -1077,8 +1082,10 @@ static ssize_t fops_read(struct file *file, char __user *buffer,
if (copy_to_user(buffer, p, cnt)) { if (copy_to_user(buffer, p, cnt)) {
printk(KERN_ERR "%s() copy_to_user failed\n", __func__); printk(KERN_ERR "%s() copy_to_user failed\n", __func__);
if (!ret) if (!ret) {
printk(KERN_ERR "%s() EFAULT\n", __func__);
ret = -EFAULT; ret = -EFAULT;
}
goto err; goto err;
} }
...@@ -1087,6 +1094,10 @@ static ssize_t fops_read(struct file *file, char __user *buffer, ...@@ -1087,6 +1094,10 @@ static ssize_t fops_read(struct file *file, char __user *buffer,
buffer += cnt; buffer += cnt;
ret += cnt; ret += cnt;
if (ubuf->pos > ubuf->actual_size) {
printk(KERN_ERR "read() pos > actual, huh?\n");
}
if (ubuf->pos == ubuf->actual_size) { if (ubuf->pos == ubuf->actual_size) {
/* finished with current buffer, take next buffer */ /* finished with current buffer, take next buffer */
...@@ -1109,8 +1120,10 @@ static ssize_t fops_read(struct file *file, char __user *buffer, ...@@ -1109,8 +1120,10 @@ static ssize_t fops_read(struct file *file, char __user *buffer,
} }
} }
err: err:
if (!ret && !ubuf) if (!ret && !ubuf) {
printk(KERN_ERR "%s() EAGAIN\n", __func__);
ret = -EAGAIN; ret = -EAGAIN;
}
return ret; return ret;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment