- 24 Jun, 2016 4 commits
-
-
Mauro Carvalho Chehab authored
The mc5602_brigde.h is included at m5602 submodules. This causes Gcc 6.1 to complain: drivers/media/usb/gspca/m5602/m5602_bridge.h:124:28: warning: 'sensor_urb_skeleton' defined but not used [-Wunused-const-variable=] static const unsigned char sensor_urb_skeleton[] = { ^~~~~~~~~~~~~~~~~~~ drivers/media/usb/gspca/m5602/m5602_bridge.h:119:28: warning: 'bridge_urb_skeleton' defined but not used [-Wunused-const-variable=] static const unsigned char bridge_urb_skeleton[] = { ^~~~~~~~~~~~~~~~~~~ Let's shut up gcc 6.1 warnings by moving those data structures to the core, as they're used only there. Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
-
Mauro Carvalho Chehab authored
Gcc 6.1 now complains about unused vars: drivers/media/pci/cx18/cx18-driver.h:497:18: warning: 'vbi_hblank_samples_50Hz' defined but not used [-Wunused-const-variable=] static const u32 vbi_hblank_samples_50Hz = 284; /* 4 byte EAV + 280 anc/fill */ ^~~~~~~~~~~~~~~~~~~~~~~ drivers/media/pci/cx18/cx18-driver.h:496:18: warning: 'vbi_hblank_samples_60Hz' defined but not used [-Wunused-const-variable=] static const u32 vbi_hblank_samples_60Hz = 272; /* 4 byte EAV + 268 anc/fill */ ^~~~~~~~~~~~~~~~~~~~~~~ In file included from drivers/media/pci/cx18/cx18-cards.c:25:0: drivers/media/pci/cx18/cx18-driver.h:497:18: warning: 'vbi_hblank_samples_50Hz' defined but not used [-Wunused-const-variable=] static const u32 vbi_hblank_samples_50Hz = 284; /* 4 byte EAV + 280 anc/fill */ ^~~~~~~~~~~~~~~~~~~~~~~ drivers/media/pci/cx18/cx18-driver.h:496:18: warning: 'vbi_hblank_samples_60Hz' defined but not used [-Wunused-const-variable=] static const u32 vbi_hblank_samples_60Hz = 272; /* 4 byte EAV + 268 anc/fill */ ^~~~~~~~~~~~~~~~~~~~~~~ drivers/media/pci/cx18/cx18-driver.h:495:18: warning: 'vbi_active_samples' defined but not used [-Wunused-const-variable=] static const u32 vbi_active_samples = 1444; /* 4 byte SAV + 720 Y + 720 U/V */ ^~~~~~~~~~~~~~~~~~ In this specific case, this is somewhat intentional, as those values are actually used in parts of the driver. The code assumes that gcc optimizer it and not actually create any var, but convert it to immediate access at the routines. Yet, as we want to shut up gcc warnings, let's use #define, with is the standard way to store values that will use assembler's immediate access code. Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
-
Mauro Carvalho Chehab authored
Gcc 6.1 warns about some unused vars and functions. Remove them: drivers/media/platform/exynos4-is/mipi-csis.c:665:46: warning: 's5pcsis_sd_internal_ops' defined but not used [-Wunused-const-variable=] static const struct v4l2_subdev_internal_ops s5pcsis_sd_internal_ops = { ^~~~~~~~~~~~~~~~~~~~~~~ drivers/media/platform/exynos4-is/mipi-csis.c:652:12: warning: 's5pcsis_open' defined but not used [-Wunused-function] static int s5pcsis_open(struct v4l2_subdev *sd, struct v4l2_subdev_fh *fh) ^~~~~~~~~~~~ Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
-
Mauro Carvalho Chehab authored
Gcc 6.1 warns about some unused vars. Remove them: drivers/media/usb/usbvision/usbvision-core.c:94:18: warning: 'min_imgheight' defined but not used [-Wunused-const-variable=] static const int min_imgheight = MIN_FRAME_HEIGHT; ^~~~~~~~~~~~~ drivers/media/usb/usbvision/usbvision-core.c:93:18: warning: 'min_imgwidth' defined but not used [-Wunused-const-variable=] static const int min_imgwidth = MIN_FRAME_WIDTH; ^~~~~~~~~~~~ drivers/media/usb/usbvision/usbvision-core.c:92:18: warning: 'max_imgheight' defined but not used [-Wunused-const-variable=] static const int max_imgheight = MAX_FRAME_HEIGHT; ^~~~~~~~~~~~~ drivers/media/usb/usbvision/usbvision-core.c:91:18: warning: 'max_imgwidth' defined but not used [-Wunused-const-variable=] static const int max_imgwidth = MAX_FRAME_WIDTH; ^~~~~~~~~~~~ Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
-
- 16 Jun, 2016 5 commits
-
-
Mauro Carvalho Chehab authored
Two parameters were documented with a wrong name, and a struct device pointer description was missing. That caused the following warnings, when building documentation: include/media/media-devnode.h:102: warning: No description found for parameter 'media_dev' include/media/media-devnode.h:126: warning: No description found for parameter 'mdev' include/media/media-devnode.h:126: warning: Excess function parameter 'media_dev' description in 'media_devnode_register' Rename the description, to match the function parameter and fix Documentation. No funcional changes. Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
-
Mauro Carvalho Chehab authored
drivers/media/platform/rcar-vin/rcar-core.c: In function 'rvin_graph_notify_complete': drivers/media/platform/rcar-vin/rcar-core.c:65:22: warning: variable 'sd' set but not used [-Wunused-but-set-variable] struct v4l2_subdev *sd; ^ Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
-
Niklas Söderlund authored
A V4L2 driver for Renesas R-Car VIN driver that do not depend on soc_camera. The driver is heavily based on its predecessor and aims to replace it. Signed-off-by: Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se> Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
-
Sakari Ailus authored
When a buffer is being dequeued using VIDIOC_DQBUF IOCTL, the exact buffer which will be dequeued is not known until the buffer has been removed from the queue. The number of planes is specific to a buffer, not to the queue. This does lead to the situation where multi-plane buffers may be requested and queued with n planes, but VIDIOC_DQBUF IOCTL may be passed an argument struct with fewer planes. __fill_v4l2_buffer() however uses the number of planes from the dequeued videobuf2 buffer, overwriting kernel memory (the m.planes array allocated in video_usercopy() in v4l2-ioctl.c) if the user provided fewer planes than the dequeued buffer had. Oops! Fixes: b0e0e1f8 ("[media] media: videobuf2: Prepare to divide videobuf2") Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Acked-by: Hans Verkuil <hans.verkuil@cisco.com> Cc: stable@vger.kernel.org # for v4.4 and later Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
-
Sakari Ailus authored
An earlier patch fixing an input validation issue introduced another issue: vb2_core_dqbuf() is called with pb argument value NULL in some cases, causing a NULL pointer dereference. Fix this by skipping the verification as there's nothing to verify. Fixes: e7e0c3e2 ("[media] videobuf2-core: Check user space planes array in dqbuf") Signed-off-by: David R <david@unsolicited.net> Signed-off-by: Sakari Ailus <sakari.ailus@linux.intel.com> Reviewed-by: Hans Verkuil <hans.verkuil@cisco.com> Cc: stable@vger.kernel.org # for v4.4 and later Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
-
- 15 Jun, 2016 4 commits
-
-
Shuah Khan authored
Media devnode open/ioctl could be in progress when media device unregister is initiated. System calls and ioctls check media device registered status at the beginning, however, there is a window where unregister could be in progress without changing the media devnode status to unregistered. process 1 process 2 fd = open(/dev/media0) media_devnode_is_registered() (returns true here) media_device_unregister() (unregister is in progress and devnode isn't unregistered yet) ... ioctl(fd, ...) __media_ioctl() media_devnode_is_registered() (returns true here) ... media_devnode_unregister() ... (driver releases the media device memory) media_device_ioctl() (By this point devnode->media_dev does not point to allocated memory. use-after free in in mutex_lock_nested) BUG: KASAN: use-after-free in mutex_lock_nested+0x79c/0x800 at addr ffff8801ebe914f0 Fix it by clearing register bit when unregister starts to avoid the race. process 1 process 2 fd = open(/dev/media0) media_devnode_is_registered() (could return true here) media_device_unregister() (clear the register bit, then start unregister.) ... ioctl(fd, ...) __media_ioctl() media_devnode_is_registered() (return false here, ioctl returns I/O error, and will not access media device memory) ... media_devnode_unregister() ... (driver releases the media device memory) Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com> Suggested-by: Sakari Ailus <sakari.ailus@linux.intel.com> Reported-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com> Tested-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
-
Shuah Khan authored
When driver unbinds while media_ioctl is in progress, cdev_put() fails with when app exits after driver unbinds. Add devnode struct device kobj as the cdev parent kobject. cdev_add() gets a reference to it and releases it in cdev_del() ensuring that the devnode is not deallocated as long as the application has the device file open. media_devnode_register() initializes the struct device kobj before calling cdev_add(). media_devnode_unregister() does cdev_del() and then deletes the device. devnode is released when the last reference to the struct device is gone. This problem is found on uvcvideo, em28xx, and au0828 drivers and fix has been tested on all three. kernel: [ 193.599736] BUG: KASAN: use-after-free in cdev_put+0x4e/0x50 kernel: [ 193.599745] Read of size 8 by task media_device_te/1851 kernel: [ 193.599792] INFO: Allocated in __media_device_register+0x54 kernel: [ 193.599951] INFO: Freed in media_devnode_release+0xa4/0xc0 kernel: [ 193.601083] Call Trace: kernel: [ 193.601093] [<ffffffff81aecac3>] dump_stack+0x67/0x94 kernel: [ 193.601102] [<ffffffff815359b2>] print_trailer+0x112/0x1a0 kernel: [ 193.601111] [<ffffffff8153b5e4>] object_err+0x34/0x40 kernel: [ 193.601119] [<ffffffff8153d9d4>] kasan_report_error+0x224/0x530 kernel: [ 193.601128] [<ffffffff814a2c3d>] ? kzfree+0x2d/0x40 kernel: [ 193.601137] [<ffffffff81539d72>] ? kfree+0x1d2/0x1f0 kernel: [ 193.601154] [<ffffffff8157ca7e>] ? cdev_put+0x4e/0x50 kernel: [ 193.601162] [<ffffffff8157ca7e>] cdev_put+0x4e/0x50 kernel: [ 193.601170] [<ffffffff815767eb>] __fput+0x52b/0x6c0 kernel: [ 193.601179] [<ffffffff8117743a>] ? switch_task_namespaces+0x2a kernel: [ 193.601188] [<ffffffff815769ee>] ____fput+0xe/0x10 kernel: [ 193.601196] [<ffffffff81170023>] task_work_run+0x133/0x1f0 kernel: [ 193.601204] [<ffffffff8117746e>] ? switch_task_namespaces+0x5e kernel: [ 193.601213] [<ffffffff8111b50c>] do_exit+0x72c/0x2c20 kernel: [ 193.601224] [<ffffffff8111ade0>] ? release_task+0x1250/0x1250 - - - kernel: [ 193.601360] [<ffffffff81003587>] ? exit_to_usermode_loop+0xe7 kernel: [ 193.601368] [<ffffffff810035c0>] exit_to_usermode_loop+0x120 kernel: [ 193.601376] [<ffffffff810061da>] syscall_return_slowpath+0x16a kernel: [ 193.601386] [<ffffffff82848b33>] entry_SYSCALL_64_fastpath+0xa6 Signed-off-by: Shuah Khan <shuahkh@osg.samsung.com> Tested-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
-
Mauro Carvalho Chehab authored
struct media_devnode is currently embedded at struct media_device. While this works fine during normal usage, it leads to a race condition during devnode unregister. the problem is that drivers assume that, after calling media_device_unregister(), the struct that contains media_device can be freed. This is not true, as it can't be freed until userspace closes all opened /dev/media devnodes. In other words, if the media devnode is still open, and media_device gets freed, any call to an ioctl will make the core to try to access struct media_device, with will cause an use-after-free and even GPF. Fix this by dynamically allocating the struct media_devnode and only freeing it when it is safe. Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
-
Mauro Carvalho Chehab authored
Along all media controller code, "mdev" is used to represent a pointer to struct media_device, and "devnode" for a pointer to struct media_devnode. However, inside media-devnode.[ch], "mdev" is used to represent a pointer to struct media_devnode. This is very confusing and may lead to development errors. So, let's change all occurrences at media-devnode.[ch] to also use "devnode" for such pointers. This patch doesn't make any functional changes. Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
-
- 14 Jun, 2016 1 commit
-
-
Mauro Carvalho Chehab authored
For the third time in three years, I'm changing my e-mail at Samsung. That's bad, as it may stop communications with me for a while. So, this time, I'll also the mchehab@kernel.org e-mail, as it remains stable since ever. Cc: stable@vger.kernel.org Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>
-
- 10 Jun, 2016 2 commits
-
-
Colin Ian King authored
status is not initialized so it can contain garbage. The check for status containing the FE_HAS_LOCK bit may randomly pass or fail if the read of register 0x8c fails to set status after 25 read attempts. Fix this by initializing status to 0. Issue found with CoverityScan, CID#986738 Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
Dan Carpenter authored
The code is checking for negative returns but it should be checking for zero. Fixes: aab3125c ('[media] em28xx: add support for registering multiple i2c buses') Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
- 09 Jun, 2016 6 commits
-
-
Zhaoxiu Zeng authored
This patch removes the local MT2063_gcd function, uses lib gcd instead Signed-off-by: Zhaoxiu Zeng <zhaoxiu.zeng@gmail.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
Martin Blumenstingl authored
The rtl2832 demod has 2 sets of PID filters. This patch enables the filter support when using a slave demod. Signed-off-by: Benjamin Larsson <benjamin@southpole.se> Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> Signed-off-by: Antti Palosaari <crope@iki.fi> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
Antti Palosaari authored
Remove __func__ and KBUILD_MODNAME from logging formatters and pass USB interface device instead, so logging can be done correctly. Signed-off-by: Antti Palosaari <crope@iki.fi> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
Alessandro Radicati authored
The MXL5007T tuner will lock-up on some devices after an I2C read transaction. This patch works around this issue by inhibiting such operations and emulating a 0x00 response. The workaround is only applied to USB devices known to exhibit this flaw. Signed-off-by: Alessandro Radicati <alessandro@radicati.net> Signed-off-by: Antti Palosaari <crope@iki.fi> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
Alessandro Radicati authored
This patch will modify the af9035 driver to use the register address fields of the I2C read command for the combined write/read transaction case. Without this change, the firmware issues just a I2C read transaction without the preceding write transaction to select the register. Signed-off-by: Alessandro Radicati <alessandro@radicati.net> Signed-off-by: Antti Palosaari <crope@iki.fi> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
Marek Szyprowski authored
Change return value back to -ENODEV when no region is defined for given device. This restores old behavior of this function, as some drivers rely on such error code. Fixes: 59ce4039 ("of: reserved_mem: add support for using more than one region for given device") Reported-by: Liviu Dudau <liviu.dudau@arm.com> Signed-off-by: Marek Szyprowski <m.szyprowski@samsung.com> Reviewed-by: Sylwester Nawrocki <s.nawrocki@samsung.com> Reviewed-by: Liviu Dudau <Liviu.Dudau@arm.com> Acked-by: Rob Herring <robh@kernel.org> Reviewed-by: Sumit Semwal <sumit.semwal@linaro.org>
-
- 07 Jun, 2016 18 commits
-
-
Max Kellermann authored
Prepare for postponing the call until all file handles have been closed. [mchehab@osg.samsung.com: make checkpatch happy] Signed-off-by: Max Kellermann <max@duempel.org> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
Olli Salonen authored
Return -EINVAL if ds3000_set_frontend is called with invalid parameters. v1 of the patch series got incorrect subject lines. Signed-off-by: Olli Salonen <olli.salonen@iki.fi> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
Fengguang Wu authored
drivers/media/dvb-frontends/helene.c:750:2-3: Unneeded semicolon Remove unneeded semicolon. Generated by: scripts/coccinelle/misc/semicolon.cocci CC: Abylay Ospan <aospan@netup.ru> Signed-off-by: Fengguang Wu <fengguang.wu@intel.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
Martin Blumenstingl authored
No functional changes. Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> Signed-off-by: Antti Palosaari <crope@iki.fi> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
Martin Blumenstingl authored
This adds the missing auto-select bits for DVB-frontends and tuners (if MEDIA_SUBDRV_AUTOSELECT is enabled) which are used by the various rtl28xxu devices. The driver itself probes for three more tuners, but it's not actually using any of them: - MEDIA_TUNER_MT2063 - MEDIA_TUNER_MT2266 - MEDIA_TUNER_MXL5007T Signed-off-by: Martin Blumenstingl <martin.blumenstingl@googlemail.com> Signed-off-by: Antti Palosaari <crope@iki.fi> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
Antti Palosaari authored
Move mn88472 DVB-T/T2/C demod driver out of staging to media. v2: Fix build error reported by kbuild test robot: drivers/staging/media/mn88472/Makefile: No such file or directory Reported-by: kbuild test robot <fengguang.wu@intel.com> Signed-off-by: Antti Palosaari <crope@iki.fi> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
Antti Palosaari authored
Finalize driver in order to move out of staging. Signed-off-by: Antti Palosaari <crope@iki.fi> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
Julia Lawall authored
firmare -> firmware Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> Signed-off-by: Antti Palosaari <crope@iki.fi> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
Antti Palosaari authored
1 and 2 wasn't enough for mn88472 chip on Astrometa device, so increase it to 3. Signed-off-by: Antti Palosaari <crope@iki.fi> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
Julia Lawall authored
firmare -> firmware Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr> Signed-off-by: Antti Palosaari <crope@iki.fi> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
Antti Palosaari authored
Latest, 3rd, regmap instance should be freed on error case. Signed-off-by: Antti Palosaari <crope@iki.fi> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
Hans Verkuil authored
Remove this deprecated old driver. Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com> Cc: Richard Röjfors <richard@puffinpack.se> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
Hans Verkuil authored
Remove this deprecated old driver. Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
Hans Verkuil authored
Remove this deprecated old driver. Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com> Cc: Guennadi Liakhovetski <g.liakhovetski@gmx.de> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
Hans Verkuil authored
Remove this deprecated old driver. Signed-off-by: Hans Verkuil <hans.verkuil@cisco.com> Cc: Guennadi Liakhovetski <g.liakhovetski@gmx.de> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
ayaka authored
It is a cosmetic commit. Signed-off-by: ayaka <ayaka@soulik.info> Signed-off-by: Kamil Debski <k.debski@samsung.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
ayaka authored
We don't need to request the sizeimage or num_planes in try_fmt. Signed-off-by: ayaka <ayaka@soulik.info> Signed-off-by: Kamil Debski <k.debski@samsung.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-
ayaka authored
The encoder forget the work to call hardware to release its buffers. This patch came from chromium project. I just change its code style and make the API match with new kernel. Signed-off-by: ayaka <ayaka@soulik.info> Signed-off-by: Kamil Debski <k.debski@samsung.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
-