| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 20 Dec 2020 19:21:52 +0200
From: Laurent Pinchart <laurent.pinchart@...asonboard.com>
To: Ricardo Ribalda <ribalda@...omium.org>
Cc: Mauro Carvalho Chehab <mchehab@...nel.org>,
linux-media@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 9/9] media: uvcvideo: Implement
UVC_QUIRK_PRIVACY_DURING_STREAM
Hi Ricardo,
Thank you for the patch.
On Tue, Dec 15, 2020 at 04:44:39PM +0100, Ricardo Ribalda wrote:
> Some devices, can only read the privacy_pin if the device is
> streaming.
:-(
> This patch implement a quirk for such devices, in order to avoid invalid
> reads and/or spurious events.
>
> Signed-off-by: Ricardo Ribalda <ribalda@...omium.org>
> ---
> drivers/media/usb/uvc/uvc_driver.c | 97 ++++++++++++++++++++++++++----
> drivers/media/usb/uvc/uvc_queue.c | 3 +
> drivers/media/usb/uvc/uvcvideo.h | 6 ++
> 3 files changed, 94 insertions(+), 12 deletions(-)
>
> diff --git a/drivers/media/usb/uvc/uvc_driver.c b/drivers/media/usb/uvc/uvc_driver.c
> index e49491250e87..61313019e226 100644
> --- a/drivers/media/usb/uvc/uvc_driver.c
> +++ b/drivers/media/usb/uvc/uvc_driver.c
> @@ -7,6 +7,7 @@
> */
>
> #include <linux/atomic.h>
> +#include <linux/dmi.h>
> #include <linux/gpio/consumer.h>
> #include <linux/kernel.h>
> #include <linux/list.h>
> @@ -1471,13 +1472,39 @@ static int uvc_parse_control(struct uvc_device *dev)
> return 0;
> }
>
> +static bool uvc_ext_gpio_is_streaming(struct uvc_device *dev)
> +{
> + struct uvc_streaming *streaming;
> +
> + list_for_each_entry(streaming, &dev->streams, list) {
> + if (uvc_queue_streaming(&streaming->queue))
> + return true;
> + }
> +
> + return false;
> +}
> +
> +/* Update the cached value and return true if it has changed */
> +static bool uvc_gpio_update_value(struct uvc_entity *unit, u8 *new_val)
> +{
> + *new_val = gpiod_get_value(unit->gpio.gpio_privacy);
> +
> + return atomic_xchg(&unit->gpio.gpio_privacy_value, *new_val) !=
> + *new_val;
That's a weird indentation. Also, as the left hand side modifies
*new_val, does C guarantee the order in which the two operands to != are
evaluated ? Could the code be written in an easier to read way ?
> +}
> +
> static int uvc_gpio_get_cur(struct uvc_device *dev, struct uvc_entity *entity,
> u8 cs, void *data, u16 size)
> {
> if (cs != UVC_CT_PRIVACY_CONTROL || size < 1)
> return -EINVAL;
>
> - *(uint8_t *)data = gpiod_get_value(entity->gpio.gpio_privacy);
> + if ((dev->quirks & UVC_QUIRK_PRIVACY_DURING_STREAM) &&
> + !uvc_ext_gpio_is_streaming(dev))
> + return -EBUSY;
> +
> + uvc_gpio_update_value(entity, (uint8_t *)data);
> +
> return 0;
> }
>
> @@ -1491,26 +1518,69 @@ static int uvc_gpio_get_info(struct uvc_device *dev, struct uvc_entity *entity,
> return 0;
> }
>
> -static irqreturn_t uvc_privacy_gpio_irq(int irq, void *data)
> +static struct uvc_entity *uvc_find_ext_gpio_unit(struct uvc_device *dev)
> {
> - struct uvc_device *dev = data;
> - struct uvc_video_chain *chain;
> struct uvc_entity *unit;
> - u8 value;
>
> - /* GPIO entities are always on the first chain */
> - chain = list_first_entry(&dev->chains, struct uvc_video_chain, list);
> list_for_each_entry(unit, &dev->entities, list) {
> - if (UVC_ENTITY_TYPE(unit) != UVC_EXT_GPIO_UNIT)
> - continue;
> - value = gpiod_get_value(unit->gpio.gpio_privacy);
> - uvc_ctrl_status_event(NULL, chain, unit->controls, &value);
> - return IRQ_HANDLED;
> + if (UVC_ENTITY_TYPE(unit) == UVC_EXT_GPIO_UNIT)
> + return unit;
> }
>
> + return unit;
> +}
> +
> +void uvc_privacy_gpio_event(struct uvc_device *dev)
> +{
> + struct uvc_entity *unit;
> + struct uvc_video_chain *chain;
> + u8 new_value;
> +
> + unit = uvc_find_ext_gpio_unit(dev);
> + if (WARN_ONCE(!unit, "Unable to find entity ext_gpio_unit"))
> + return;
> +
> + if (!uvc_gpio_update_value(unit, &new_value))
> + return;
If VIDIOC_G_CTRL() is called before the IRQ is processed, this
uvc_gpio_update_value() call will return false, and no event will be
generated. I don't think that's right, and even should be generated
every time the control changes.
> +
> + /* GPIO entities are always on the first chain */
> + chain = list_first_entry(&dev->chains, struct uvc_video_chain, list);
> + uvc_ctrl_status_event(NULL, chain, unit->controls, &new_value);
> +}
> +
> +static irqreturn_t uvc_privacy_gpio_irq(int irq, void *data)
> +{
> + struct uvc_device *dev = data;
> +
> + /* Ignore privacy events during streamoff */
> + if (dev->quirks & UVC_QUIRK_PRIVACY_DURING_STREAM)
> + if (!uvc_ext_gpio_is_streaming(dev))
> + return IRQ_HANDLED;
if (dev->quirks & UVC_QUIRK_PRIVACY_DURING_STREAM) {
if (!uvc_ext_gpio_is_streaming(dev))
return IRQ_HANDLED;
}
There's a potential race condition with VIDIOC_STREAMON and
VIDIOC_STREAMOFF. Could you explain what the device does exactly when
not streaming ? As the GPIO isn't tied to the UVC controller, how comes
the streaming state influences it ? Any hope the firmware could be fixed
instead ?
> +
> + uvc_privacy_gpio_event(dev);
> +
> return IRQ_HANDLED;
> }
>
> +static const struct dmi_system_id privacy_valid_during_streamon[] = {
> + {
> + .ident = "HP Elite c1030 Chromebook",
> + .matches = {
> + DMI_MATCH(DMI_SYS_VENDOR, "HP"),
> + DMI_MATCH(DMI_PRODUCT_NAME, "Jinlon"),
> + },
> + },
> + {
> + .ident = "HP Pro c640 Chromebook",
> + .matches = {
> + DMI_MATCH(DMI_SYS_VENDOR, "HP"),
> + DMI_MATCH(DMI_PRODUCT_NAME, "Dratini"),
> + },
> + },
> + { } /* terminate list */
> +};
> +
> +
> static int uvc_parse_gpio(struct uvc_device *dev)
> {
> struct uvc_entity *unit;
> @@ -1545,6 +1615,9 @@ static int uvc_parse_gpio(struct uvc_device *dev)
> if (irq == -EPROBE_DEFER)
> return -EPROBE_DEFER;
>
> + if (dmi_check_system(privacy_valid_during_streamon))
> + dev->quirks |= UVC_QUIRK_PRIVACY_DURING_STREAM;
> +
> if (irq < 0)
> return 0;
>
> diff --git a/drivers/media/usb/uvc/uvc_queue.c b/drivers/media/usb/uvc/uvc_queue.c
> index cd60c6c1749e..e800d491303f 100644
> --- a/drivers/media/usb/uvc/uvc_queue.c
> +++ b/drivers/media/usb/uvc/uvc_queue.c
> @@ -337,9 +337,12 @@ int uvc_dequeue_buffer(struct uvc_video_queue *queue, struct v4l2_buffer *buf,
> int uvc_queue_streamon(struct uvc_video_queue *queue, enum v4l2_buf_type type)
> {
> int ret;
> + struct uvc_streaming *stream = uvc_queue_to_stream(queue);
>
> mutex_lock(&queue->mutex);
> ret = vb2_streamon(&queue->queue, type);
> + if (stream->dev->quirks & UVC_QUIRK_PRIVACY_DURING_STREAM)
> + uvc_privacy_gpio_event(stream->dev);
> mutex_unlock(&queue->mutex);
>
> return ret;
> diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h
> index 2b5ba4b02d3a..2a95b3ed3ea8 100644
> --- a/drivers/media/usb/uvc/uvcvideo.h
> +++ b/drivers/media/usb/uvc/uvcvideo.h
> @@ -6,6 +6,7 @@
> #error "The uvcvideo.h header is deprecated, use linux/uvcvideo.h instead."
> #endif /* __KERNEL__ */
>
> +#include <linux/atomic.h>
> #include <linux/gpio/consumer.h>
> #include <linux/kernel.h>
> #include <linux/poll.h>
> @@ -209,6 +210,7 @@
> #define UVC_QUIRK_RESTORE_CTRLS_ON_INIT 0x00000400
> #define UVC_QUIRK_FORCE_Y8 0x00000800
> #define UVC_QUIRK_FORCE_BPP 0x00001000
> +#define UVC_QUIRK_PRIVACY_DURING_STREAM 0x00002000
>
> /* Format flags */
> #define UVC_FMT_FLAG_COMPRESSED 0x00000001
> @@ -359,6 +361,7 @@ struct uvc_entity {
> u8 bControlSize;
> u8 *bmControls;
> struct gpio_desc *gpio_privacy;
> + atomic_t gpio_privacy_value;
> } gpio;
> };
>
> @@ -815,6 +818,9 @@ extern const struct v4l2_file_operations uvc_fops;
> int uvc_mc_register_entities(struct uvc_video_chain *chain);
> void uvc_mc_cleanup_entity(struct uvc_entity *entity);
>
> +/* Privacy gpio */
> +void uvc_privacy_gpio_event(struct uvc_device *dev);
> +
> /* Video */
> int uvc_video_init(struct uvc_streaming *stream);
> int uvc_video_suspend(struct uvc_streaming *stream);
--
Regards,
Laurent Pinchart
Powered by blists - more mailing lists