lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <294f4150-cbae-f71b-9804-f985d0b0492a@collabora.com>
Date:   Tue, 5 Sep 2023 16:28:29 +0200
From:   Benjamin Gaignard <benjamin.gaignard@...labora.com>
To:     Hans Verkuil <hverkuil-cisco@...all.nl>, mchehab@...nel.org,
        tfiga@...omium.org, m.szyprowski@...sung.com, ming.qian@....com,
        ezequiel@...guardiasur.com.ar, p.zabel@...gutronix.de,
        gregkh@...uxfoundation.org, nicolas.dufresne@...labora.com
Cc:     linux-media@...r.kernel.org, linux-kernel@...r.kernel.org,
        linux-arm-kernel@...ts.infradead.org,
        linux-mediatek@...ts.infradead.org, linux-arm-msm@...r.kernel.org,
        linux-rockchip@...ts.infradead.org, linux-staging@...ts.linux.dev,
        kernel@...labora.com
Subject: Re: [PATCH v6 17/18] media: v4l2: Add DELETE_BUFS ioctl


Le 05/09/2023 à 10:17, Hans Verkuil a écrit :
> On 01/09/2023 14:44, Benjamin Gaignard wrote:
>> VIDIOC_DELETE_BUFS ioctl allows to delete buffers from a queue.
>> The number of buffers to delete in given by count field of
>> struct v4l2_delete_buffers and the range start at the index
>> specified in the same structure.
>>
>> Signed-off-by: Benjamin Gaignard <benjamin.gaignard@...labora.com>
>> ---
>> v6:
>> - Add lock in vb2_core_delete_buf()
>> - Fix typo and comments
>> - Add flags in VIDIOC_DELETE_BUFS decalaration
>>
>>   .../userspace-api/media/v4l/user-func.rst     |  1 +
>>   .../media/v4l/vidioc-delete-bufs.rst          | 73 +++++++++++++++++++
>>   .../media/common/videobuf2/videobuf2-core.c   | 24 ++++++
>>   .../media/common/videobuf2/videobuf2-v4l2.c   | 38 +++++++++-
>>   drivers/media/v4l2-core/v4l2-dev.c            |  1 +
>>   drivers/media/v4l2-core/v4l2-ioctl.c          | 17 +++++
>>   include/media/v4l2-ioctl.h                    |  4 +
>>   include/media/videobuf2-core.h                |  9 +++
>>   include/media/videobuf2-v4l2.h                | 11 +++
>>   include/uapi/linux/videodev2.h                | 16 ++++
>>   10 files changed, 193 insertions(+), 1 deletion(-)
>>   create mode 100644 Documentation/userspace-api/media/v4l/vidioc-delete-bufs.rst
>>
>> diff --git a/Documentation/userspace-api/media/v4l/user-func.rst b/Documentation/userspace-api/media/v4l/user-func.rst
>> index 15ff0bf7bbe6..3fd567695477 100644
>> --- a/Documentation/userspace-api/media/v4l/user-func.rst
>> +++ b/Documentation/userspace-api/media/v4l/user-func.rst
>> @@ -17,6 +17,7 @@ Function Reference
>>       vidioc-dbg-g-chip-info
>>       vidioc-dbg-g-register
>>       vidioc-decoder-cmd
>> +    vidioc-delete-bufs
>>       vidioc-dqevent
>>       vidioc-dv-timings-cap
>>       vidioc-encoder-cmd
>> diff --git a/Documentation/userspace-api/media/v4l/vidioc-delete-bufs.rst b/Documentation/userspace-api/media/v4l/vidioc-delete-bufs.rst
>> new file mode 100644
>> index 000000000000..a55fe6331fc8
>> --- /dev/null
>> +++ b/Documentation/userspace-api/media/v4l/vidioc-delete-bufs.rst
>> @@ -0,0 +1,73 @@
>> +.. SPDX-License-Identifier: GFDL-1.1-no-invariants-or-later
>> +.. c:namespace:: V4L
>> +
>> +.. _VIDIOC_DELETE_BUFS:
>> +
>> +************************
>> +ioctl VIDIOC_DELETE_BUFS
>> +************************
>> +
>> +Name
>> +====
>> +
>> +VIDIOC_DELETE_BUFS - Deletes buffers from a queue
>> +
>> +Synopsis
>> +========
>> +
>> +.. c:macro:: VIDIOC_DELETE_BUFs
>> +
>> +``int ioctl(int fd, VIDIOC_DELETE_BUFs, struct v4l2_delete_buffers *argp)``
>> +
>> +Arguments
>> +=========
>> +
>> +``fd``
>> +    File descriptor returned by :c:func:`open()`.
>> +
>> +``argp``
>> +    Pointer to struct :c:type:`v4l2_delete_buffers`.
>> +
>> +Description
>> +===========
>> +
>> +Applications can optionally call the :ref:`VIDIOC_DELETE_BUFS` ioctl to
>> +delete buffers from a queue.
>> +
>> +.. c:type:: v4l2_delete_buffers
>> +
>> +.. tabularcolumns:: |p{4.4cm}|p{4.4cm}|p{8.5cm}|
>> +
>> +.. flat-table:: struct v4l2_delete_buffers
>> +    :header-rows:  0
>> +    :stub-columns: 0
>> +    :widths:       1 1 2
>> +
>> +    * - __u32
>> +      - ``index``
>> +      - The starting buffer index to delete.
>> +    * - __u32
>> +      - ``count``
>> +      - The number of buffers to be deleted.
> That's not quite correct. This function will delete the buffers with indices
> index until index+count-1. And indices in that range have to be valid buffers,
> i.e. you can't have already deleted buffers in that range.
>
> Or should we allow that? It is a fair question.
>
> All buffers also have to be in the DEQUEUED state.
>
> The text above suggests that given the following valid indices:
>
> 0, 1, 3, 4 (so the buffer with index 2 was already deleted)
>
> deleting 2 buffers from index 1 would delete buffers 1, 3. When in
> fact it will attempt to delete buffers 1 and 2.
>
> Also document explicitly that calling this with count=0 (and perhaps
> index=0 as well?) can be used to check if this ioctl is supported.

I will do that.

>
>> +    * - __u32
>> +      - ``type``
>> +      - Type of the stream or buffers, this is the same as the struct
>> +	:c:type:`v4l2_format` ``type`` field. See
>> +	:c:type:`v4l2_buf_type` for valid values.
>> +    * - __u32
>> +      - ``reserved``\ [13]
>> +      - A place holder for future extensions. Drivers and applications
>> +	must set the array to zero.
> What should happen if you delete ALL buffers with this call? I.e., the
> equivalent to REQBUFS with count=0.
>
> Thinking about this the main difference is that DELETE_BUFS can only delete
> dequeued buffers and it does not stop streaming if all buffers are deleted.
>
> So REQBUFS with count=0 (or a STREAMOFF) is still needed to officially stop
> streaming and cancel the queue.
>
> Basically REQBUFS with count=0 is almost the equivalent of calling STREAMOFF followed
> by DELETE_BUFS for all buffers. Almost, but not quite: REQBUFS(0) also reports
> if the queue is unbalanced, and it sets q->num_buffers to 0. And in vb2_ioctl_reqbufs
> it will set vdev->queue->owner to NULL.
>
> I am inclined to do the same if DELETE_BUFS deletes all buffers.

Unlike REQBUFS DELETE_BUFS can delete buffers while streaming so for me the ownership
should not change even if there is no more dequeued buffers.
For REQBUFS with count=0 means that the going stream is stopped so we can delete all the buffers
while DELETE_BUFS usage is to delete buffers while keeping the stream alive.

>
>> +
>> +Return Value
>> +============
>> +
>> +On success 0 is returned, on error -1 and the ``errno`` variable is set
>> +appropriately. The generic error codes are described at the
>> +:ref:`Generic Error Codes <gen-errors>` chapter.
>> +
>> +EBUSY
>> +    File I/O is in progress.
>> +
>> +EINVAL
>> +    The buffer ``index`` doesn't exist in the queue.
>> diff --git a/drivers/media/common/videobuf2/videobuf2-core.c b/drivers/media/common/videobuf2/videobuf2-core.c
>> index dc7f6b59d237..9edb2a1e95fc 100644
>> --- a/drivers/media/common/videobuf2/videobuf2-core.c
>> +++ b/drivers/media/common/videobuf2/videobuf2-core.c
>> @@ -1633,6 +1633,30 @@ int vb2_core_prepare_buf(struct vb2_queue *q, struct vb2_buffer *vb, void *pb)
>>   }
>>   EXPORT_SYMBOL_GPL(vb2_core_prepare_buf);
>>   
>> +int vb2_core_delete_buf(struct vb2_queue *q, struct vb2_buffer *vb)
>> +{
>> +	mutex_lock(&q->mmap_lock);
>> +	if (vb->planes[0].mem_priv)
>> +		call_void_vb_qop(vb, buf_cleanup, vb);
>> +
>> +	/* Free MMAP buffers or release USERPTR buffers */
>> +	if (q->memory == VB2_MEMORY_MMAP)
>> +		__vb2_buf_mem_free(vb);
>> +	else if (q->memory == VB2_MEMORY_DMABUF)
>> +		__vb2_buf_dmabuf_put(vb);
>> +	else
>> +		__vb2_buf_userptr_put(vb);
>> +
>> +	vb2_queue_remove_buffer(q, vb);
>> +	mutex_unlock(&q->mmap_lock);
>> +
>> +	dprintk(q, 2, "buffer %d deleted\n", vb->index);
>> +	kfree(vb);
>> +
>> +	return 0;
>> +}
>> +EXPORT_SYMBOL_GPL(vb2_core_delete_buf);
> This is duplicating what already happens in __vb2_free_mem and __vb2_queue_free.
>
> That code needs to be refactored.
>
> What you want is a __vb2_delete_buffers(struct vb2_queue *q, unsigned int index, unsigned int buffers)
> function that is called with mmap_lock held and that deletes buffers in the range 'index'
> to 'index + count - 1'. Buffers may already be deleted.
>
> __vb2_free_mem does almost do all of that already.
>
> Then this new function can be called from __vb2_queue_free() and you can make
> a vb2_core_delete_bufs() function that takes the lock and calls __vb2_delete_buffers.
>
> Another note: currently __vb2_queue_free checks if any of the buffers had unbalanced
> operations. That check needs to be moved to __vb2_delete_buffers as well otherwise
> that would never be reported when using DELETE_BUFS.

Loops in __vb2_queue_free() and __vb2_free_mem() try to delete buffers at the end of the
queue, I could just modify these functions prototype and loops to start from a given index.
That should do the job but have impact on create_bufs (see below)

>
>> +
>>   /*
>>    * vb2_start_streaming() - Attempt to start streaming.
>>    * @q:		videobuf2 queue
>> diff --git a/drivers/media/common/videobuf2/videobuf2-v4l2.c b/drivers/media/common/videobuf2/videobuf2-v4l2.c
>> index 8ba658ad9891..d0098f58a65c 100644
>> --- a/drivers/media/common/videobuf2/videobuf2-v4l2.c
>> +++ b/drivers/media/common/videobuf2/videobuf2-v4l2.c
>> @@ -385,7 +385,7 @@ static int vb2_queue_or_prepare_buf(struct vb2_queue *q, struct media_device *md
>>   
>>   	vb = vb2_get_buffer(q, b->index);
>>   	if (!vb) {
>> -		dprintk(q, 1, "%s: buffer is NULL\n", opname);
>> +		dprintk(q, 1, "%s: buffer %u was deleted\n", opname, b->index);
>>   		return -EINVAL;
>>   	}
>>   
>> @@ -757,6 +757,42 @@ int vb2_prepare_buf(struct vb2_queue *q, struct media_device *mdev,
>>   }
>>   EXPORT_SYMBOL_GPL(vb2_prepare_buf);
>>   
>> +int vb2_delete_bufs(struct vb2_queue *q, struct v4l2_delete_buffers *d)
>> +{
>> +	struct vb2_buffer *vb;
>> +	unsigned int index;
>> +	int ret = 0;
>> +
> Add:
>
> 	if (!d->count)
> 		return 0;
>
> (possibly also check if !d->index)
>
>> +	if (d->index > q->num_buffers ||
>> should be >= here.
>> +	    d->count > q->num_buffers ||
>> +	    (d->index + d->count) > q->num_buffers) {
>> +		return -EINVAL;
>> +	}
> Once we can delete buffers, how does that change the meaning of num_buffers?
> Isn't this really max_buffer_index or something similar? But we probably also
> still need to keep track of the actual number of buffers.
>
> And create_bufs still allocated buffers from the last index onwards, it does
> not attempt to reuse indices of previously deleted buffers.

Reuse previous indices require to be sure that a range of index is free because
create_bufs returns, in index parameter, the starting buffer index.
I will add a function to find the first available range and use it in vb2_create_bufs()
to change how create->index is set.
Hans, sound good for you ?

>
> There are a lot of drivers that use num_buffers, they will have to be audited.
>
> This needs a lot more thought.
>
>> +
>> +	for (index = d->index; index < d->index + d->count; index++) {
>> +		vb = vb2_get_buffer(q, index);
>> +		if (!vb) {
>> +			dprintk(q, 1, "can't find the requested buffer\n");
>> +			ret = -EINVAL;
>> +			goto error;
>> +		}
>> +		if (vb->state != VB2_BUF_STATE_DEQUEUED) {
>> +			dprintk(q, 1, "can't delete non dequeued buffer index %d\n", vb->index);
>> +			ret = -EINVAL;
>> +			goto error;
>> +		}
> These checks have to take place first, then, if all is OK, you call vb2_core_delete_bufs.
>
> Actually, thinking this over, I would move all these checks to vb2_core_delete_bufs.
>
> It can all be put under the mmap_lock mutex to ensure nobody is messing around
> with the queue while this takes place.
>
> Note that when vb2_core_reqbufs() is called with count=0, then if it sees that
> a buffer is still in use (mmaped), it will log a debug message that the buffers
> are orphaned. We should keep that, I believe.
>
>> +
>> +		ret = vb2_core_delete_buf(q, vb);
>> +		if (ret)
>> +			break;
>> +	}
>> +
>> +error:
>> +	d->index = index;
> I wouldn't do this. I don't think this is useful.
>
>> +	return ret;
>> +}
>> +EXPORT_SYMBOL_GPL(vb2_delete_bufs);
>> +
>>   int vb2_create_bufs(struct vb2_queue *q, struct v4l2_create_buffers *create)
>>   {
>>   	unsigned requested_planes = 1;
>> diff --git a/drivers/media/v4l2-core/v4l2-dev.c b/drivers/media/v4l2-core/v4l2-dev.c
>> index f81279492682..215654fd6581 100644
>> --- a/drivers/media/v4l2-core/v4l2-dev.c
>> +++ b/drivers/media/v4l2-core/v4l2-dev.c
>> @@ -720,6 +720,7 @@ static void determine_valid_ioctls(struct video_device *vdev)
>>   		SET_VALID_IOCTL(ops, VIDIOC_PREPARE_BUF, vidioc_prepare_buf);
>>   		SET_VALID_IOCTL(ops, VIDIOC_STREAMON, vidioc_streamon);
>>   		SET_VALID_IOCTL(ops, VIDIOC_STREAMOFF, vidioc_streamoff);
>> +		SET_VALID_IOCTL(ops, VIDIOC_DELETE_BUFS, vidioc_delete_bufs);
>>   	}
>>   
>>   	if (is_vid || is_vbi || is_meta) {
>> diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c
>> index f4d9d6279094..aac3a0ea0126 100644
>> --- a/drivers/media/v4l2-core/v4l2-ioctl.c
>> +++ b/drivers/media/v4l2-core/v4l2-ioctl.c
>> @@ -489,6 +489,13 @@ static void v4l_print_create_buffers(const void *arg, bool write_only)
>>   	v4l_print_format(&p->format, write_only);
>>   }
>>   
>> +static void v4l_print_delete_buffers(const void *arg, bool write_only)
>> +{
>> +	const struct v4l2_delete_buffers *p = arg;
>> +
>> +	pr_cont("index=%d, count=%d\n", p->index, p->count);
> Use %u since both args are unsigned.
>
>> +}
>> +
>>   static void v4l_print_streamparm(const void *arg, bool write_only)
>>   {
>>   	const struct v4l2_streamparm *p = arg;
>> @@ -2160,6 +2167,15 @@ static int v4l_prepare_buf(const struct v4l2_ioctl_ops *ops,
>>   	return ret ? ret : ops->vidioc_prepare_buf(file, fh, b);
>>   }
>>   
>> +static int v4l_delete_bufs(const struct v4l2_ioctl_ops *ops,
>> +			   struct file *file, void *fh, void *arg)
>> +{
>> +	struct v4l2_delete_buffers *delete = arg;
>> +	int ret = check_fmt(file, delete->type);
>> +
>> +	return ret ? ret : ops->vidioc_delete_bufs(file, fh, delete);
>> +}
>> +
>>   static int v4l_g_parm(const struct v4l2_ioctl_ops *ops,
>>   				struct file *file, void *fh, void *arg)
>>   {
>> @@ -2909,6 +2925,7 @@ static const struct v4l2_ioctl_info v4l2_ioctls[] = {
>>   	IOCTL_INFO(VIDIOC_ENUM_FREQ_BANDS, v4l_enum_freq_bands, v4l_print_freq_band, 0),
>>   	IOCTL_INFO(VIDIOC_DBG_G_CHIP_INFO, v4l_dbg_g_chip_info, v4l_print_dbg_chip_info, INFO_FL_CLEAR(v4l2_dbg_chip_info, match)),
>>   	IOCTL_INFO(VIDIOC_QUERY_EXT_CTRL, v4l_query_ext_ctrl, v4l_print_query_ext_ctrl, INFO_FL_CTRL | INFO_FL_CLEAR(v4l2_query_ext_ctrl, id)),
>> +	IOCTL_INFO(VIDIOC_DELETE_BUFS, v4l_delete_bufs, v4l_print_delete_buffers, INFO_FL_PRIO | INFO_FL_QUEUE | INFO_FL_CLEAR(v4l2_delete_buffers, type)),
>>   };
>>   #define V4L2_IOCTLS ARRAY_SIZE(v4l2_ioctls)
>>   
>> diff --git a/include/media/v4l2-ioctl.h b/include/media/v4l2-ioctl.h
>> index edb733f21604..55afbde54211 100644
>> --- a/include/media/v4l2-ioctl.h
>> +++ b/include/media/v4l2-ioctl.h
>> @@ -163,6 +163,8 @@ struct v4l2_fh;
>>    *	:ref:`VIDIOC_CREATE_BUFS <vidioc_create_bufs>` ioctl
>>    * @vidioc_prepare_buf: pointer to the function that implements
>>    *	:ref:`VIDIOC_PREPARE_BUF <vidioc_prepare_buf>` ioctl
>> + * @vidioc_delete_bufs: pointer to the function that implements
>> + *	:ref:`VIDIOC_DELETE_BUFS <vidioc_delete_bufs>` ioctl
>>    * @vidioc_overlay: pointer to the function that implements
>>    *	:ref:`VIDIOC_OVERLAY <vidioc_overlay>` ioctl
>>    * @vidioc_g_fbuf: pointer to the function that implements
>> @@ -422,6 +424,8 @@ struct v4l2_ioctl_ops {
>>   				  struct v4l2_create_buffers *b);
>>   	int (*vidioc_prepare_buf)(struct file *file, void *fh,
>>   				  struct v4l2_buffer *b);
>> +	int (*vidioc_delete_bufs)(struct file *file, void *fh,
>> +				  struct v4l2_delete_buffers *d);
>>   
>>   	int (*vidioc_overlay)(struct file *file, void *fh, unsigned int i);
>>   	int (*vidioc_g_fbuf)(struct file *file, void *fh,
>> diff --git a/include/media/videobuf2-core.h b/include/media/videobuf2-core.h
>> index 97153c69583f..e2c5ff31efd0 100644
>> --- a/include/media/videobuf2-core.h
>> +++ b/include/media/videobuf2-core.h
>> @@ -843,6 +843,15 @@ int vb2_core_create_bufs(struct vb2_queue *q, enum vb2_memory memory,
>>    */
>>   int vb2_core_prepare_buf(struct vb2_queue *q, struct vb2_buffer *vb, void *pb);
>>   
>> +/**
>> + * vb2_core_delete_buf() -
>> + * @q: pointer to &struct vb2_queue with videobuf2 queue.
>> + * @vb:		pointer to struct &vb2_buffer.
>> + *
>> + *  Return: returns zero on success; an error code otherwise.
>> + */
>> +int vb2_core_delete_buf(struct vb2_queue *q, struct vb2_buffer *vb);
>> +
>>   /**
>>    * vb2_core_qbuf() - Queue a buffer from userspace
>>    *
>> diff --git a/include/media/videobuf2-v4l2.h b/include/media/videobuf2-v4l2.h
>> index 5a845887850b..2ef68fdf388f 100644
>> --- a/include/media/videobuf2-v4l2.h
>> +++ b/include/media/videobuf2-v4l2.h
>> @@ -118,6 +118,17 @@ int vb2_create_bufs(struct vb2_queue *q, struct v4l2_create_buffers *create);
>>    */
>>   int vb2_prepare_buf(struct vb2_queue *q, struct media_device *mdev,
>>   		    struct v4l2_buffer *b);
>> +/**
>> + * vb2_delete_bufs() - Delete buffers from the queue
>> + *
>> + * @q:		pointer to &struct vb2_queue with videobuf2 queue.
>> + * @d:		delete parameter, passed from userspace to
>> + *		&v4l2_ioctl_ops->vidioc_delete_bufs handler in driver
>> + *
>> + * The return values from this function are intended to be directly returned
>> + * from &v4l2_ioctl_ops->vidioc_delete_bufs handler in driver.
>> + */
>> +int vb2_delete_bufs(struct vb2_queue *q, struct v4l2_delete_buffers *d);
> I'm missing the vb2_ioctl_delete_bufs function with a call to vb2_queue_is_busy().
>
>>   
>>   /**
>>    * vb2_qbuf() - Queue a buffer from userspace
>> diff --git a/include/uapi/linux/videodev2.h b/include/uapi/linux/videodev2.h
>> index 78260e5d9985..9cc7f570d995 100644
>> --- a/include/uapi/linux/videodev2.h
>> +++ b/include/uapi/linux/videodev2.h
>> @@ -2616,6 +2616,20 @@ struct v4l2_create_buffers {
>>   	__u32			reserved[6];
>>   };
>>   
>> +/**
>> + * struct v4l2_delete_buffers - VIDIOC_DELETE_BUFS argument
>> + * @index:	the first buffer to be deleted
>> + * @count:	number of buffers to delete
>> + * @type:	enum v4l2_buf_type
>> + * @reserved:	future extensions
>> + */
>> +struct v4l2_delete_buffers {
>> +	__u32			index;
>> +	__u32			count;
>> +	__u32			type;
>> +	__u32			reserved[13];
>> +};
>> +
>>   /*
>>    *	I O C T L   C O D E S   F O R   V I D E O   D E V I C E S
>>    *
>> @@ -2715,6 +2729,8 @@ struct v4l2_create_buffers {
>>   #define VIDIOC_DBG_G_CHIP_INFO  _IOWR('V', 102, struct v4l2_dbg_chip_info)
>>   
>>   #define VIDIOC_QUERY_EXT_CTRL	_IOWR('V', 103, struct v4l2_query_ext_ctrl)
>> +#define VIDIOC_DELETE_BUFS	_IOWR('V', 104, struct v4l2_delete_buffers)
>> +
>>   
>>   /* Reminder: when adding new ioctls please add support for them to
>>      drivers/media/v4l2-core/v4l2-compat-ioctl32.c as well! */
> You need much more extensive compliance checks for this, esp. mixing
> create_bufs and delete_bufs. And test it with the test-media test script.
>
> Regards,
>
> 	Hans
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ