| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 15 Jan 2024 15:52:57 +0100
From: Benjamin Gaignard <benjamin.gaignard@...labora.com>
To: Hans Verkuil <hverkuil@...all.nl>, mchehab@...nel.org
Cc: linux-kernel@...r.kernel.org, linux-media@...r.kernel.org,
kernel@...labora.com
Subject: Re: [PATCH v16 3/8] media: core: Rework how create_buf index returned
value is computed
Le 15/01/2024 à 13:11, Hans Verkuil a écrit :
> On 15/12/2023 10:08, Benjamin Gaignard wrote:
>> When DELETE_BUFS will be introduced holes could created in bufs array.
>> To be able to reuse these unused indices reworking how create->index
>> is set is mandatory.
>> Let __vb2_queue_alloc() decide which first index is correct and
>> forward this to the caller.
>>
>> Signed-off-by: Benjamin Gaignard <benjamin.gaignard@...labora.com>
>> ---
>> .../media/common/videobuf2/videobuf2-core.c | 22 ++++++++++++-------
>> .../media/common/videobuf2/videobuf2-v4l2.c | 20 +++++++++++------
>> include/media/videobuf2-core.h | 5 ++++-
>> 3 files changed, 31 insertions(+), 16 deletions(-)
>>
>> diff --git a/drivers/media/common/videobuf2/videobuf2-core.c b/drivers/media/common/videobuf2/videobuf2-core.c
>> index a183edf11586..cd2b9e51b9b0 100644
>> --- a/drivers/media/common/videobuf2/videobuf2-core.c
>> +++ b/drivers/media/common/videobuf2/videobuf2-core.c
>> @@ -447,11 +447,12 @@ static void vb2_queue_remove_buffer(struct vb2_buffer *vb)
>> */
>> static int __vb2_queue_alloc(struct vb2_queue *q, enum vb2_memory memory,
>> unsigned int num_buffers, unsigned int num_planes,
>> - const unsigned plane_sizes[VB2_MAX_PLANES])
>> + const unsigned int plane_sizes[VB2_MAX_PLANES],
>> + unsigned int *first_index)
>> {
>> - unsigned int q_num_buffers = vb2_get_num_buffers(q);
>> unsigned int buffer, plane;
>> struct vb2_buffer *vb;
>> + unsigned long index;
>> int ret;
>>
>> /*
>> @@ -459,7 +460,11 @@ static int __vb2_queue_alloc(struct vb2_queue *q, enum vb2_memory memory,
>> * in the queue is below q->max_num_buffers
>> */
>> num_buffers = min_t(unsigned int, num_buffers,
>> - q->max_num_buffers - q_num_buffers);
>> + q->max_num_buffers - vb2_get_num_buffers(q));
>> +
>> + index = vb2_get_num_buffers(q);
>> +
>> + *first_index = index;
>>
>> for (buffer = 0; buffer < num_buffers; ++buffer) {
>> /* Allocate vb2 buffer structures */
>> @@ -479,7 +484,7 @@ static int __vb2_queue_alloc(struct vb2_queue *q, enum vb2_memory memory,
>> vb->planes[plane].min_length = plane_sizes[plane];
>> }
>>
>> - vb2_queue_add_buffer(q, vb, q_num_buffers + buffer);
>> + vb2_queue_add_buffer(q, vb, index++);
>> call_void_bufop(q, init_buffer, vb);
>>
>> /* Allocate video buffer memory for the MMAP type */
>> @@ -820,7 +825,7 @@ int vb2_core_reqbufs(struct vb2_queue *q, enum vb2_memory memory,
>> unsigned int q_num_bufs = vb2_get_num_buffers(q);
>> unsigned plane_sizes[VB2_MAX_PLANES] = { };
>> bool non_coherent_mem = flags & V4L2_MEMORY_FLAG_NON_COHERENT;
>> - unsigned int i;
>> + unsigned int i, first_index;
>> int ret = 0;
>>
>> if (q->streaming) {
>> @@ -906,7 +911,7 @@ int vb2_core_reqbufs(struct vb2_queue *q, enum vb2_memory memory,
>>
>> /* Finally, allocate buffers and video memory */
>> allocated_buffers =
>> - __vb2_queue_alloc(q, memory, num_buffers, num_planes, plane_sizes);
>> + __vb2_queue_alloc(q, memory, num_buffers, num_planes, plane_sizes, &first_index);
>> if (allocated_buffers == 0) {
>> dprintk(q, 1, "memory allocation failed\n");
>> ret = -ENOMEM;
>> @@ -980,7 +985,8 @@ EXPORT_SYMBOL_GPL(vb2_core_reqbufs);
>> int vb2_core_create_bufs(struct vb2_queue *q, enum vb2_memory memory,
>> unsigned int flags, unsigned int *count,
>> unsigned int requested_planes,
>> - const unsigned int requested_sizes[])
>> + const unsigned int requested_sizes[],
>> + unsigned int *first_index)
>> {
>> unsigned int num_planes = 0, num_buffers, allocated_buffers;
>> unsigned plane_sizes[VB2_MAX_PLANES] = { };
>> @@ -1042,7 +1048,7 @@ int vb2_core_create_bufs(struct vb2_queue *q, enum vb2_memory memory,
>>
>> /* Finally, allocate buffers and video memory */
>> allocated_buffers = __vb2_queue_alloc(q, memory, num_buffers,
>> - num_planes, plane_sizes);
>> + num_planes, plane_sizes, first_index);
>> if (allocated_buffers == 0) {
>> dprintk(q, 1, "memory allocation failed\n");
>> ret = -ENOMEM;
>> diff --git a/drivers/media/common/videobuf2/videobuf2-v4l2.c b/drivers/media/common/videobuf2/videobuf2-v4l2.c
>> index 54d572c3b515..3c0c423c5674 100644
>> --- a/drivers/media/common/videobuf2/videobuf2-v4l2.c
>> +++ b/drivers/media/common/videobuf2/videobuf2-v4l2.c
>> @@ -797,11 +797,16 @@ int vb2_create_bufs(struct vb2_queue *q, struct v4l2_create_buffers *create)
>> for (i = 0; i < requested_planes; i++)
>> if (requested_sizes[i] == 0)
>> return -EINVAL;
>> - return ret ? ret : vb2_core_create_bufs(q, create->memory,
>> - create->flags,
>> - &create->count,
>> - requested_planes,
>> - requested_sizes);
>> + if (ret)
>> + return ret;
>> +
>> + ret = vb2_core_create_bufs(q, create->memory,
>> + create->flags,
>> + &create->count,
>> + requested_planes,
>> + requested_sizes,
>> + &create->index);
>> + return ret;
>> }
>> EXPORT_SYMBOL_GPL(vb2_create_bufs);
>>
>> @@ -1029,15 +1034,16 @@ int vb2_ioctl_create_bufs(struct file *file, void *priv,
>> int res = vb2_verify_memory_type(vdev->queue, p->memory,
>> p->format.type);
>>
>> - p->index = vdev->queue->num_buffers;
>> fill_buf_caps(vdev->queue, &p->capabilities);
>> validate_memory_flags(vdev->queue, p->memory, &p->flags);
> While reviewing this, I think I found a bug in the current code:
>
> vb2_create_bufs() sets V4L2_BUF_CAP_SUPPORTS_MAX_NUM_BUFFERS, but
> if p->count == 0, then that function isn't called...
>
>> /*
>> * If count == 0, then just check if memory and type are valid.
>> * Any -EBUSY result from vb2_verify_memory_type can be mapped to 0.
>> */
>> - if (p->count == 0)
>> + if (p->count == 0) {
>> + p->index = vb2_get_num_buffers(vdev->queue);
>> return res != -EBUSY ? res : 0;
> ...instead it just falls in this 'if'.
>
> It would be better to refactor this so that vb2_ioctl_create_bufs()
> relies on vb2_create_bufs for most of the work.
>
> The reason for the messy code is that if p->count == 0, then it
> should ignore any EBUSY results, since that should always work.
>
> Alternatively, just copy the code from vb2_create_bufs here so the
> flag is properly set.
>
> In any case, fixing this is a separate patch that should go to v6.8.
Do you want this new patch to be in the next version of this series or completely
separated ?
Regards,
Benjamin
>
> Regards,
>
> Hans
>
>> + }
>> if (res)
>> return res;
>> if (vb2_queue_is_busy(vdev->queue, file))
>> diff --git a/include/media/videobuf2-core.h b/include/media/videobuf2-core.h
>> index 7b84b4e2e273..607f2ba7a905 100644
>> --- a/include/media/videobuf2-core.h
>> +++ b/include/media/videobuf2-core.h
>> @@ -821,6 +821,8 @@ int vb2_core_reqbufs(struct vb2_queue *q, enum vb2_memory memory,
>> * @count: requested buffer count.
>> * @requested_planes: number of planes requested.
>> * @requested_sizes: array with the size of the planes.
>> + * @first_index: index of the first created buffer, all allocated buffers have
>> + * indices in the range [first..first+count]
>> *
>> * Videobuf2 core helper to implement VIDIOC_CREATE_BUFS() operation. It is
>> * called internally by VB2 by an API-specific handler, like
>> @@ -837,7 +839,8 @@ int vb2_core_reqbufs(struct vb2_queue *q, enum vb2_memory memory,
>> int vb2_core_create_bufs(struct vb2_queue *q, enum vb2_memory memory,
>> unsigned int flags, unsigned int *count,
>> unsigned int requested_planes,
>> - const unsigned int requested_sizes[]);
>> + const unsigned int requested_sizes[],
>> + unsigned int *first_index);
>>
>> /**
>> * vb2_core_prepare_buf() - Pass ownership of a buffer from userspace
Powered by blists - more mailing lists