summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSteven Toth <stoth@kernellabs.com>2010-07-31 15:11:59 -0300
committerMauro Carvalho Chehab <mchehab@redhat.com>2010-10-21 07:54:53 -0200
commit46eeb8dd30d3651e6ea55c2e60594206cd591d79 (patch)
treeec3d2d34b7f6e7c68aadec8aca8091e213e274c4
parent58acca1056434dbbbcb3f1aacd759f1039a3169d (diff)
[media] saa7164: add guard bytes around critical buffers to detect failure
If the guard bytes are trampled then we have a memory related problem. Signed-off-by: Steven Toth <stoth@kernellabs.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
-rw-r--r--drivers/media/video/saa7164/saa7164-core.c22
-rw-r--r--drivers/media/video/saa7164/saa7164-encoder.c21
2 files changed, 37 insertions, 6 deletions
diff --git a/drivers/media/video/saa7164/saa7164-core.c b/drivers/media/video/saa7164/saa7164-core.c
index 624ad3e1b61d..e96bbe4698b9 100644
--- a/drivers/media/video/saa7164/saa7164-core.c
+++ b/drivers/media/video/saa7164/saa7164-core.c
@@ -216,6 +216,7 @@ static void saa7164_work_enchandler(struct work_struct *w)
struct saa7164_user_buffer *ubuf;
struct list_head *c, *n;
int wp, rp, i = 0;
+ u8 *p;
port->last_svc_msecs_diff = port->last_svc_msecs;
port->last_svc_msecs = jiffies_to_msecs(jiffies);
@@ -262,6 +263,20 @@ static void saa7164_work_enchandler(struct work_struct *w)
break;
}
+ p = (u8 *)buf->cpu;
+ if ( (*(p + buf->actual_size + 0) != 0xff) ||
+ (*(p + buf->actual_size + 1) != 0xff) ||
+ (*(p + buf->actual_size + 2) != 0xff) ||
+ (*(p + buf->actual_size + 3) != 0xff) ||
+ (*(p + buf->actual_size + 0x10) != 0xff) ||
+ (*(p + buf->actual_size + 0x11) != 0xff) ||
+ (*(p + buf->actual_size + 0x12) != 0xff) ||
+ (*(p + buf->actual_size + 0x13) != 0xff) )
+ {
+ printk(KERN_ERR "buf %p failed guard check\n", buf);
+ saa7164_dumphex16(dev, p + buf->actual_size - 32, 64);
+ }
+
if (buf->idx == rp) {
/* Found the buffer, deal with it */
dprintk(DBGLVL_IRQ, "%s() wp: %d processing: %d\n",
@@ -278,9 +293,12 @@ static void saa7164_work_enchandler(struct work_struct *w)
ubuf = list_first_entry(&port->list_buf_free.list,
struct saa7164_user_buffer, list);
- if (ubuf->actual_size == buf->actual_size)
+ if (ubuf->actual_size == buf->actual_size) {
memcpy(ubuf->data, buf->cpu,
ubuf->actual_size);
+ } else {
+ printk(KERN_ERR "buf %p actual fails match\n", buf);
+ }
/* Requeue the buffer on the free list */
ubuf->pos = 0;
@@ -297,7 +315,7 @@ static void saa7164_work_enchandler(struct work_struct *w)
/* Ensure offset into buffer remains 0, fill buffer
* with known bad data. */
saa7164_buffer_zero_offsets(port, rp);
- memset(buf->cpu, 0xDE, buf->pci_size);
+ memset(buf->cpu, 0xff, buf->pci_size);
break;
}
diff --git a/drivers/media/video/saa7164/saa7164-encoder.c b/drivers/media/video/saa7164/saa7164-encoder.c
index 5f73ceded31b..c61907d0efb9 100644
--- a/drivers/media/video/saa7164/saa7164-encoder.c
+++ b/drivers/media/video/saa7164/saa7164-encoder.c
@@ -1038,14 +1038,18 @@ static ssize_t fops_read(struct file *file, char __user *buffer,
saa7164_histogram_update(&port->read_interval,
port->last_read_msecs_diff);
- if (*pos)
+ if (*pos) {
+ printk(KERN_ERR "%s() ESPIPE\n", __func__);
return -ESPIPE;
+ }
if (atomic_cmpxchg(&fh->v4l_reading, 0, 1) == 0) {
if (atomic_inc_return(&port->v4l_reader_count) == 1) {
- if (saa7164_encoder_initialize(port) < 0)
+ if (saa7164_encoder_initialize(port) < 0) {
+ printk(KERN_ERR "%s() EINVAL\n", __func__);
return -EINVAL;
+ }
saa7164_encoder_start_streaming(port);
msleep(200);
@@ -1056,6 +1060,7 @@ static ssize_t fops_read(struct file *file, char __user *buffer,
if ((file->f_flags & O_NONBLOCK) == 0) {
if (wait_event_interruptible(port->wait_read,
saa7164_enc_next_buf(port))) {
+ printk(KERN_ERR "%s() ERESTARTSYS\n", __func__);
return -ERESTARTSYS;
}
}
@@ -1077,8 +1082,10 @@ static ssize_t fops_read(struct file *file, char __user *buffer,
if (copy_to_user(buffer, p, cnt)) {
printk(KERN_ERR "%s() copy_to_user failed\n", __func__);
- if (!ret)
+ if (!ret) {
+ printk(KERN_ERR "%s() EFAULT\n", __func__);
ret = -EFAULT;
+ }
goto err;
}
@@ -1087,6 +1094,10 @@ static ssize_t fops_read(struct file *file, char __user *buffer,
buffer += cnt;
ret += cnt;
+ if (ubuf->pos > ubuf->actual_size) {
+ printk(KERN_ERR "read() pos > actual, huh?\n");
+ }
+
if (ubuf->pos == ubuf->actual_size) {
/* finished with current buffer, take next buffer */
@@ -1109,8 +1120,10 @@ static ssize_t fops_read(struct file *file, char __user *buffer,
}
}
err:
- if (!ret && !ubuf)
+ if (!ret && !ubuf) {
+ printk(KERN_ERR "%s() EAGAIN\n", __func__);
ret = -EAGAIN;
+ }
return ret;
}