Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-17 01:22:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
93f0750dcd
linux/drivers/media/v4l2-core
History
Mauro Carvalho Chehab 93f0750dcd Revert "[media] videobuf2-v4l2: Verify planes array in buffer dequeueing" 
This patch causes a Kernel panic when called on a DVB driver.

This was also reported by David R <david@unsolicited.net>:

May  7 14:47:35 server kernel: [  501.247123] BUG: unable to handle kernel NULL pointer dereference at 0000000000000004
May  7 14:47:35 server kernel: [  501.247239] IP: [<ffffffffa0222c71>] __verify_planes_array.isra.3+0x1/0x80 [videobuf2_v4l2]
May  7 14:47:35 server kernel: [  501.247354] PGD cae6f067 PUD ca99c067 PMD 0
May  7 14:47:35 server kernel: [  501.247426] Oops: 0000 [#1] SMP
May  7 14:47:35 server kernel: [  501.247482] Modules linked in: xfs tun xt_connmark xt_TCPMSS xt_tcpmss xt_owner xt_REDIRECT nf_nat_redirect xt_nat ipt_MASQUERADE nf_nat_masquerade_ipv4 ts_kmp ts_bm xt_string ipt_REJECT nf_reject_ipv4 xt_recent xt_conntrack xt_multiport xt_pkttype xt_tcpudp xt_mark nf_log_ipv4 nf_log_common xt_LOG xt_limit iptable_mangle iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack iptable_filter ip_tables ip6table_filter ip6_tables x_tables pppoe pppox dm_crypt ts2020 regmap_i2c ds3000 cx88_dvb dvb_pll cx88_vp3054_i2c mt352 videobuf2_dvb cx8800 cx8802 cx88xx pl2303 tveeprom videobuf2_dma_sg ppdev videobuf2_memops videobuf2_v4l2 videobuf2_core dvb_usb_digitv snd_hda_codec_via snd_hda_codec_hdmi snd_hda_codec_generic radeon dvb_usb snd_hda_intel amd64_edac_mod serio_raw snd_hda_codec edac_core fbcon k10temp bitblit softcursor snd_hda_core font snd_pcm_oss i2c_piix4 snd_mixer_oss tileblit drm_kms_helper syscopyarea snd_pcm snd_seq_dummy sysfillrect snd_seq_oss sysimgblt fb_sys_fops ttm snd_seq_midi r8169 snd_rawmidi drm snd_seq_midi_event e1000e snd_seq snd_seq_device snd_timer snd ptp pps_core i2c_algo_bit soundcore parport_pc ohci_pci shpchp tpm_tis tpm nfsd auth_rpcgss oid_registry hwmon_vid exportfs nfs_acl mii nfs bonding lockd grace lp sunrpc parport
May  7 14:47:35 server kernel: [  501.249564] CPU: 1 PID: 6889 Comm: vb2-cx88[0] Not tainted 4.5.3 #3
May  7 14:47:35 server kernel: [  501.249644] Hardware name: System manufacturer System Product Name/M4A785TD-V EVO, BIOS 0211    07/08/2009
May  7 14:47:35 server kernel: [  501.249767] task: ffff8800aebf3600 ti: ffff8801e07a0000 task.ti: ffff8801e07a0000
May  7 14:47:35 server kernel: [  501.249861] RIP: 0010:[<ffffffffa0222c71>]  [<ffffffffa0222c71>] __verify_planes_array.isra.3+0x1/0x80 [videobuf2_v4l2]
May  7 14:47:35 server kernel: [  501.250002] RSP: 0018:ffff8801e07a3de8  EFLAGS: 00010086
May  7 14:47:35 server kernel: [  501.250071] RAX: 0000000000000283 RBX: ffff880210dc5000 RCX: 0000000000000283
May  7 14:47:35 server kernel: [  501.250161] RDX: ffffffffa0222cf0 RSI: 0000000000000000 RDI: ffff880210dc5014
May  7 14:47:35 server kernel: [  501.250251] RBP: ffff8801e07a3df8 R08: ffff8801e07a0000 R09: 0000000000000000
May  7 14:47:35 server kernel: [  501.250348] R10: 0000000000000000 R11: 0000000000000001 R12: ffff8800cda2a9d8
May  7 14:47:35 server kernel: [  501.250438] R13: ffff880210dc51b8 R14: 0000000000000000 R15: ffff8800cda2a828
May  7 14:47:35 server kernel: [  501.250528] FS:  00007f5b77fff700(0000) GS:ffff88021fc40000(0000) knlGS:00000000adaffb40
May  7 14:47:35 server kernel: [  501.250631] CS:  0010 DS: 0000 ES: 0000 CR0: 000000008005003b
May  7 14:47:35 server kernel: [  501.250704] CR2: 0000000000000004 CR3: 00000000ca19d000 CR4: 00000000000006e0
May  7 14:47:35 server kernel: [  501.250794] Stack:
May  7 14:47:35 server kernel: [  501.250822]  ffff8801e07a3df8 ffffffffa0222cfd ffff8801e07a3e70 ffffffffa0236beb
May  7 14:47:35 server kernel: [  501.250937]  0000000000000283 ffff8801e07a3e94 0000000000000000 0000000000000000
May  7 14:47:35 server kernel: [  501.251051]  ffff8800aebf3600 ffffffff8108d8e0 ffff8801e07a3e38 ffff8801e07a3e38
May  7 14:47:35 server kernel: [  501.251165] Call Trace:
May  7 14:47:35 server kernel: [  501.251200]  [<ffffffffa0222cfd>] ? __verify_planes_array_core+0xd/0x10 [videobuf2_v4l2]
May  7 14:47:35 server kernel: [  501.251306]  [<ffffffffa0236beb>] vb2_core_dqbuf+0x2eb/0x4c0 [videobuf2_core]
May  7 14:47:35 server kernel: [  501.251398]  [<ffffffff8108d8e0>] ? prepare_to_wait_event+0x100/0x100
May  7 14:47:35 server kernel: [  501.251482]  [<ffffffffa023855b>] vb2_thread+0x1cb/0x220 [videobuf2_core]
May  7 14:47:35 server kernel: [  501.251569]  [<ffffffffa0238390>] ? vb2_core_qbuf+0x230/0x230 [videobuf2_core]
May  7 14:47:35 server kernel: [  501.251662]  [<ffffffffa0238390>] ? vb2_core_qbuf+0x230/0x230 [videobuf2_core]
May  7 14:47:35 server kernel: [  501.255982]  [<ffffffff8106f984>] kthread+0xc4/0xe0
May  7 14:47:35 server kernel: [  501.260292]  [<ffffffff8106f8c0>] ? kthread_park+0x50/0x50
May  7 14:47:35 server kernel: [  501.264615]  [<ffffffff81697a5f>] ret_from_fork+0x3f/0x70
May  7 14:47:35 server kernel: [  501.268962]  [<ffffffff8106f8c0>] ? kthread_park+0x50/0x50
May  7 14:47:35 server kernel: [  501.273216] Code: 0d 01 74 16 48 8b 46 28 48 8b 56 30 48 89 87 d0 01 00 00 48 89 97 d8 01 00 00 5d c3 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 55 <8b> 46 04 48 89 e5 8d 50 f7 31 c0 83 fa 01 76 02 5d c3 48 83 7e
May  7 14:47:35 server kernel: [  501.282146] RIP  [<ffffffffa0222c71>] __verify_planes_array.isra.3+0x1/0x80 [videobuf2_v4l2]
May  7 14:47:35 server kernel: [  501.286391]  RSP <ffff8801e07a3de8>
May  7 14:47:35 server kernel: [  501.290619] CR2: 0000000000000004
May  7 14:47:35 server kernel: [  501.294786] ---[ end trace b2b354153ccad110 ]---

This reverts commit 2c1f6951a8.

Cc: Sakari Ailus <sakari.ailus@linux.intel.com>
Cc: Hans Verkuil <hans.verkuil@cisco.com>
Cc: stable@vger.kernel.org
Fixes: 2c1f6951a8 ("[media] videobuf2-v4l2: Verify planes array in buffer dequeueing")
Signed-off-by: Mauro Carvalho Chehab <mchehab@osg.samsung.com>
2016-05-11 17:38:47 -03:00
..
Kconfig [media] v4l: remove MEDIA_TUNER dependency for VIDEO_TUNER 2016-02-01 13:16:33 -02:00
Makefile [media] v4l2-mc: add a generic function to create the media graph 2016-02-10 07:23:40 -02:00
tuner-core.c [media] v4l2-mc.h Add pads for audio and video IF-PLL decoders 2016-02-01 07:23:58 -02:00
v4l2-async.c [media] v4l2-async: Don't fail if registered_async isn't implemented 2016-02-19 08:10:31 -02:00
v4l2-clk.c [media] v4l2-clk: v4l2_clk_get() also need to find the of_fullname clock 2015-11-17 15:19:52 -02:00
v4l2-common.c [media] v4l2-common: move v4l2_ctrl_check to cx2341x 2014-11-25 08:25:36 -02:00
v4l2-compat-ioctl32.c [media] media: v4l2-compat-ioctl32: fix missing length copy in put_v4l2_buffer32 2016-02-01 08:15:21 -02:00
v4l2-ctrls.c [media] v4l: add V4L2_CID_MPEG_VIDEO_FORCE_KEY_FRAME 2016-02-19 08:10:35 -02:00
v4l2-dev.c [media] media_entity: remove gfp_flags argument 2016-01-11 12:19:02 -02:00
v4l2-device.c [media] v4l2-device: fix a missing error code 2016-01-11 12:19:16 -02:00
v4l2-dv-timings.c [media] v4l2-dv-timings: skip standards check for V4L2_DV_BT_CAP_CUSTOM 2016-02-01 08:01:42 -02:00
v4l2-event.c [media] v4l2-event: v4l2_event_queue: do nothing if vdev == NULL 2015-07-17 09:15:27 -03:00
v4l2-fh.c [media] media: Change v4l-core to check if source is free 2016-02-27 08:46:55 -03:00
v4l2-flash-led-class.c media updates for v4.5-rc1 2016-01-13 11:46:37 -08:00
v4l2-ioctl.c [media] v4l2-ioctl: fix YUV422P pixel format description 2016-03-05 08:21:32 -03:00
v4l2-mc.c [media] v4l2-mc: cleanup a warning 2016-03-31 14:50:38 -03:00
v4l2-mem2mem.c [media] media: videobuf2: Restructure vb2_buffer 2015-10-01 09:04:43 -03:00
v4l2-of.c [media] v4l: of: Correct v4l2_of_parse_endpoint() kernel-doc 2016-02-01 10:01:22 -02:00
v4l2-subdev.c [media] uapi/media.h: Rename entities types to functions 2016-01-11 12:19:01 -02:00
v4l2-trace.c [media] media: videobuf2: Prepare to divide videobuf2 2015-10-20 15:12:45 -02:00
vb2-trace.c [media] media: videobuf2: Prepare to divide videobuf2 2015-10-20 15:12:45 -02:00
videobuf2-core.c [media] media: vb2: Fix regression on poll() for RW mode 2016-04-25 10:21:23 -03:00
videobuf2-dma-contig.c ARM: 8508/2: videobuf2-dc: Let drivers specify DMA attrs 2016-02-11 15:33:38 +00:00
videobuf2-dma-sg.c [media] media: vb2 dma-sg: Fully cache synchronise buffers in prepare and finish 2015-10-20 14:36:24 -02:00
videobuf2-dvb.c [media] add media controller support to videobuf2-dvb 2016-02-10 07:23:41 -02:00
videobuf2-memops.c [media] vb2-memops: Fix over allocation of frame vectors 2016-04-25 10:22:55 -03:00
videobuf2-v4l2.c Revert "[media] videobuf2-v4l2: Verify planes array in buffer dequeueing" 2016-05-11 17:38:47 -03:00
videobuf2-vmalloc.c [media] media: videobuf2: Replace videobuf2-core with videobuf2-v4l2 2015-10-01 08:48:18 -03:00
videobuf-core.c [media] V4L: fix a confusing function name 2016-03-03 07:30:43 -03:00
videobuf-dma-contig.c [media] videobuf-dma-contig: set vm_pgoff to be zero to pass the sanity check in vm_iomap_memory() 2014-10-24 09:32:41 -02:00
videobuf-dma-sg.c mm/gup: Switch all callers of get_user_pages() to not pass tsk/mm 2016-02-16 10:11:12 +01:00
videobuf-dvb.c
videobuf-vmalloc.c [media] Revert "[media] videobuf_vm_{open,close} race fixes" 2014-02-04 06:29:46 -02:00