* [PATCH] uvcvideo: Also validate buffers in BULK mode @ 2018-06-05 0:24 Nicolas Dufresne 2018-06-05 8:52 ` Laurent Pinchart 0 siblings, 1 reply; 7+ messages in thread From: Nicolas Dufresne @ 2018-06-05 0:24 UTC (permalink / raw) Cc: Laurent Pinchart, Mauro Carvalho Chehab, linux-media, linux-kernel Just like for ISOC, validate the decoded BULK buffer size when possible. This avoids sending corrupted or partial buffers to userspace, which may lead to application crash or run-time failure. Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com> --- drivers/media/usb/uvc/uvc_video.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c index aa0082fe5833..46df4d01e31b 100644 --- a/drivers/media/usb/uvc/uvc_video.c +++ b/drivers/media/usb/uvc/uvc_video.c @@ -1307,8 +1307,10 @@ static void uvc_video_decode_bulk(struct urb *urb, struct uvc_streaming *stream, if (stream->bulk.header_size == 0 && !stream->bulk.skip_payload) { do { ret = uvc_video_decode_start(stream, buf, mem, len); - if (ret == -EAGAIN) + if (ret == -EAGAIN) { + uvc_video_validate_buffer(stream, buf); uvc_video_next_buffers(stream, &buf, &meta_buf); + } } while (ret == -EAGAIN); /* If an error occurred skip the rest of the payload. */ @@ -1342,8 +1344,10 @@ static void uvc_video_decode_bulk(struct urb *urb, struct uvc_streaming *stream, if (!stream->bulk.skip_payload && buf != NULL) { uvc_video_decode_end(stream, buf, stream->bulk.header, stream->bulk.payload_size); - if (buf->state == UVC_BUF_STATE_READY) + if (buf->state == UVC_BUF_STATE_READY) { + uvc_video_validate_buffer(stream, buf); uvc_video_next_buffers(stream, &buf, &meta_buf); + } } stream->bulk.header_size = 0; -- 2.17.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] uvcvideo: Also validate buffers in BULK mode 2018-06-05 0:24 [PATCH] uvcvideo: Also validate buffers in BULK mode Nicolas Dufresne @ 2018-06-05 8:52 ` Laurent Pinchart 2018-06-05 14:07 ` Nicolas Dufresne 2018-06-05 23:46 ` [PATCH v2] " Nicolas Dufresne 0 siblings, 2 replies; 7+ messages in thread From: Laurent Pinchart @ 2018-06-05 8:52 UTC (permalink / raw) To: Nicolas Dufresne; +Cc: Mauro Carvalho Chehab, linux-media, linux-kernel Hi Nicolas, Thank you for the patch. On Tuesday, 5 June 2018 03:24:15 EEST Nicolas Dufresne wrote: > Just like for ISOC, validate the decoded BULK buffer size when possible. > This avoids sending corrupted or partial buffers to userspace, which may > lead to application crash or run-time failure. > > Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com> > --- > drivers/media/usb/uvc/uvc_video.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/drivers/media/usb/uvc/uvc_video.c > b/drivers/media/usb/uvc/uvc_video.c index aa0082fe5833..46df4d01e31b 100644 > --- a/drivers/media/usb/uvc/uvc_video.c > +++ b/drivers/media/usb/uvc/uvc_video.c > @@ -1307,8 +1307,10 @@ static void uvc_video_decode_bulk(struct urb *urb, > struct uvc_streaming *stream, if (stream->bulk.header_size == 0 && > !stream->bulk.skip_payload) { do { > ret = uvc_video_decode_start(stream, buf, mem, len); > - if (ret == -EAGAIN) > + if (ret == -EAGAIN) { > + uvc_video_validate_buffer(stream, buf); > uvc_video_next_buffers(stream, &buf, &meta_buf); Wouldn't it be simpler to move the uvc_video_validate_buffer() call to uvc_video_next_buffers() ? > + } > } while (ret == -EAGAIN); > > /* If an error occurred skip the rest of the payload. */ > @@ -1342,8 +1344,10 @@ static void uvc_video_decode_bulk(struct urb *urb, > struct uvc_streaming *stream, if (!stream->bulk.skip_payload && buf != > NULL) { > uvc_video_decode_end(stream, buf, stream->bulk.header, > stream->bulk.payload_size); > - if (buf->state == UVC_BUF_STATE_READY) > + if (buf->state == UVC_BUF_STATE_READY) { > + uvc_video_validate_buffer(stream, buf); > uvc_video_next_buffers(stream, &buf, &meta_buf); > + } > } > > stream->bulk.header_size = 0; -- Regards, Laurent Pinchart ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] uvcvideo: Also validate buffers in BULK mode 2018-06-05 8:52 ` Laurent Pinchart @ 2018-06-05 14:07 ` Nicolas Dufresne 2018-06-05 23:46 ` [PATCH v2] " Nicolas Dufresne 1 sibling, 0 replies; 7+ messages in thread From: Nicolas Dufresne @ 2018-06-05 14:07 UTC (permalink / raw) To: Laurent Pinchart; +Cc: Mauro Carvalho Chehab, linux-media, linux-kernel [-- Attachment #1: Type: text/plain, Size: 2105 bytes --] Le mardi 05 juin 2018 à 11:52 +0300, Laurent Pinchart a écrit : > Hi Nicolas, > > Thank you for the patch. > > On Tuesday, 5 June 2018 03:24:15 EEST Nicolas Dufresne wrote: > > Just like for ISOC, validate the decoded BULK buffer size when possible. > > This avoids sending corrupted or partial buffers to userspace, which may > > lead to application crash or run-time failure. > > > > Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com> > > --- > > drivers/media/usb/uvc/uvc_video.c | 8 ++++++-- > > 1 file changed, 6 insertions(+), 2 deletions(-) > > > > diff --git a/drivers/media/usb/uvc/uvc_video.c > > b/drivers/media/usb/uvc/uvc_video.c index aa0082fe5833..46df4d01e31b 100644 > > --- a/drivers/media/usb/uvc/uvc_video.c > > +++ b/drivers/media/usb/uvc/uvc_video.c > > @@ -1307,8 +1307,10 @@ static void uvc_video_decode_bulk(struct urb *urb, > > struct uvc_streaming *stream, if (stream->bulk.header_size == 0 && > > !stream->bulk.skip_payload) { do { > > ret = uvc_video_decode_start(stream, buf, mem, len); > > - if (ret == -EAGAIN) > > + if (ret == -EAGAIN) { > > + uvc_video_validate_buffer(stream, buf); > > uvc_video_next_buffers(stream, &buf, &meta_buf); > > Wouldn't it be simpler to move the uvc_video_validate_buffer() call to > uvc_video_next_buffers() ? Sounds like a good idea, it will prevent forgetting about it if this code get extended. > > > + } > > } while (ret == -EAGAIN); > > > > /* If an error occurred skip the rest of the payload. */ > > @@ -1342,8 +1344,10 @@ static void uvc_video_decode_bulk(struct urb *urb, > > struct uvc_streaming *stream, if (!stream->bulk.skip_payload && buf != > > NULL) { > > uvc_video_decode_end(stream, buf, stream->bulk.header, > > stream->bulk.payload_size); > > - if (buf->state == UVC_BUF_STATE_READY) > > + if (buf->state == UVC_BUF_STATE_READY) { > > + uvc_video_validate_buffer(stream, buf); > > uvc_video_next_buffers(stream, &buf, &meta_buf); > > + } > > } > > > > stream->bulk.header_size = 0; > > [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 195 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH v2] uvcvideo: Also validate buffers in BULK mode 2018-06-05 8:52 ` Laurent Pinchart 2018-06-05 14:07 ` Nicolas Dufresne @ 2018-06-05 23:46 ` Nicolas Dufresne 2019-12-10 2:27 ` Nicolas Dufresne 1 sibling, 1 reply; 7+ messages in thread From: Nicolas Dufresne @ 2018-06-05 23:46 UTC (permalink / raw) Cc: Laurent Pinchart, Mauro Carvalho Chehab, linux-media, linux-kernel Just like for ISOC, validate the decoded BULK buffer size when possible. This avoids sending corrupted or partial buffers to userspace, which may lead to application crash or run-time failure. Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com> --- drivers/media/usb/uvc/uvc_video.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c index aa0082fe5833..025ffac196f3 100644 --- a/drivers/media/usb/uvc/uvc_video.c +++ b/drivers/media/usb/uvc/uvc_video.c @@ -1234,6 +1234,7 @@ static void uvc_video_next_buffers(struct uvc_streaming *stream, *meta_buf = uvc_queue_next_buffer(&stream->meta.queue, *meta_buf); } + uvc_video_validate_buffer(stream, *video_buf); *video_buf = uvc_queue_next_buffer(&stream->queue, *video_buf); } @@ -1258,10 +1259,8 @@ static void uvc_video_decode_isoc(struct urb *urb, struct uvc_streaming *stream, do { ret = uvc_video_decode_start(stream, buf, mem, urb->iso_frame_desc[i].actual_length); - if (ret == -EAGAIN) { - uvc_video_validate_buffer(stream, buf); + if (ret == -EAGAIN) uvc_video_next_buffers(stream, &buf, &meta_buf); - } } while (ret == -EAGAIN); if (ret < 0) @@ -1277,10 +1276,8 @@ static void uvc_video_decode_isoc(struct urb *urb, struct uvc_streaming *stream, uvc_video_decode_end(stream, buf, mem, urb->iso_frame_desc[i].actual_length); - if (buf->state == UVC_BUF_STATE_READY) { - uvc_video_validate_buffer(stream, buf); + if (buf->state == UVC_BUF_STATE_READY) uvc_video_next_buffers(stream, &buf, &meta_buf); - } } } -- 2.17.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH v2] uvcvideo: Also validate buffers in BULK mode 2018-06-05 23:46 ` [PATCH v2] " Nicolas Dufresne @ 2019-12-10 2:27 ` Nicolas Dufresne 2019-12-10 2:30 ` Nicolas Dufresne 0 siblings, 1 reply; 7+ messages in thread From: Nicolas Dufresne @ 2019-12-10 2:27 UTC (permalink / raw) To: Nicolas Dufresne Cc: Laurent Pinchart, Mauro Carvalho Chehab, linux-media, linux-kernel [-- Attachment #1: Type: text/plain, Size: 1915 bytes --] Le mardi 05 juin 2018 à 19:46 -0400, Nicolas Dufresne a écrit : > Just like for ISOC, validate the decoded BULK buffer size when possible. > This avoids sending corrupted or partial buffers to userspace, which may > lead to application crash or run-time failure. > > Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com> Ping. That was a year and a half ago and still applies. > --- > drivers/media/usb/uvc/uvc_video.c | 9 +++------ > 1 file changed, 3 insertions(+), 6 deletions(-) > > diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c > index aa0082fe5833..025ffac196f3 100644 > --- a/drivers/media/usb/uvc/uvc_video.c > +++ b/drivers/media/usb/uvc/uvc_video.c > @@ -1234,6 +1234,7 @@ static void uvc_video_next_buffers(struct uvc_streaming *stream, > *meta_buf = uvc_queue_next_buffer(&stream->meta.queue, > *meta_buf); > } > + uvc_video_validate_buffer(stream, *video_buf); > *video_buf = uvc_queue_next_buffer(&stream->queue, *video_buf); > } > > @@ -1258,10 +1259,8 @@ static void uvc_video_decode_isoc(struct urb *urb, struct uvc_streaming *stream, > do { > ret = uvc_video_decode_start(stream, buf, mem, > urb->iso_frame_desc[i].actual_length); > - if (ret == -EAGAIN) { > - uvc_video_validate_buffer(stream, buf); > + if (ret == -EAGAIN) > uvc_video_next_buffers(stream, &buf, &meta_buf); > - } > } while (ret == -EAGAIN); > > if (ret < 0) > @@ -1277,10 +1276,8 @@ static void uvc_video_decode_isoc(struct urb *urb, struct uvc_streaming *stream, > uvc_video_decode_end(stream, buf, mem, > urb->iso_frame_desc[i].actual_length); > > - if (buf->state == UVC_BUF_STATE_READY) { > - uvc_video_validate_buffer(stream, buf); > + if (buf->state == UVC_BUF_STATE_READY) > uvc_video_next_buffers(stream, &buf, &meta_buf); > - } > } > } > [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 195 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2] uvcvideo: Also validate buffers in BULK mode 2019-12-10 2:27 ` Nicolas Dufresne @ 2019-12-10 2:30 ` Nicolas Dufresne 2019-12-13 0:12 ` Laurent Pinchart 0 siblings, 1 reply; 7+ messages in thread From: Nicolas Dufresne @ 2019-12-10 2:30 UTC (permalink / raw) To: Nicolas Dufresne Cc: Laurent Pinchart, Mauro Carvalho Chehab, linux-media, linux-kernel [-- Attachment #1: Type: text/plain, Size: 2222 bytes --] Le lundi 09 décembre 2019 à 21:27 -0500, Nicolas Dufresne a écrit : > Le mardi 05 juin 2018 à 19:46 -0400, Nicolas Dufresne a écrit : > > Just like for ISOC, validate the decoded BULK buffer size when possible. > > This avoids sending corrupted or partial buffers to userspace, which may > > lead to application crash or run-time failure. > > > > Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com> > > Ping. That was a year and a half ago and still applies. Please ignore, I was looking into the wrong branch by accident. Please, update patchwork, that might also help to avoid confusion. > > > --- > > drivers/media/usb/uvc/uvc_video.c | 9 +++------ > > 1 file changed, 3 insertions(+), 6 deletions(-) > > > > diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c > > index aa0082fe5833..025ffac196f3 100644 > > --- a/drivers/media/usb/uvc/uvc_video.c > > +++ b/drivers/media/usb/uvc/uvc_video.c > > @@ -1234,6 +1234,7 @@ static void uvc_video_next_buffers(struct uvc_streaming *stream, > > *meta_buf = uvc_queue_next_buffer(&stream->meta.queue, > > *meta_buf); > > } > > + uvc_video_validate_buffer(stream, *video_buf); > > *video_buf = uvc_queue_next_buffer(&stream->queue, *video_buf); > > } > > > > @@ -1258,10 +1259,8 @@ static void uvc_video_decode_isoc(struct urb *urb, struct uvc_streaming *stream, > > do { > > ret = uvc_video_decode_start(stream, buf, mem, > > urb->iso_frame_desc[i].actual_length); > > - if (ret == -EAGAIN) { > > - uvc_video_validate_buffer(stream, buf); > > + if (ret == -EAGAIN) > > uvc_video_next_buffers(stream, &buf, &meta_buf); > > - } > > } while (ret == -EAGAIN); > > > > if (ret < 0) > > @@ -1277,10 +1276,8 @@ static void uvc_video_decode_isoc(struct urb *urb, struct uvc_streaming *stream, > > uvc_video_decode_end(stream, buf, mem, > > urb->iso_frame_desc[i].actual_length); > > > > - if (buf->state == UVC_BUF_STATE_READY) { > > - uvc_video_validate_buffer(stream, buf); > > + if (buf->state == UVC_BUF_STATE_READY) > > uvc_video_next_buffers(stream, &buf, &meta_buf); > > - } > > } > > } > > [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 195 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH v2] uvcvideo: Also validate buffers in BULK mode 2019-12-10 2:30 ` Nicolas Dufresne @ 2019-12-13 0:12 ` Laurent Pinchart 0 siblings, 0 replies; 7+ messages in thread From: Laurent Pinchart @ 2019-12-13 0:12 UTC (permalink / raw) To: Nicolas Dufresne; +Cc: Mauro Carvalho Chehab, linux-media, linux-kernel Hi Nicolas, On Mon, Dec 09, 2019 at 09:30:44PM -0500, Nicolas Dufresne wrote: > Le lundi 09 décembre 2019 à 21:27 -0500, Nicolas Dufresne a écrit : > > Le mardi 05 juin 2018 à 19:46 -0400, Nicolas Dufresne a écrit : > > > Just like for ISOC, validate the decoded BULK buffer size when possible. > > > This avoids sending corrupted or partial buffers to userspace, which may > > > lead to application crash or run-time failure. > > > > > > Signed-off-by: Nicolas Dufresne <nicolas.dufresne@collabora.com> > > > > Ping. That was a year and a half ago and still applies. > > Please ignore, I was looking into the wrong branch by accident. Please, > update patchwork, that might also help to avoid confusion. Unless someone has changed the patch status in the last few days without telling me, it was already marked as accepted. > > > --- > > > drivers/media/usb/uvc/uvc_video.c | 9 +++------ > > > 1 file changed, 3 insertions(+), 6 deletions(-) > > > > > > diff --git a/drivers/media/usb/uvc/uvc_video.c b/drivers/media/usb/uvc/uvc_video.c > > > index aa0082fe5833..025ffac196f3 100644 > > > --- a/drivers/media/usb/uvc/uvc_video.c > > > +++ b/drivers/media/usb/uvc/uvc_video.c > > > @@ -1234,6 +1234,7 @@ static void uvc_video_next_buffers(struct uvc_streaming *stream, > > > *meta_buf = uvc_queue_next_buffer(&stream->meta.queue, > > > *meta_buf); > > > } > > > + uvc_video_validate_buffer(stream, *video_buf); > > > *video_buf = uvc_queue_next_buffer(&stream->queue, *video_buf); > > > } > > > > > > @@ -1258,10 +1259,8 @@ static void uvc_video_decode_isoc(struct urb *urb, struct uvc_streaming *stream, > > > do { > > > ret = uvc_video_decode_start(stream, buf, mem, > > > urb->iso_frame_desc[i].actual_length); > > > - if (ret == -EAGAIN) { > > > - uvc_video_validate_buffer(stream, buf); > > > + if (ret == -EAGAIN) > > > uvc_video_next_buffers(stream, &buf, &meta_buf); > > > - } > > > } while (ret == -EAGAIN); > > > > > > if (ret < 0) > > > @@ -1277,10 +1276,8 @@ static void uvc_video_decode_isoc(struct urb *urb, struct uvc_streaming *stream, > > > uvc_video_decode_end(stream, buf, mem, > > > urb->iso_frame_desc[i].actual_length); > > > > > > - if (buf->state == UVC_BUF_STATE_READY) { > > > - uvc_video_validate_buffer(stream, buf); > > > + if (buf->state == UVC_BUF_STATE_READY) > > > uvc_video_next_buffers(stream, &buf, &meta_buf); > > > - } > > > } > > > } > > > -- Regards, Laurent Pinchart ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-12-13 0:12 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2018-06-05 0:24 [PATCH] uvcvideo: Also validate buffers in BULK mode Nicolas Dufresne 2018-06-05 8:52 ` Laurent Pinchart 2018-06-05 14:07 ` Nicolas Dufresne 2018-06-05 23:46 ` [PATCH v2] " Nicolas Dufresne 2019-12-10 2:27 ` Nicolas Dufresne 2019-12-10 2:30 ` Nicolas Dufresne 2019-12-13 0:12 ` Laurent Pinchart
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).