Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3546504imu; Mon, 7 Jan 2019 05:26:00 -0800 (PST) X-Google-Smtp-Source: AFSGD/VF2KjE2ipfSN35AhhjGYL6TfWDtBWC0uXWhdGKUwp/47/LSkGE+vDSaxGQZqU4YRIjFalt X-Received: by 2002:aa7:85d7:: with SMTP id z23mr65359043pfn.205.1546867560138; Mon, 07 Jan 2019 05:26:00 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1546867560; cv=none; d=google.com; s=arc-20160816; b=wEHOeV/6rybjCZlHSYNnyuO1Ai/vHDbEIMRMLfRb5lKPPw2xXoZML35T4kphC5U1Cc x2tbF4ZvEOC0eqqj7Hoy9IMugTPomGbmy6P2Z8LhEles8LYB29rnuiC8SzXuSfhhAmHW CiZlct6heTYKzgAsKQzXuMJlUUq40paLyrCn1FXI5/BeOwfpiQbNj6OO+jjhoi+Xioxy vUE4HafvVtl7UXQyPRf4ptGeb0hnsxicCqOexq//aliFmKgwnIIQxfM7XdkTfW+kX/qC XyW7OGbFC2+UrDBFx2Ccnnkj9JdFzI1cq4xcNttkP6GFuNzUX7bWLUiTc+ai28kE/9QW 5qRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=t7g4v02LZ80RfnCWgKJjUvJv0Hb1YMLfLTMXusSA2Mc=; b=jAk3RotB3vvyjkLsLH0MlQZe51rYBzCP4FZq0Rn6fuOq8llprjn6Cg/2VOlvzP2Q3L C7aDoZvUpzvVXoTI/z3m2tBJswgYSoAxI6Uwe1phzf5APTVkDwx2fUtoPW0KdjqFrFg8 5J6iYoxU6zBrU7C+VznT4luU3FZwQTYWNeCZzAgUe5PnJvEwf3WmjO7HE7aaMM8vTCRF ESMzLKM8WXOvsF1Mtr+FAJwbsp1oUcG7WWHwgHY3fO4hib0tcGbK5Mm3C3kZStOzKRJ+ 8pDN2N5MP/DdDaoTDtiHUaXD2y2v0py+Wyf1NXf1NpGxVb63hv4wiyIRmXoPIZUdDzS4 p/jw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=J4ytV8yT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d17si2466882pfm.40.2019.01.07.05.25.45; Mon, 07 Jan 2019 05:26:00 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=J4ytV8yT; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728415AbfAGMnc (ORCPT + 99 others); Mon, 7 Jan 2019 07:43:32 -0500 Received: from mail.kernel.org ([198.145.29.99]:59426 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728401AbfAGMn1 (ORCPT ); Mon, 7 Jan 2019 07:43:27 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 4658A20665; Mon, 7 Jan 2019 12:43:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1546865006; bh=TOj3A5iJ9UTzMZFw1qxQRwfaeNTnsEblF+2/fHeeP3E=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=J4ytV8yT21uZX7mVt8RPjwDwvwB5lNUO680J3evGJwqi+DcRfUcgKHiBpnqemOGwI qCFF2yKQBwfbQkGrLMbxs8T2qPjoD8HQv2+gtYdvWU2vvLoCwzQaZU5N/jEYBd4WO3 9STph0jUC/X8ZX6wjrs7YyGg1DLDDn4MowfxC9Dw= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Hans Verkuil , syzbot+e1fb118a2ebb88031d21@syzkaller.appspotmail.com, Mauro Carvalho Chehab Subject: [PATCH 4.20 116/145] media: vb2: check memory model for VIDIOC_CREATE_BUFS Date: Mon, 7 Jan 2019 13:32:33 +0100 Message-Id: <20190107104452.415812648@linuxfoundation.org> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190107104437.308206189@linuxfoundation.org> References: <20190107104437.308206189@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.20-stable review patch. If anyone has any objections, please let me know. ------------------ From: Hans Verkuil commit 62dcb4f41836bd3c44b5b651bb6df07ea4cb1551 upstream. vb2_core_create_bufs did not check if the memory model for newly added buffers is the same as for already existing buffers. It should return an error if they aren't the same. Signed-off-by: Hans Verkuil Reported-by: syzbot+e1fb118a2ebb88031d21@syzkaller.appspotmail.com Cc: # for v4.16 and up Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Greg Kroah-Hartman --- drivers/media/common/videobuf2/videobuf2-core.c | 3 +++ 1 file changed, 3 insertions(+) --- a/drivers/media/common/videobuf2/videobuf2-core.c +++ b/drivers/media/common/videobuf2/videobuf2-core.c @@ -812,6 +812,9 @@ int vb2_core_create_bufs(struct vb2_queu memset(q->alloc_devs, 0, sizeof(q->alloc_devs)); q->memory = memory; q->waiting_for_buffers = !q->is_output; + } else if (q->memory != memory) { + dprintk(1, "memory model mismatch\n"); + return -EINVAL; } num_buffers = min(*count, VB2_MAX_FRAME - q->num_buffers);