[media] saa7164: add guard bytes around critical buffers to detect fa…

…ilure If the guard bytes are trampled then we have a memory related problem. Signed-off-by: Steven Toth <stoth@kernellabs.com> Signed-off-by: Mauro Carvalho Chehab <mchehab@redhat.com>
git-mirror · Oct 21, 2010 · 46eeb8d · 46eeb8d
1 parent 58acca1
commit 46eeb8d
Show file tree

Hide file tree

Showing 2 changed files with 37 additions and 6 deletions.
diff --git a/drivers/media/video/saa7164/saa7164-core.c b/drivers/media/video/saa7164/saa7164-core.c
@@ -216,6 +216,7 @@ static void saa7164_work_enchandler(struct work_struct *w)
 	struct saa7164_user_buffer *ubuf;
 	struct list_head *c, *n;
 	int wp, rp, i = 0;
+	u8 *p;
 
 	port->last_svc_msecs_diff = port->last_svc_msecs;
 	port->last_svc_msecs = jiffies_to_msecs(jiffies);
@@ -262,6 +263,20 @@ static void saa7164_work_enchandler(struct work_struct *w)
 			break;
 		}
 
+		p = (u8 *)buf->cpu;
+		if (	(*(p + buf->actual_size + 0) != 0xff) ||
+			(*(p + buf->actual_size + 1) != 0xff) ||
+			(*(p + buf->actual_size + 2) != 0xff) ||
+			(*(p + buf->actual_size + 3) != 0xff) ||
+			(*(p + buf->actual_size + 0x10) != 0xff) ||
+			(*(p + buf->actual_size + 0x11) != 0xff) ||
+			(*(p + buf->actual_size + 0x12) != 0xff) ||
+			(*(p + buf->actual_size + 0x13) != 0xff) )
+		{
+			printk(KERN_ERR "buf %p failed guard check\n", buf);
+			saa7164_dumphex16(dev, p + buf->actual_size - 32, 64);
+		}
+
 		if (buf->idx == rp) {
 			/* Found the buffer, deal with it */
 			dprintk(DBGLVL_IRQ, "%s() wp: %d processing: %d\n",
@@ -278,9 +293,12 @@ static void saa7164_work_enchandler(struct work_struct *w)
 				ubuf = list_first_entry(&port->list_buf_free.list,
 					struct saa7164_user_buffer, list);
 
-				if (ubuf->actual_size == buf->actual_size)
+				if (ubuf->actual_size == buf->actual_size) {
 					memcpy(ubuf->data, buf->cpu,
 						ubuf->actual_size);
+				} else {
+					printk(KERN_ERR "buf %p actual fails match\n", buf);
+				}
 
 				/* Requeue the buffer on the free list */
 				ubuf->pos = 0;
@@ -297,7 +315,7 @@ static void saa7164_work_enchandler(struct work_struct *w)
 			/* Ensure offset into buffer remains 0, fill buffer
 			 * with known bad data. */
 			saa7164_buffer_zero_offsets(port, rp);
-			memset(buf->cpu, 0xDE, buf->pci_size);
+			memset(buf->cpu, 0xff, buf->pci_size);
 
 			break;
 		}

diff --git a/drivers/media/video/saa7164/saa7164-encoder.c b/drivers/media/video/saa7164/saa7164-encoder.c
@@ -1038,14 +1038,18 @@ static ssize_t fops_read(struct file *file, char __user *buffer,
 	saa7164_histogram_update(&port->read_interval,
 		port->last_read_msecs_diff);
 
-	if (*pos)
+	if (*pos) {
+		printk(KERN_ERR "%s() ESPIPE\n", __func__);
 		return -ESPIPE;
+	}
 
 	if (atomic_cmpxchg(&fh->v4l_reading, 0, 1) == 0) {
 		if (atomic_inc_return(&port->v4l_reader_count) == 1) {
 
-			if (saa7164_encoder_initialize(port) < 0)
+			if (saa7164_encoder_initialize(port) < 0) {
+				printk(KERN_ERR "%s() EINVAL\n", __func__);
 				return -EINVAL;
+			}
 
 			saa7164_encoder_start_streaming(port);
 			msleep(200);
@@ -1056,6 +1060,7 @@ static ssize_t fops_read(struct file *file, char __user *buffer,
 	if ((file->f_flags & O_NONBLOCK) == 0) {
 		if (wait_event_interruptible(port->wait_read,
 			saa7164_enc_next_buf(port))) {
+				printk(KERN_ERR "%s() ERESTARTSYS\n", __func__);
 				return -ERESTARTSYS;
 		}
 	}
@@ -1077,8 +1082,10 @@ static ssize_t fops_read(struct file *file, char __user *buffer,
 
 		if (copy_to_user(buffer, p, cnt)) {
 			printk(KERN_ERR "%s() copy_to_user failed\n", __func__);
-			if (!ret)
+			if (!ret) {
+				printk(KERN_ERR "%s() EFAULT\n", __func__);
 				ret = -EFAULT;
+			}
 			goto err;
 		}
 
@@ -1087,6 +1094,10 @@ static ssize_t fops_read(struct file *file, char __user *buffer,
 		buffer += cnt;
 		ret += cnt;
 
+		if (ubuf->pos > ubuf->actual_size) {
+			printk(KERN_ERR "read() pos > actual, huh?\n");
+		}
+
 		if (ubuf->pos == ubuf->actual_size) {
 
 			/* finished with current buffer, take next buffer */
@@ -1109,8 +1120,10 @@ static ssize_t fops_read(struct file *file, char __user *buffer,
 		}
 	}
 err:
-	if (!ret && !ubuf)
+	if (!ret && !ubuf) {
+		printk(KERN_ERR "%s() EAGAIN\n", __func__);
 		ret = -EAGAIN;
+	}
 
 	return ret;
 }