{"id":13795,"url":"https://patchwork.libcamera.org/api/patches/13795/?format=json","web_url":"https://patchwork.libcamera.org/patch/13795/","project":{"id":1,"url":"https://patchwork.libcamera.org/api/projects/1/?format=json","name":"libcamera","link_name":"libcamera","list_id":"libcamera_core","list_email":"libcamera-devel@lists.libcamera.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20210909150803.4014957-1-kieran.bingham@ideasonboard.com>","date":"2021-09-09T15:08:03","name":"[libcamera-devel] libcamera: v4l2_videodevice: Handle unexpected buffers","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"92f2aa54d186f3dcf083c75f1e812d2d1d6537de","submitter":{"id":4,"url":"https://patchwork.libcamera.org/api/people/4/?format=json","name":"Kieran Bingham","email":"kieran.bingham@ideasonboard.com"},"delegate":null,"mbox":"https://patchwork.libcamera.org/patch/13795/mbox/","series":[{"id":2510,"url":"https://patchwork.libcamera.org/api/series/2510/?format=json","web_url":"https://patchwork.libcamera.org/project/libcamera/list/?series=2510","date":"2021-09-09T15:08:03","name":"[libcamera-devel] libcamera: v4l2_videodevice: Handle unexpected buffers","version":1,"mbox":"https://patchwork.libcamera.org/series/2510/mbox/"}],"comments":"https://patchwork.libcamera.org/api/patches/13795/comments/","check":"pending","checks":"https://patchwork.libcamera.org/api/patches/13795/checks/","tags":{},"headers":{"Return-Path":"","X-Original-To":"parsemail@patchwork.libcamera.org","Delivered-To":"parsemail@patchwork.libcamera.org","Received":["from lancelot.ideasonboard.com (lancelot.ideasonboard.com\n\t[92.243.16.209])\n\tby patchwork.libcamera.org (Postfix) with ESMTPS id 5B87BBDB1D\n\tfor ;\n\tThu, 9 Sep 2021 15:08:08 +0000 (UTC)","from lancelot.ideasonboard.com (localhost [IPv6:::1])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTP id 28BE669174;\n\tThu, 9 Sep 2021 17:08:08 +0200 (CEST)","from perceval.ideasonboard.com (perceval.ideasonboard.com\n\t[213.167.242.64])\n\tby lancelot.ideasonboard.com (Postfix) with ESMTPS id 4CE906916D\n\tfor ;\n\tThu, 9 Sep 2021 17:08:07 +0200 (CEST)","from Monstersaurus.local\n\t(cpc89244-aztw30-2-0-cust3082.18-1.cable.virginm.net [86.31.172.11])\n\tby perceval.ideasonboard.com (Postfix) with ESMTPSA id 097CFD88;\n\tThu, 9 Sep 2021 17:08:06 +0200 (CEST)"],"Authentication-Results":"lancelot.ideasonboard.com;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n\tunprotected) header.d=ideasonboard.com header.i=@ideasonboard.com\n\theader.b=\"LYlKbnGs\"; dkim-atps=neutral","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;\n\ts=mail; t=1631200087;\n\tbh=jAldA6Tsxi1Gtf5uS+NEcc6vjKb6l8TxMU/S/neNlac=;\n\th=From:To:Cc:Subject:Date:From;\n\tb=LYlKbnGsAcDrUpzq1jTWz/qTvLpbDvFSG4RAwxF4vCLaNHP7/gtMsIM7hw6D4Cyeg\n\tj5V068CjocVNPMpKX9ker3IfEX7blvVNUMTH3ky+zIsE1LtGwMuT+F2dZpCUfdbGDE\n\tV7Oy02hwBRyqNCu5mcm/263vSQVxOz7Br34dBdR0=","From":"Kieran Bingham ","To":"libcamera devel ","Date":"Thu, 9 Sep 2021 16:08:03 +0100","Message-Id":"<20210909150803.4014957-1-kieran.bingham@ideasonboard.com>","X-Mailer":"git-send-email 2.30.2","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","Subject":"[libcamera-devel] [PATCH] libcamera: v4l2_videodevice: Handle\n\tunexpected buffers","X-BeenThere":"libcamera-devel@lists.libcamera.org","X-Mailman-Version":"2.1.29","Precedence":"list","List-Id":"","List-Unsubscribe":",\n\t","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n\t","Errors-To":"libcamera-devel-bounces@lists.libcamera.org","Sender":"\"libcamera-devel\" "},"content":"A kernel bug can lead to unexpected buffers being dequeued where we\nhaven't entered the buffer in our queuedBuffers_ list.\n\nThis causes invalid accesses if not handled correctly within libcamera,\nand while it is a kernel issue, we can protect against unpatched\nkernels to provide a more suitable error message.\n\nThis is fixed in the kernel by c592b46907ad (\"media: videobuf2-core:\ndequeue if start_streaming fails\") [0]\n\n[0] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c592b46907ad\n\nHandle unexpected buffers by returning a nullptr, and move cache\nmanagement after the validation of the buffer.\n\nSigned-off-by: Kieran Bingham \n---\n src/libcamera/v4l2_videodevice.cpp | 21 ++++++++++++++++++++-\n 1 file changed, 20 insertions(+), 1 deletion(-)","diff":"diff --git a/src/libcamera/v4l2_videodevice.cpp b/src/libcamera/v4l2_videodevice.cpp\nindex 837a59d9bae2..7bb28aea357a 100644\n--- a/src/libcamera/v4l2_videodevice.cpp\n+++ b/src/libcamera/v4l2_videodevice.cpp\n@@ -1654,9 +1654,28 @@ FrameBuffer *V4L2VideoDevice::dequeueBuffer()\n \n \tLOG(V4L2, Debug) << \"Dequeuing buffer \" << buf.index;\n \n+\tauto it = queuedBuffers_.find(buf.index);\n+\t/*\n+\t * If the video node fails to stream-on successfully (which can occur\n+\t * when queuing a buffer), a vb2 kernel bug can lead to the buffer which\n+\t * returns a failure upon queuing, being mistakenly kept in the kernel.\n+\t * This leads to the kernel notifying us that a buffer is available to\n+\t * dequeue, which we have no awareness of being queued, and thus we will\n+\t * not find it in the queuedBuffers_ list.\n+\t *\n+\t * Whilst this is a kernel bug and should be fixed there, ensure that we\n+\t * safely ignore buffers which are unexpected to prevent crashes on\n+\t * unpatched kernels.\n+\t */\n+\tif (it == queuedBuffers_.end()) {\n+\t\tLOG(V4L2, Error)\n+\t\t\t<< \"Dequeued an unexpected buffer: \" << buf.index;\n+\n+\t\treturn nullptr;\n+\t}\n+\n \tcache_->put(buf.index);\n \n-\tauto it = queuedBuffers_.find(buf.index);\n \tFrameBuffer *buffer = it->second;\n \tqueuedBuffers_.erase(it);\n \n","prefixes":["libcamera-devel"]}