From 17240772255352079958d81939f5dffd4aae4224 Mon Sep 17 00:00:00 2001
From: Kieran Bingham <kieran.bingham@ideasonboard.com>
Date: Thu, 17 Mar 2022 11:52:29 +0000
Subject: libcamera: camera: Ensure requests belong to the camera

Requests are created by a Camera, and can only be queued to that
specific Camera. Enforce this during the public API to prevent mis-use
by incorrect applications.

Reviewed-by: Umang Jain <umang.jain@ideasonboard.com>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
---
 src/libcamera/camera.cpp | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/libcamera/camera.cpp b/src/libcamera/camera.cpp
index bb856d60..713543fd 100644
--- a/src/libcamera/camera.cpp
+++ b/src/libcamera/camera.cpp
@@ -23,6 +23,7 @@
 #include "libcamera/internal/camera_controls.h"
 #include "libcamera/internal/formats.h"
 #include "libcamera/internal/pipeline_handler.h"
+#include "libcamera/internal/request.h"
 
 /**
  * \file libcamera/camera.h
@@ -1108,6 +1109,7 @@ std::unique_ptr<Request> Camera::createRequest(uint64_t cookie)
  * \return 0 on success or a negative error code otherwise
  * \retval -ENODEV The camera has been disconnected from the system
  * \retval -EACCES The camera is not running so requests can't be queued
+ * \retval -EXDEV The request does not belong to this camera
  * \retval -EINVAL The request is invalid
  * \retval -ENOMEM No buffer memory was available to handle the request
  */
@@ -1119,6 +1121,12 @@ int Camera::queueRequest(Request *request)
 	if (ret < 0)
 		return ret;
 
+	/* Requests can only be queued to the camera that created them. */
+	if (request->_d()->camera() != this) {
+		LOG(Camera, Error) << "Request was not created by this camera";
+		return -EXDEV;
+	}
+
 	/*
 	 * The camera state may change until the end of the function. No locking
 	 * is however needed as PipelineHandler::queueRequest() will handle
-- 
cgit v1.2.1