summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKieran Bingham <kieran.bingham@ideasonboard.com>2021-09-09 16:08:03 +0100
committerKieran Bingham <kieran.bingham@ideasonboard.com>2021-09-14 12:54:45 +0100
commit4cf7a8fc0bd5a2c6b606f27101d905f63a846b5f (patch)
tree138cd9d3938a3e02be9cbcd03c09ece25b23c247
parent3bcb7a90c1b1404e51015bda9add4d2ba467c052 (diff)
libcamera: v4l2_videodevice: Handle unexpected buffers
A kernel bug can lead to unexpected buffers being dequeued where we haven't entered the buffer in our queuedBuffers_ list. This causes invalid accesses if not handled correctly within libcamera, and while it is a kernel issue, we can protect against unpatched kernels to provide a more suitable error message. This is fixed in the kernel by commit c592b46907ad ("media: videobuf2-core: dequeue if start_streaming fails") [0] [0] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c592b46907ad Handle unexpected buffers by returning a nullptr, and move cache management after the validation of the buffer. Reviewed-by: Paul Elder <paul.elder@ideasonboard.com> Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com> Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
-rw-r--r--src/libcamera/v4l2_videodevice.cpp21
1 files changed, 20 insertions, 1 deletions
diff --git a/src/libcamera/v4l2_videodevice.cpp b/src/libcamera/v4l2_videodevice.cpp
index 837a59d9..9b3ee887 100644
--- a/src/libcamera/v4l2_videodevice.cpp
+++ b/src/libcamera/v4l2_videodevice.cpp
@@ -1654,9 +1654,28 @@ FrameBuffer *V4L2VideoDevice::dequeueBuffer()
LOG(V4L2, Debug) << "Dequeuing buffer " << buf.index;
+ /*
+ * If the video node fails to stream-on successfully (which can occur
+ * when queuing a buffer), a vb2 kernel bug can lead to the buffer which
+ * returns a failure upon queuing being mistakenly kept in the kernel.
+ * This leads to the kernel notifying us that a buffer is available to
+ * dequeue, which we have no awareness of being queued, and thus we will
+ * not find it in the queuedBuffers_ list.
+ *
+ * Whilst this kernel bug has been fixed in mainline, ensure that we
+ * safely ingore buffers which are unexpected to prevetn crashes on
+ * older kernels.
+ */
+ auto it = queuedBuffers_.find(buf.index);
+ if (it == queuedBuffers_.end()) {
+ LOG(V4L2, Error)
+ << "Dequeued unexpected buffer index " << buf.index;
+
+ return nullptr;
+ }
+
cache_->put(buf.index);
- auto it = queuedBuffers_.find(buf.index);
FrameBuffer *buffer = it->second;
queuedBuffers_.erase(it);