- 28 Jun, 2016 6 commits
-
-
Hans Verkuil authored
The added HDMI CEC framework provides a generic kernel interface for HDMI CEC devices. Note that the CEC framework is added to staging/media and that the cec.h and cec-funcs.h headers are not exported yet. While the kABI is mature, I would prefer to allow the uABI some more time before it is mainlined in case it needs more tweaks. This adds the cec-api.c source that deals with the public CEC API and the Kconfig/Makefile plumbing. The MAINTAINERS file is also updated. Signed-off-by:
Hans Verkuil <hans.verkuil@cisco.com> [k.debski@samsung.com: code cleanup and fixes] Signed-off-by:
Kamil Debski <kamil@wypas.org> Signed-off-by:
Mauro Carvalho Chehab <mchehab@s-opensource.com>
-
Hans Verkuil authored
The added HDMI CEC framework provides a generic kernel interface for HDMI CEC devices. Note that the CEC framework is added to staging/media and that the cec.h and cec-funcs.h headers are not exported yet. While the kABI is mature, I would prefer to allow the uABI some more time before it is mainlined in case it needs more tweaks. This adds the cec-adap.c source that deals with the low-level CEC messaging and logical address handling. Signed-off-by:
-
Hans Verkuil authored
The added HDMI CEC framework provides a generic kernel interface for HDMI CEC devices. Note that the CEC framework is added to staging/media and that the cec.h and cec-funcs.h headers are not exported yet. While the kABI is mature, I would prefer to allow the uABI some more time before it is mainlined in case it needs more tweaks. This adds the cec-core.c, media/cec.h and cec-priv.h sources. Signed-off-by:
-
Hans Verkuil authored
This public header contains static inlines to pack and unpack CEC messages. It is for use in both the kernel and in userspace. Since the CEC framework will initially be in staging this header is not yet in include/uapi. Once the framework is moved out of staging this header should be moved to uapi at the same time. Signed-off-by:
-
Hans Verkuil authored
This header contains the CEC public API. Since the CEC framework will initially be part of staging this header is kept out of include/uapi for the time being until the CEC framework will be moved out of staging. Signed-off-by:
-
Hans Verkuil authored
The cec-edid module contains helper functions to find and manipulate the CEC physical address inside an EDID. Even if the CEC support itself is disabled, drivers will still need these functions. Which is the reason this is module is separate from the upcoming CEC framework. Signed-off-by:
-
- 22 Jun, 2016 3 commits
-
-
Hans Verkuil authored
Document the new HDMI CEC framework. [k.debski@samsung.com: add DocBook documentation by Hans Verkuil, with Signed-off-by:
-
Kamil Debski authored
Add handling of remote control events coming from the HDMI CEC bus and the new protocol required for that. Signed-off-by:
-
Mauro Carvalho Chehab authored
Merge branch 'cec-defines' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input into topic/cec * 'cec-defines' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input: Input: add HDMI CEC specific keycodes Input: add BUS_CEC type
-
- 18 Jun, 2016 2 commits
-
-
Kamil Debski authored
Add HDMI CEC specific keycodes to the keycodes definition. Signed-off-by:
Dmitry Torokhov <dmitry.torokhov@gmail.com>
-
Hans Verkuil authored
Inputs can come in over the HDMI CEC bus, so add a new type for this. Signed-off-by:
-
- 16 Jun, 2016 5 commits
-
-
Mauro Carvalho Chehab authored
Two parameters were documented with a wrong name, and a struct device pointer description was missing. That caused the following warnings, when building documentation: include/media/media-devnode.h:102: warning: No description found for parameter 'media_dev' include/media/media-devnode.h:126: warning: No description found for parameter 'mdev' include/media/media-devnode.h:126: warning: Excess function parameter 'media_dev' description in 'media_devnode_register' Rename the description, to match the function parameter and fix Documentation. No funcional changes. Signed-off-by: -
Mauro Carvalho Chehab authored
drivers/media/platform/rcar-vin/rcar-core.c: In function 'rvin_graph_notify_complete': drivers/media/platform/rcar-vin/rcar-core.c:65:22: warning: variable 'sd' set but not used [-Wunused-but-set-variable] struct v4l2_subdev *sd; ^ Signed-off-by: -
Niklas Söderlund authored
A V4L2 driver for Renesas R-Car VIN driver that do not depend on soc_camera. The driver is heavily based on its predecessor and aims to replace it. Signed-off-by:
Niklas Söderlund <niklas.soderlund+renesas@ragnatech.se> Signed-off-by:
-
Sakari Ailus authored
When a buffer is being dequeued using VIDIOC_DQBUF IOCTL, the exact buffer which will be dequeued is not known until the buffer has been removed from the queue. The number of planes is specific to a buffer, not to the queue. This does lead to the situation where multi-plane buffers may be requested and queued with n planes, but VIDIOC_DQBUF IOCTL may be passed an argument struct with fewer planes. __fill_v4l2_buffer() however uses the number of planes from the dequeued videobuf2 buffer, overwriting kernel memory (the m.planes array allocated in video_usercopy() in v4l2-ioctl.c) if the user provided fewer planes than the dequeued buffer had. Oops! Fixes: b0e0e1f8 ("[media] media: videobuf2: Prepare to divide videobuf2") Signed-off-by:
Sakari Ailus <sakari.ailus@linux.intel.com> Acked-by:
Mauro Carvalho Chehab <mchehab@osg.samsung.com> Signed-off-by:
-
Sakari Ailus authored
An earlier patch fixing an input validation issue introduced another issue: vb2_core_dqbuf() is called with pb argument value NULL in some cases, causing a NULL pointer dereference. Fix this by skipping the verification as there's nothing to verify. Fixes: e7e0c3e2 ("[media] videobuf2-core: Check user space planes array in dqbuf") Signed-off-by:
David R <david@unsolicited.net> Signed-off-by:
-
- 15 Jun, 2016 4 commits
-
-
Shuah Khan authored
Media devnode open/ioctl could be in progress when media device unregister is initiated. System calls and ioctls check media device registered status at the beginning, however, there is a window where unregister could be in progress without changing the media devnode status to unregistered. process 1 process 2 fd = open(/dev/media0) media_devnode_is_registered() (returns true here) media_device_unregister() (unregister is in progress and devnode isn't unregistered yet) ... ioctl(fd, ...) __media_ioctl() media_devnode_is_registered() (returns true here) ... media_devnode_unregister() ... (driver releases the media device memory) media_device_ioctl() (By this point devnode->media_dev does not point to allocated memory. use-after free in in mutex_lock_nested) BUG: KASAN: use-after-free in mutex_lock_nested+0x79c/0x800 at addr ffff8801ebe914f0 Fix it by clearing register bit when unregister starts to avoid the race. process 1 process 2 fd = open(/dev/media0) media_devnode_is_registered() (could return true here) media_device_unregister() (clear the register bit, then start unregister.) ... ioctl(fd, ...) __media_ioctl() media_devnode_is_registered() (return false here, ioctl returns I/O error, and will not access media device memory) ... media_devnode_unregister() ... (driver releases the media device memory) Signed-off-by:Shuah Khan <shuahkh@osg.samsung.com> Suggested-by:
-
Shuah Khan authored
When driver unbinds while media_ioctl is in progress, cdev_put() fails with when app exits after driver unbinds. Add devnode struct device kobj as the cdev parent kobject. cdev_add() gets a reference to it and releases it in cdev_del() ensuring that the devnode is not deallocated as long as the application has the device file open. media_devnode_register() initializes the struct device kobj before calling cdev_add(). media_devnode_unregister() does cdev_del() and then deletes the device. devnode is released when the last reference to the struct device is gone. This problem is found on uvcvideo, em28xx, and au0828 drivers and fix has been tested on all three. kernel: [ 193.599736] BUG: KASAN: use-after-free in cdev_put+0x4e/0x50 kernel: [ 193.599745] Read of size 8 by task media_device_te/1851 kernel: [ 193.599792] INFO: Allocated in __media_device_register+0x54 kernel: [ 193.599951] INFO: Freed in media_devnode_release+0xa4/0xc0 kernel: [ 193.601083] Call Trace: kernel: [ 193.601093] [<ffffffff81aecac3>] dump_stack+0x67/0x94 kernel: [ 193.601102] [<ffffffff815359b2>] print_trailer+0x112/0x1a0 kernel: [ 193.601111] [<ffffffff8153b5e4>] object_err+0x34/0x40 kernel: [ 193.601119] [<ffffffff8153d9d4>] kasan_report_error+0x224/0x530 kernel: [ 193.601128] [<ffffffff814a2c3d>] ? kzfree+0x2d/0x40 kernel: [ 193.601137] [<ffffffff81539d72>] ? kfree+0x1d2/0x1f0 kernel: [ 193.601154] [<ffffffff8157ca7e>] ? cdev_put+0x4e/0x50 kernel: [ 193.601162] [<ffffffff8157ca7e>] cdev_put+0x4e/0x50 kernel: [ 193.601170] [<ffffffff815767eb>] __fput+0x52b/0x6c0 kernel: [ 193.601179] [<ffffffff8117743a>] ? switch_task_namespaces+0x2a kernel: [ 193.601188] [<ffffffff815769ee>] ____fput+0xe/0x10 kernel: [ 193.601196] [<ffffffff81170023>] task_work_run+0x133/0x1f0 kernel: [ 193.601204] [<ffffffff8117746e>] ? switch_task_namespaces+0x5e kernel: [ 193.601213] [<ffffffff8111b50c>] do_exit+0x72c/0x2c20 kernel: [ 193.601224] [<ffffffff8111ade0>] ? release_task+0x1250/0x1250 - - - kernel: [ 193.601360] [<ffffffff81003587>] ? exit_to_usermode_loop+0xe7 kernel: [ 193.601368] [<ffffffff810035c0>] exit_to_usermode_loop+0x120 kernel: [ 193.601376] [<ffffffff810061da>] syscall_return_slowpath+0x16a kernel: [ 193.601386] [<ffffffff82848b33>] entry_SYSCALL_64_fastpath+0xa6 Signed-off-by:
-
Mauro Carvalho Chehab authored
struct media_devnode is currently embedded at struct media_device. While this works fine during normal usage, it leads to a race condition during devnode unregister. the problem is that drivers assume that, after calling media_device_unregister(), the struct that contains media_device can be freed. This is not true, as it can't be freed until userspace closes all opened /dev/media devnodes. In other words, if the media devnode is still open, and media_device gets freed, any call to an ioctl will make the core to try to access struct media_device, with will cause an use-after-free and even GPF. Fix this by dynamically allocating the struct media_devnode and only freeing it when it is safe. Signed-off-by:
-
Mauro Carvalho Chehab authored
Along all media controller code, "mdev" is used to represent a pointer to struct media_device, and "devnode" for a pointer to struct media_devnode. However, inside media-devnode.[ch], "mdev" is used to represent a pointer to struct media_devnode. This is very confusing and may lead to development errors. So, let's change all occurrences at media-devnode.[ch] to also use "devnode" for such pointers. This patch doesn't make any functional changes. Signed-off-by:
-
- 14 Jun, 2016 1 commit
-
-
Mauro Carvalho Chehab authored
For the third time in three years, I'm changing my e-mail at Samsung. That's bad, as it may stop communications with me for a while. So, this time, I'll also the mchehab@kernel.org e-mail, as it remains stable since ever. Cc: stable@vger.kernel.org Signed-off-by:
-
- 10 Jun, 2016 2 commits
-
-
Colin Ian King authored
status is not initialized so it can contain garbage. The check for status containing the FE_HAS_LOCK bit may randomly pass or fail if the read of register 0x8c fails to set status after 25 read attempts. Fix this by initializing status to 0. Issue found with CoverityScan, CID#986738 Signed-off-by:
Colin Ian King <colin.king@canonical.com> Signed-off-by:
-
Dan Carpenter authored
The code is checking for negative returns but it should be checking for zero. Fixes: aab3125c ('[media] em28xx: add support for registering multiple i2c buses') Signed-off-by:
Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by:
-
- 09 Jun, 2016 6 commits
-
-
Zhaoxiu Zeng authored
This patch removes the local MT2063_gcd function, uses lib gcd instead Signed-off-by:
Zhaoxiu Zeng <zhaoxiu.zeng@gmail.com> Signed-off-by:
-
Martin Blumenstingl authored
The rtl2832 demod has 2 sets of PID filters. This patch enables the filter support when using a slave demod. Signed-off-by:
Benjamin Larsson <benjamin@southpole.se> Signed-off-by:
Martin Blumenstingl <martin.blumenstingl@googlemail.com> Signed-off-by:
Antti Palosaari <crope@iki.fi> Signed-off-by:
-
Antti Palosaari authored
Remove __func__ and KBUILD_MODNAME from logging formatters and pass USB interface device instead, so logging can be done correctly. Signed-off-by:
-
Alessandro Radicati authored
The MXL5007T tuner will lock-up on some devices after an I2C read transaction. This patch works around this issue by inhibiting such operations and emulating a 0x00 response. The workaround is only applied to USB devices known to exhibit this flaw. Signed-off-by:
Alessandro Radicati <alessandro@radicati.net> Signed-off-by:
-
Alessandro Radicati authored
This patch will modify the af9035 driver to use the register address fields of the I2C read command for the combined write/read transaction case. Without this change, the firmware issues just a I2C read transaction without the preceding write transaction to select the register. Signed-off-by:
-
Marek Szyprowski authored
Change return value back to -ENODEV when no region is defined for given device. This restores old behavior of this function, as some drivers rely on such error code. Fixes: 59ce4039 ("of: reserved_mem: add support for using more than one region for given device") Reported-by:
Liviu Dudau <liviu.dudau@arm.com> Signed-off-by:
Marek Szyprowski <m.szyprowski@samsung.com> Reviewed-by:
Sylwester Nawrocki <s.nawrocki@samsung.com> Reviewed-by:
Rob Herring <robh@kernel.org> Reviewed-by:
Sumit Semwal <sumit.semwal@linaro.org>
-
- 07 Jun, 2016 11 commits
-
-
Max Kellermann authored
Prepare for postponing the call until all file handles have been closed. [mchehab@osg.samsung.com: make checkpatch happy] Signed-off-by:
Max Kellermann <max@duempel.org> Signed-off-by:
-
Olli Salonen authored
Return -EINVAL if ds3000_set_frontend is called with invalid parameters. v1 of the patch series got incorrect subject lines. Signed-off-by:
Olli Salonen <olli.salonen@iki.fi> Signed-off-by:
-
Fengguang Wu authored
drivers/media/dvb-frontends/helene.c:750:2-3: Unneeded semicolon Remove unneeded semicolon. Generated by: scripts/coccinelle/misc/semicolon.cocci CC: Abylay Ospan <aospan@netup.ru> Signed-off-by:
Fengguang Wu <fengguang.wu@intel.com> Signed-off-by:
-
Martin Blumenstingl authored
No functional changes. Signed-off-by:
-
Martin Blumenstingl authored
This adds the missing auto-select bits for DVB-frontends and tuners (if MEDIA_SUBDRV_AUTOSELECT is enabled) which are used by the various rtl28xxu devices. The driver itself probes for three more tuners, but it's not actually using any of them: - MEDIA_TUNER_MT2063 - MEDIA_TUNER_MT2266 - MEDIA_TUNER_MXL5007T Signed-off-by:
-
Antti Palosaari authored
Move mn88472 DVB-T/T2/C demod driver out of staging to media. v2: Fix build error reported by kbuild test robot: drivers/staging/media/mn88472/Makefile: No such file or directory Reported-by:
-
Antti Palosaari authored
Finalize driver in order to move out of staging. Signed-off-by:
-
Julia Lawall authored
firmare -> firmware Signed-off-by:
Julia Lawall <Julia.Lawall@lip6.fr> Signed-off-by:
-
Antti Palosaari authored
1 and 2 wasn't enough for mn88472 chip on Astrometa device, so increase it to 3. Signed-off-by:
-
Julia Lawall authored
firmare -> firmware Signed-off-by:
-
Antti Palosaari authored
Latest, 3rd, regmap instance should be freed on error case. Signed-off-by:
-
