msm: camera: cpp: fix copy from user pointer on dequeue buf
Fix the copy from user in DEQUEUE_STREAM_BUFF usecase.
the Kasan report call stack is:
<0>[ 3205.219529] Call trace:
<6>[ 3205.221938] [<ffffffc000089e44>] dump_backtrace+0x0/0x19c
<6>[ 3205.221959] [<ffffffc000089ff0>] show_stack+0x10/0x1c
<6>[ 3205.221979] [<ffffffc001068c34>] dump_stack+0xa0/0xf8
<6>[ 3205.222001] [<ffffffc000200e94>] kasan_report_user_access+0x80/0xa8
<6>[ 3205.222018] [<ffffffc0002000b8>] __asan_loadN+0x30/0x164
<6>[ 3205.222035] [<ffffffc000200620>] memcpy+0x24/0x54
<6>[ 3205.222059] [<ffffffc000a033e0>] msm_cpp_copy_from_ioctl_ptr
<6>[ 3205.222075] [<ffffffc000a0ba6c>] msm_cpp_subdev_ioctl+0xf64/0x1368
<6>[ 3205.222094] [<ffffffc000a081d0>] msm_cpp_subdev_fops_compat_ioctl
<6>[ 3205.222116] [<ffffffc00096d090>] v4l2_compat_ioctl32+0xb8/0xe0
<6>[ 3205.222136] [<ffffffc00026e634>] compat_SyS_ioctl+0x1ac/0x160c
DEQUEUE_STREAM_BUFF is one of the use case will lead to such
call stack and did not have proper copy from user pointer.
Change-Id: I867ce6384db4694f2fd000d936b6bbee9d53b462
Signed-off-by: 
Peter Liu <pingchie@codeaurora.org>
Loading
Please register or sign in to comment