| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The values reported by the AD7793 are unsigned.
In uniploar mode:
0x000000 is zeroscale
0xffffff is fullscale
In bipolar mode:
0x000000 is negative fullscale
0x800000 is zeroscale
0xffffff is positive fullscale
In bipolar mode there is a binary offset, but the values are still unsigned.
Signed-off-by: Lars-Peter Clausen <[email protected]>
Signed-off-by: Jonathan Cameron <[email protected]>
|
|
Without the break statement we fall right through to the default case and return
an error value.
Signed-off-by: Lars-Peter Clausen <[email protected]>
Signed-off-by: Jonathan Cameron <[email protected]>
|
|
Do not leak memory by updating pointer with potentially NULL realloc return value.
There is no need to preserve data in the buffer,
so replace krealloc() by kfree()-kmalloc() pair.
Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: Alexey Khoroshilov <[email protected]>
Acked-by: Peter Meerwald <[email protected]>
Signed-off-by: Jonathan Cameron <[email protected]>
|
|
With small channel spacing values and high reference frequencies it is
possible to exceed the range of the 10-bit counter.
Workaround by checking the range and widening some constrains.
We don't use the REG1_PHASE value in this case the datasheet recommends to set
it to 1 if not used.
Signed-off-by: Michael Hennerich <[email protected]>
Signed-off-by: Jonathan Cameron <[email protected]>
|
|
drivers/staging/iio/adc/ad7298_ring.c:97:37: warning: 'time_ns' may
be used uninitialized in this function [-Wmaybe-uninitialized]
Reported-by: Fengguang Wu <[email protected]>
Signed-off-by: Michael Hennerich <[email protected]>
Signed-off-by: Jonathan Cameron <[email protected]>
|
|
kdb <-> kgdb transitioning does not work properly with this UART
driver because the get character routine loops indefinitely as opposed
to returning NO_POLL_CHAR per the expectation of the KDB I/O driver
API.
The symptom is a kernel hang when trying to switch debug modes.
Cc: Alan Cox <[email protected]>
Signed-off-by: Jason Wessel <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Without checking if the auart supports the hardware flow control or not,
the old mxs_auart_set_mctrl() asserted the RTS pin blindly.
This will causes the auart receives wrong data in the following case:
The far-end has already started the write operation, and wait for
the auart asserts the RTS pin. Then the auart starts the read operation,
but mxs_auart_set_mctrl() may be called before we set the RTSCTS in the
mxs_auart_settermios(). So the RTS pin is asserted in a wrong situation,
and we get the wrong data in the end.
This bug has been catched when I connect the mx23(DTE) to the mx53(DCE).
This patch also replaces the AUART_CTRL2_RTS with AUART_CTRL2_RTSEN.
We should use the real the hardware flow control, not the software-controled
hardware flow control.
Signed-off-by: Huang Shijie <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Following a report of a crash during an automount expire I found that
the locking in fs/autofs4/expire.c:get_next_positive_subdir() was wrong.
Not only is the locking wrong but the function is more complex than it
needs to be.
The function is meant to calculate (and dget) the next entry in the list
of directories contained in the root of an autofs mount point (an autofs
indirect mount to be precise). The main problem was that the d_lock of
the owner of the list was not being taken when walking the list, which
lead to list corruption under load. The only other lock that needs to
be taken is against the next dentry candidate so it can be checked for
usability.
Signed-off-by: Ian Kent <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Pull VFIO fix from Alex Williamson:
"Just a trivial patch to include vfio.h in the installed headers so we
can complete userspace integration into QEMU."
* tag 'vfio-for-v3.6-rc1' of git://github.com/awilliam/linux-vfio:
vfio: Include vfio.h in installed headers
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
Pull fuse updates from Miklos Szeredi.
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse:
fuse: verify all ioctl retry iov elements
fuse: add missing INIT flag descriptions
fuse: add missing INIT flags
fuse: update attributes on aio_read
fuse: invalidate inode mapping if mtime changes
fuse: add FUSE_AUTO_INVAL_DATA init flag
|
|
git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen
Pull Xen fix from Konrad Rzeszutek Wilk:
"Way back in v3.5 we added a mechanism to populate back pages that were
released (they overlapped with MMIO regions), but neglected to reserve
the proper amount of virtual space for extend_brk to work properly.
Coincidentally some other commit aligned the _brk space to larger area
so I didn't trigger this until it was run on a machine with more than
2GB of MMIO space."
* On machines with large MMIO/PCI E820 spaces we fail to boot b/c
we failed to pre-allocate large enough virtual space for extend_brk.
* tag 'stable/for-linus-3.6-rc1-tag' of git://git.kernel.org/pub/scm/linux/kernel/git/konrad/xen:
xen/p2m: Reserve 8MB of _brk space for P2M leafs when populating back.
|
|
Pull SuperH fixes from Paul Mundt.
* tag 'sh-for-linus' of git://github.com/pmundt/linux-sh:
sh: intc: Handle domain association for sparseirq pre-allocated vectors.
sh: sh7269: Fix LCD pinmux
sh: dma: fix request_irq usage
|
|
Moved to [email protected]
Cc: Dave Jiang <[email protected]>
Cc: Vinod Koul <[email protected]>
Signed-off-by: Dan Williams <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Cc: Ian Abbott <[email protected]>
Cc: Mori Hess <[email protected]>
Cc: H Hartley Sweeten <[email protected]>
Cc: Ravishankar Karkala Mallikarjunayya <[email protected]>
Signed-off-by: Tim Gardner <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Cc: Ian Abbott <[email protected]>
Cc: Mori Hess <[email protected]>
Cc: H Hartley Sweeten <[email protected]>
Signed-off-by: Tim Gardner <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Cc: Ian Abbott <[email protected]>
Cc: Mori Hess <[email protected]>
Cc: Bernd Porr <[email protected]>
Cc: Dan Carpenter <[email protected]>
Cc: H Hartley Sweeten <[email protected]>
Signed-off-by: Tim Gardner <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
When dumping "Code: " sections from an oops, the trapping instruction
%rip points to can be a string copy
2b:* f3 a5 rep movsl %ds:(%rsi),%es:(%rdi)
and the line contain a bunch of ":". Current "cut" selects only the and
the second field output looks funnily overlaid this:
2b:* f3 a5 rep movsl %ds <-- trapping instruction:(%rsi),%es:(%rdi
Fix this by selecting the remaining fields too.
Cc: Andrew Morton <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: [email protected]
Signed-off-by: Borislav Petkov <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
|
|
Pull two slave-dmaengine fixes from Vinod Koul:
"One fixes the correct use of clock API in imx driver and the other
enables clock for tegra driver, which is used for other tegra driver
conversion to dmanegine in -next."
* 'fixes' of git://git.infradead.org/users/vkoul/slave-dma:
dma: tegra: enable/disable dma clock
dma: imx-dma: Fix kernel crash due to missing clock conversion
|
|
Pull more drm fixes from Dave Airlie:
"Just some intel and nouveau ones this time, intel has more edp panel
fixes for macbooks and nouveau has a suspend/resume regression fix in
there."
* 'drm-fixes' of git://people.freedesktop.org/~airlied/linux:
drm/i915: Apply post-sync write for pipe control invalidates
drm/i915: reorder edp disabling to fix ivb MacBook Air
drm/nv86/fifo: suspend fix
drm/nouveau: disable copy engine on NVAF
nouveau: fixup scanout enable in nvc0_pm
drm/nouveau/aux: mask off higher bits of auxch index in i2c table entry
drm/nvd0/disp: mask off high 16 bit of negative cursor x-coordinate
drm/i915: ensure i2c adapter is all set before adding it
drm/i915: ignore eDP bpc settings from vbt
drm/i915: Fix blank panel at reopening lid
drm/nve0/fifo: add support for the flip completion swmthd
|
|
The main purpose of this function is to exclude ME devices
without support for MEI/HECI interface from binding
Currently affected systems are C600/X79 based servers
that expose PCI device even though it doesn't supported ME Interface.
MEI driver accessing such nonfunctional device can corrupt
the system.
Signed-off-by: Tomas Winkler <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
If ->atomic_open() returns -ENOENT, we take care to return the create
error (e.g., EACCES), if any. Do the same when ->atomic_open() returns 1
and provides a negative dentry.
This fixes a regression where an unprivileged open O_CREAT fails with
ENOENT instead of EACCES, introduced with the new atomic_open code. It
is tested by the open/08.t test in the pjd posix test suite, and was
observed on top of fuse (backed by ceph-fuse).
Signed-off-by: Sage Weil <[email protected]>
Signed-off-by: Miklos Szeredi <[email protected]>
|
|
commit 01eaf24 "extcon: Convert extcon_gpio to devm_gpio_request_one"
missed the replacement for devm_gpio_request_one. fix it.
Signed-off-by: Axel Lin <[email protected]>
Signed-off-by: Chanwoo Choi <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
commit c4e00daaa96d3a0786f1f4fe6456281c60ef9a16 changed __dev_printk
in a way that broke dynamic-debug's ability to control the dynamic
prefix of dev_dbg(dev,..), but not dev_dbg(NULL,..) or pr_debug(..),
which is why it wasnt noticed sooner.
When dev==NULL, __dev_printk() just calls printk(), which just works.
But otherwise, it assumed that level was always a string like "<L>"
and just plucked out the 'L', ignoring the rest. However,
dynamic_emit_prefix() adds "[tid] module:func:line:" to the string,
those additions all got lost.
Signed-off-by: Jim Cromie <[email protected]>
Acked-by: Jason Baron <[email protected]>
Cc: stable <[email protected]>
Cc: Kay Sievers <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
Bjorn's latest patchset does break Gobi 1K and 2K because on both
devices as it claims usb interface 0. That's because usbif 0 is not
handled in the switch statement, and thus the if0 gets claimed when it
should not. So let's just make things even simpler yet, and handle both
the 1K and 2K+ cases separately. This patch should not affect the new
Sierra device support, because those devices are matched via
interface-specific matching and thus should never hit the composite
code.
Signed-off-by: Dan Williams <[email protected]>
Tested-by: Bjørn Mork <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
After watchdog was disabled the driver would stall
due to wrong calculation of credits reduction
The cat&paste bug was introduced in the commit
7bdf72d3d8059a50214069ea4b87c2174645f40f
mei: introduce mei_data2slots wrapper
Signed-off-by: Tomas Winkler <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
|
|
into for-next
|
|
Unlike other parts of the mlx4_ib code, the function build_mlx_header()
doesn't check if the iboe netdev of the given port is valid before
dereferencing it, which can cause a crash if the ethernet interface
has already been taken down.
Fix this by checking for a valid netdev pointer before using it to get
the port MAC address.
Signed-off-by: Kleber Sacilotto de Souza <[email protected]>
Signed-off-by: Roland Dreier <[email protected]>
|
|
Instead of blindly initializing a volume knob widget, first check
that there actually is a volume knob widget.
Signed-off-by: David Henningsson <[email protected]>
Signed-off-by: Takashi Iwai <[email protected]>
|
|
In __nf_ct_expect_check, the function refresh_timer returns 1
if a matching expectation is found and its timer is successfully
refreshed. This results in nf_ct_expect_related returning 0.
Note that at this point:
- the passed expectation is not inserted in the expectation table
and its timer was not initialized, since we have refreshed one
matching/existing expectation.
- nf_ct_expect_alloc uses kmem_cache_alloc, so the expectation
timer is in some undefined state just after the allocation,
until it is appropriately initialized.
This can be a problem for the SIP helper during the expectation
addition:
...
if (nf_ct_expect_related(rtp_exp) == 0) {
if (nf_ct_expect_related(rtcp_exp) != 0)
nf_ct_unexpect_related(rtp_exp);
...
Note that nf_ct_expect_related(rtp_exp) may return 0 for the timer refresh
case that is detailed above. Then, if nf_ct_unexpect_related(rtcp_exp)
returns != 0, nf_ct_unexpect_related(rtp_exp) is called, which does:
spin_lock_bh(&nf_conntrack_lock);
if (del_timer(&exp->timeout)) {
nf_ct_unlink_expect(exp);
nf_ct_expect_put(exp);
}
spin_unlock_bh(&nf_conntrack_lock);
Note that del_timer always returns false if the timer has been
initialized. However, the timer was not initialized since setup_timer
was not called, therefore, the expectation timer remains in some
undefined state. If I'm not missing anything, this may lead to the
removal an unexistent expectation.
To fix this, the optimization that allows refreshing an expectation
is removed. Now nf_conntrack_expect_related looks more consistent
to me since it always add the expectation in case that it returns
success.
Thanks to Patrick McHardy for participating in the discussion of
this patch.
I think this may be the source of the problem described by:
http://marc.info/?l=netfilter-devel&m=134073514719421&w=2
Reported-by: Rafal Fitt <[email protected]>
Acked-by: Patrick McHardy <[email protected]>
Signed-off-by: Pablo Neira Ayuso <[email protected]>
|
|
commit 27a7b260f71439c40546b43588448faac01adb93
md: Fix handling for devices from 2TB to 4TB in 0.90 metadata.
changed 0.90 metadata handling to truncated size to 4TB as that is
all that 0.90 can record.
However for RAID0 and Linear, 0.90 doesn't need to record the size, so
this truncation is not needed and causes working arrays to become too small.
So avoid the truncation for RAID0 and Linear
This bug was introduced in 3.1 and is suitable for any stable kernels
from then onwards.
As the offending commit was tagged for 'stable', any stable kernel
that it was applied to should also get this patch. That includes
at least 2.6.32, 2.6.33 and 3.0. (Thanks to Ben Hutchings for
providing that list).
Cc: [email protected]
Signed-off-by: Neil Brown <[email protected]>
|
|
A PCM capture stream on usb-audio causes a scheduling-while-atomic
BUG, as reported in the bugzilla entry below. It's because
snd_usb_endpoint_start() is called at first at trigger START for a
capture stream, and this function contains the left-over EP
deactivation codes. The problem doesn't happen for a playback stream
because the function is called at PCM prepare time, which can sleep.
This patch fixes the BUG by moving the EP deactivation code into the
PCM prepare callback.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=46011
Cc: <[email protected]> [v3.5+]
Signed-off-by: Takashi Iwai <[email protected]>
|
|
The implementation of dev_ifconf() for the compat ioctl interface uses
an intermediate ifc structure allocated in userland for the duration of
the syscall. Though, it fails to initialize the padding bytes inserted
for alignment and that for leaks four bytes of kernel stack. Add an
explicit memset(0) before filling the structure to avoid the info leak.
Signed-off-by: Mathias Krause <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
If at least one of CONFIG_IP_VS_PROTO_TCP or CONFIG_IP_VS_PROTO_UDP is
not set, __ip_vs_get_timeouts() does not fully initialize the structure
that gets copied to userland and that for leaks up to 12 bytes of kernel
stack. Add an explicit memset(0) before passing the structure to
__ip_vs_get_timeouts() to avoid the info leak.
Signed-off-by: Mathias Krause <[email protected]>
Cc: Wensong Zhang <[email protected]>
Cc: Simon Horman <[email protected]>
Cc: Julian Anastasov <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The CCID3 code fails to initialize the trailing padding bytes of struct
tfrc_tx_info added for alignment on 64 bit architectures. It that for
potentially leaks four bytes kernel stack via the getsockopt() syscall.
Add an explicit memset(0) before filling the structure to avoid the
info leak.
Signed-off-by: Mathias Krause <[email protected]>
Cc: Gerrit Renker <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
ccid_hc_rx_getsockopt() and ccid_hc_tx_getsockopt() might be called with
a NULL ccid pointer leading to a NULL pointer dereference. This could
lead to a privilege escalation if the attacker is able to map page 0 and
prepare it with a fake ccid_ops pointer.
Signed-off-by: Mathias Krause <[email protected]>
Cc: Gerrit Renker <[email protected]>
Cc: [email protected]
Signed-off-by: David S. Miller <[email protected]>
|
|
The LLC code wrongly returns 0, i.e. "success", when the socket is
zapped. Together with the uninitialized uaddrlen pointer argument from
sys_getsockname this leads to an arbitrary memory leak of up to 128
bytes kernel stack via the getsockname() syscall.
Return an error instead when the socket is zapped to prevent the info
leak. Also remove the unnecessary memset(0). We don't directly write to
the memory pointed by uaddr but memcpy() a local structure at the end of
the function that is properly initialized.
Signed-off-by: Mathias Krause <[email protected]>
Cc: Arnaldo Carvalho de Melo <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The L2TP code for IPv6 fails to initialize the l2tp_unused member of
struct sockaddr_l2tpip6 and that for leaks two bytes kernel stack via
the getsockname() syscall. Initialize l2tp_unused with 0 to avoid the
info leak.
Signed-off-by: Mathias Krause <[email protected]>
Cc: James Chapman <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The L2CAP code fails to initialize the l2_bdaddr_type member of struct
sockaddr_l2 and the padding byte added for alignment. It that for leaks
two bytes kernel stack via the getsockname() syscall. Add an explicit
memset(0) before filling the structure to avoid the info leak.
Signed-off-by: Mathias Krause <[email protected]>
Cc: Marcel Holtmann <[email protected]>
Cc: Gustavo Padovan <[email protected]>
Cc: Johan Hedberg <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The RFCOMM code fails to initialize the trailing padding byte of struct
sockaddr_rc added for alignment. It that for leaks one byte kernel stack
via the getsockname() syscall. Add an explicit memset(0) before filling
the structure to avoid the info leak.
Signed-off-by: Mathias Krause <[email protected]>
Cc: Marcel Holtmann <[email protected]>
Cc: Gustavo Padovan <[email protected]>
Cc: Johan Hedberg <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The RFCOMM code fails to initialize the two padding bytes of struct
rfcomm_dev_list_req inserted for alignment before copying it to
userland. Additionally there are two padding bytes in each instance of
struct rfcomm_dev_info. The ioctl() that for disclosures two bytes plus
dev_num times two bytes uninitialized kernel heap memory.
Allocate the memory using kzalloc() to fix this issue.
Signed-off-by: Mathias Krause <[email protected]>
Cc: Marcel Holtmann <[email protected]>
Cc: Gustavo Padovan <[email protected]>
Cc: Johan Hedberg <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The RFCOMM code fails to initialize the key_size member of struct
bt_security before copying it to userland -- that for leaking one
byte kernel stack. Initialize key_size with 0 to avoid the info
leak.
Signed-off-by: Mathias Krause <[email protected]>
Cc: Marcel Holtmann <[email protected]>
Cc: Gustavo Padovan <[email protected]>
Cc: Johan Hedberg <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The HCI code fails to initialize the hci_channel member of struct
sockaddr_hci and that for leaks two bytes kernel stack via the
getsockname() syscall. Initialize hci_channel with 0 to avoid the
info leak.
Signed-off-by: Mathias Krause <[email protected]>
Cc: Marcel Holtmann <[email protected]>
Cc: Gustavo Padovan <[email protected]>
Cc: Johan Hedberg <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The HCI code fails to initialize the two padding bytes of struct
hci_ufilter before copying it to userland -- that for leaking two
bytes kernel stack. Add an explicit memset(0) before filling the
structure to avoid the info leak.
Signed-off-by: Mathias Krause <[email protected]>
Cc: Marcel Holtmann <[email protected]>
Cc: Gustavo Padovan <[email protected]>
Cc: Johan Hedberg <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The ATM code fails to initialize the two padding bytes of struct
sockaddr_atmpvc inserted for alignment. Add an explicit memset(0)
before filling the structure to avoid the info leak.
Signed-off-by: Mathias Krause <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
The ATM code fails to initialize the two padding bytes of struct
sockaddr_atmpvc inserted for alignment. Add an explicit memset(0)
before filling the structure to avoid the info leak.
Signed-off-by: Mathias Krause <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
|
|
- Use kcalloc() / vzalloc() instead of an extra bitmap_zero().
- Add __GFP_NOWARN to kcalloc() since we'll try vzalloc() if it fails.
Signed-off-by: Roland Dreier <[email protected]>
|
|
Fix some issues around int variables used in data structures related
to memory registration.
Handle int overflow in mlx4_init_icm_table by using a u64 intermediate
variable and changing struct mlx4_icm_table num_obj field to be u32.
Change some more fields/variables to use u32 instead of int to prevent
a case where the variable becomes negative when bit 31 is set.
Also subtract log_mtts_per_seg from the exponent when computing
num_mtt, since its added later on in that very same code area.
This and the previous commit fixes some issues which actually prevent
commit db5a7a65c058 ("mlx4_core: Scale size of MTT table with system
RAM") from working. Now, when the number of MTTs is scaled with the
size of the RAM we can map up to 8TB.
Signed-off-by: Yishai Hadas <[email protected]>
Signed-off-by: Jack Morgenstein <[email protected]>
Signed-off-by: Or Gerlitz <[email protected]>
Signed-off-by: Roland Dreier <[email protected]>
|
|
mlx4_buddy_init uses kmalloc() to allocate bitmaps, which fails when
the required size is beyond the max supported value (or when memory is
too fragmented to handle a huge allocation). Extend this to use use
vmalloc() if kmalloc() fails, and take that into account when freeing
the bitmaps as well.
This fixes a driver load failure when log num mtt is 26 or higher, and
is a step in the direction of allowing to register huge amounts of
memory on large memory systems.
Signed-off-by: Yishai Hadas <[email protected]>
Signed-off-by: Or Gerlitz <[email protected]>
Signed-off-by: Roland Dreier <[email protected]>
|
|
Pull two sparc fixes from David S. Miller.
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/sparc:
sparc64: Be less verbose during vmemmap population.
sparc64: do not clobber personality flags in sys_sparc64_personality()
|
|
In JPEG mode, the size of image is variable due to different JPEG compression
rate. We only can get the pix->sizeimage from the user.
If we clear pix->sizeimage in soc_camera_try_fmt() then we will get it from:
ret = soc_mbus_image_size(xlate->host_fmt, pix->bytesperline,
pix->height);
if (ret < 0)
return ret;
pix->sizeimage = max_t(u32, pix->sizeimage, ret);
In general, this sizeimage will be larger than the actul JPEG image size.
But vb2 will check the buffer and size of image in __qbuf_userptr():
/* Check if the provided plane buffer is large enough */
if (planes[plane].length < q->plane_sizes[plane])
So we shouldn't clear the pix->sizeimage and also shouldn't re-calculate
the pix->sizeimage in soc_mbus_image_size() in JPEG mode
We also shouldn't re-calculate pix->bytesperline:
ret = soc_mbus_bytes_per_line(pix->width, xlate->host_fmt);
if (ret < 0)
return ret;
pix->bytesperline = max_t(u32, pix->bytesperline, ret);
pix->bytesperline also should be set by the user or by the driver's
try_fmt() implementation.
Change-Id: I700690a2287346127a624b5260922eaa5427a596
Signed-off-by: Albert Wang <[email protected]>
Signed-off-by: Guennadi Liakhovetski <[email protected]>
Signed-off-by: Mauro Carvalho Chehab <[email protected]>
|