summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* mm-video-v4l2: vdec: Disallow input usebuffer for secure casestable/cm-13.0-ZNH0EMahesh Lanka2016-12-091-1/+7
| | | | | | | | | | | | | | | | In secure mode, input buffer _must_ be allocated by the component to allocate a secure buffer. Client-supplied memory via usebuffer does not qualify as secure-memory and must be rejected. This also avoids accidental heap-overflow while copying bitstream from user-memory to a smaller-sized secure-payload (usually the buffer-header itself) CYNGNOS-3312 Bug : 30148882 Fixes : Heap Overflow/LPE in MediaServer (libOmxVdec problem #11) Change-Id: I4f6017eae70d1b760a91be0cfcc356d380ec889b (cherry picked from commit fd304685bb097f9ea519893c064405ad5be1109e)
* DO NOT MERGE mm-video-v4l2: venc: add checks before accessing heap pointersPraveen Chavan2016-08-013-6/+27
| | | | | | | | | | | Heap pointers do not point to user virtual addresses in case of secure session. Set them to NULL and add checks to avoid accesing them Ticket: CYNGNOS-3177 Bug: 28815329 Bug: 28920116 Change-Id: I27d02331d9613f4b20949457a8634924e767864e
* DO NOT MERGE Fix wrong nAllocLenWonsik Kim2016-08-011-0/+2
| | | | | | | | | | Set nAllocLen to the size of the opaque handle itself. Ticket: CYNGNOS-3177 Bug: 28816964 Bug: 28816827 Change-Id: Id410e324bee291d4a0018dddb97eda9bbcded099 (cherry picked from commit 857df7fbafd5156d60df62d3ccb3cf7682b54197)
* mm-video-v4l2: venc: Avoid processing ETBs/FTBs in invalid statesPraveen Chavan2016-06-081-5/+17
| | | | | | | | | | | | | | | | (per the spec) ETB/FTB should not be handled in states other than Executing, Paused and Idle. This avoids accessing invalid buffers. Also add a lock to protect the private-buffers from being deleted while accessing from another thread. Bug: 27903498 Ticket: CYNGNOS-3020 Security Vulnerability - Heap Use-After-Free and Possible LPE in MediaServer (libOmxVenc problem #3) CRs-Fixed: 1010088 Change-Id: I898b42034c0add621d4f9d8e02ca0ed4403d4fd3
* mm-video-v4l2: vdec: Avoid processing ETBs/FTBs in invalid statesPraveen Chavan2016-06-083-9/+38
| | | | | | | | | | | | | | | | (per the spec) ETB/FTB should not be handled in states other than Executing, Paused and Idle. This avoids accessing invalid buffers. Also add a lock to protect the private-buffers from being deleted while accessing from another thread. Bug: 27890802 Ticket: CYNGNOS-3020 Security Vulnerability - Heap Use-After-Free and Possible LPE in MediaServer (libOmxVdec problem #6) CRs-Fixed: 1008882 Change-Id: Iaac2e383cd53cf9cf8042c9ed93ddc76dba3907e
* DO NOT MERGE mm-video-v4l2: vdec: deprecate unused config ↵Praveen Chavan2016-06-071-104/+1
| | | | | | | | | | | | | | OMX_IndexVendorVideoExtraData This config (used to set header offline) is no longer used. Remove handling this config since it uses non-process-safe ways to pass memory pointers. Fixes: Security Vulnerability - Segfault in MediaServer (libOmxVdec problem #2) Bug: 27475409 Ticket: CYNGNOS-2707 Change-Id: I7a535a3da485cbe83cf4605a05f9faf70dcca42f (cherry picked from commit d10bb6546aecfdb1e4b72c9716b7a2f20ae57810)
* DO NOT MERGE mm-video-v4l2: venc: add safety checks for freeing buffersPraveen Chavan2016-06-073-9/+37
| | | | | | | | | | | | | | Allow only up to 64 buffers on input/output port (since the allocation bitmap is only 64-wide). Add safety checks to free only as many buffers were allocated. Fixes: Heap Overflow and Possible Local Privilege Escalation in MediaServer (libOmxVenc problem) Bug: 27532497 Ticket: CYNGNOS-2707 Change-Id: I31e576ef9dc542df73aa6b0ea113d72724b50fc6 (cherry picked from commit a3169f86efc63cd9d4eb28e4550444bd4a56bd21)
* DO NOT MERGE mm-video-v4l2: vidc: validate omx param/config dataPraveen Chavan2016-06-075-13/+156
| | | | | | | | | | | | | | | | | | | | | Check the sanity of config/param strcuture objects passed to get/set _ config()/parameter() methods. Ticket: CYNGNOS-2707 Bug: 27533317 Security Vulnerability in MediaServer omx_vdec::get_config() Can lead to arbitrary write Change-Id: I6c3243afe12055ab94f1a1ecf758c10e88231809 Conflicts: mm-core/inc/OMX_QCOMExtns.h mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp mm-video-v4l2/vidc/venc/src/omx_video_base.cpp mm-video-v4l2/vidc/venc/src/omx_video_encoder.cpp (cherry picked from commit 94ec2bcfeb52797b2efa9bb7f617fe19f3b60e0a) Change-Id: I6587348940cd0df22725fa615cbc0b2902a31af5
* DO NOT MERGE mm-video-v4l2: vdec: add safety checks for freeing buffersPraveen Chavan2016-06-072-11/+53
| | | | | | | | | | | | | | | | | | Allow only up to 64 buffers on input/output port (since the allocation bitmap is only 64-wide). Do not allow changing theactual buffer count while still holding allocation (Client can technically negotiate buffer count on a free/disabled port) Add safety checks to free only as many buffers were allocated. Fixes: Security Vulnerability - Heap Overflow and Possible Local Privilege Escalation in MediaServer (libOmxVdec problem #3) Bug: 27532282 27661749 Ticket: CYNGNOS-2707 Change-Id: I06dd680d43feaef3efdc87311e8a6703e234b523 (cherry picked from commit 22030a36dda4b93aed7bcc1ddf27ac62dc221ff1)
* media: Avoid collision with FFMPEG pluginSteve Kondik2015-12-141-0/+4
| | | | Change-Id: I77803f255a073e2f4d1636609ea5456af2d7990c
* Merge tag 'android-6.0.1_r3' of ↵Steve Kondik2015-12-071-2/+4
|\ | | | | | | | | | | https://android.googlesource.com/platform/hardware/qcom/media into HEAD Android 6.0.1 release 3
| * mm-video-v4l2: vdec: notify colorspace info only if presentPraveen Chavan2015-10-121-2/+4
| | | | | | | | | | | | | | | | | | Check if the content has valid colorspace info in the VUI before overriding the default colorspace to display Bug: 24841600 Change-Id: I0ccc888c601c4a6ef0c61f5a68062e9cf931eab8
| * mm-video-v4l2: vdec: Enable VUI extradata only for h264Praveen Chavan2015-10-091-3/+4
| | | | | | | | | | | | | | | | Enable VUI extradata only for AVC dec b/24804777 Change-Id: I8f6731c78a3e9d803f2fd6fbaf6a1d93d1dec3d3
* | Fix duplicated OMX.qcom.audio.decoder.aac entryKeith Mok2015-11-2314-206/+0
| | | | | | | | | | | | | | | | There are duplcated aac audio decoder entry in the OMX table. This fixes: E OMXMaster: A component of name 'OMX.qcom.audio.decoder.aac' already exists, ignoring this one. Change-Id: I09b8ae911659b8146c6c42f4b8b130a610fab391
* | mm-video-v4l2: Disable extradata on legacy devicesmyfluxi2015-11-101-0/+4
| | | | | | | | | | | | Fixes build on msm8974. Change-Id: Ic997d5d58610278cb0951a5d8a508dbfb20c7ac3
* | Merge tag 'android-6.0.0_r26' into cm-13.0Ricardo Cerqueira2015-11-055-21/+101
|\ \ | | | | | | | | | Android 6.0.0 release 26
| * | mm-video-v4l2: vdec: Enable VUI extradata only for h264Praveen Chavan2015-10-111-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | Enable VUI extradata only for AVC dec b/24804777 Change-Id: I8f6731c78a3e9d803f2fd6fbaf6a1d93d1dec3d3
| * | merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-10-080-0/+0
| |\ \ | | |/ | |/|
| | * encoder: increase the input buffer count from 9 to 12Zhijun He2015-09-261-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | This is to reduce the chance of frame drops during high speed recording or with high system load. Bug: 24227252 Change-Id: I353a9ea5427eb7dc3f7a153abc75bc7f1514e455
| | * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-09-240-0/+0
| | |\
| | | * mm-video-v4l2: venc: Update low power mode for 4K recordingAshray Kulkarni2015-09-091-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Enable low power mode for 4K recording - Increasing min buff count for 4K session to 11 for power save mode. Bug: 23505291 Change-Id: I6e35d373d7dc57f95f35d9a6acc45246552d21b2
| | | * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-08-200-0/+0
| | | |\
| | | | * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-07-210-0/+0
| | | | |\
| | | | | * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-07-140-0/+0
| | | | | |\
| | | | | | * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-07-110-0/+0
| | | | | | |\
| | | | | | | * merge in mnc-dr-release history after reset to mnc-dr-devThe Android Automerger2015-07-060-0/+0
| | | | | | | |\
| * | | | | | | | mm-video-v4l2: Specify the colorspace of the YUV (diff)Praveen Chavan2015-10-083-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix builds and disable extradata on legacy devices Bug: 24444518 Change-Id: I4e355a50e1901d0a51045d7c4848aa22b03e5196
| * | | | | | | | mm-video: vdec: Inform native window of color spacePraveen Chavan2015-10-072-6/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Enable and parse the VUI display info extradata to determine the color space. Author: Deva Ramasubramanian <dramasub@codeaurora.org> Bug: 24444518 Change-Id: I7ed4b89a7c7ff792ee63d090e4d8265fc7eb225a
| * | | | | | | | mm-video: venc: Specify the colorspace of the YUVPraveen Chavan2015-10-071-1/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Indicate to the driver if the YUV is 601 (full ranged or clamped) or 709. Bug: 24444518 Change-Id: I5f3fab9d4b97b5f21cfa5b94456dd9da8bc04844
| * | | | | | | | encoder: increase the input buffer count from 9 to 12Zhijun He2015-09-261-0/+2
| |/ / / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is to reduce the chance of frame drops during high speed recording or with high system load. Bug: 24227252 Change-Id: I353a9ea5427eb7dc3f7a153abc75bc7f1514e455
| * | | | | | | Revert "mm-video-v4l2: vidc: venc: Update color conversion decision"Praveen Chavan2015-09-231-9/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit d265a5dd03b00d726dfad5ccaa0e95939ef7ab91. Update color-conversion flag only if there is an update in color-format. Updating the flag unconditionally from client thread will cause message thread to read inconsistent values. Also, Gralloc handle in ETB is valid only when the filled Len is non zero. Hence, verifying color format and updating color conversion variable only if buffer has valid handle. Bug: 24015376 Change-Id: Ib7e097c45503dc01dd65283950b3dc0c187f1b96
| * | | | | | | mm-video-v4l2: venc: Update low power mode for 4K recordingAshray Kulkarni2015-09-091-1/+10
| |/ / / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Enable low power mode for 4K recording - Increasing min buff count for 4K session to 11 for power save mode. Bug: 23505291 Change-Id: I6e35d373d7dc57f95f35d9a6acc45246552d21b2
| * | | | | | am f23399fb: mm-video-v4l2: vdec: Disable input buffer cached-allocations.Shivaprasad Hongal2015-08-192-1/+8
| |\ \ \ \ \ \ | | |/ / / / / | |/| | | | | | | | | | | | | | | | | | | * commit 'f23399fbd9d7bcdd9067a4881218ac16779ffebc': mm-video-v4l2: vdec: Disable input buffer cached-allocations.
| * | | | | | mm-video-v4l2: venc: update allocation-size check for meta-bufferPraveen Chavan2015-07-201-1/+1
| | |/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Metadata buffer |MetadataBufferType|buffer_handle_t| size can be 8 or 16 bytes on 32-bit or 64-bit respectively. Update the check which always assumes 32-bit size. bug: 22487196 Change-Id: Iab161ed455a6ea2842116c89b2e389cdccf867b8
* | | | | | mm-video: venc: Correct a typo in variable nameDeepak Verma2015-10-126-19/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A kernel variable was to be defined as unsigned long but it is mistakenly defined as unsigned only, the space is missing after long. This bug is silent because unsigned is also a valid data type by itself. Corresponding to kernel fix, similar correction is done in userspace code. Change-Id: Ie58f275149dc9c85553f75e02594113b1a03ddcf CRs-fixed: 556771
* | | | | | media: Use kernel headersChirayu Desai2015-10-125-1/+39
| | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I7a238b7c105d58eb6ec7794ec7a6af37f63c4cb0
* | | | | | media: Use direct project pathmapEthan Chen2015-10-095-17/+17
| | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I703cf1882fb1e6cffedc07ad4025d48e630f6236
* | | | | | media: Use project pathmapEthan Chen2015-10-095-16/+20
| | | | | | | | | | | | | | | | | | | | | | | | Change-Id: I7f18f9af0eac23baba2559b40dcddbc1081e91f5
* | | | | | merge in mnc-release history after reset to mnc-devThe Android Automerger2015-08-200-0/+0
|\ \ \ \ \ \ | |_|/ / / / |/| | | | |
| * | | | | merge in mnc-release history after reset to mnc-devThe Android Automerger2015-07-140-0/+0
| |\ \ \ \ \ | | |/ / / / | |/| | | |
| | * | | | merge in mnc-release history after reset to mnc-devThe Android Automerger2015-07-130-0/+0
| | |\ \ \ \ | | | |/ / / | | |/| | |
| | | * | | merge in mnc-release history after reset to mnc-devThe Android Automerger2015-06-270-0/+0
| | | |\ \ \ | | | | |/ / | | | |/| / | | | | |/
| | | | * mm-video-v4l2: vdec: Handle empty EOS bufferPraveen Chavan2015-06-181-2/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Input buffer queued with EOS flag may have 0 filled-length. Ignore checks for pBuffer-sanity and continue to signal EOS. Bug: 21659665 Change-Id: I2d0e09ffe37e73b1799fd41a869cdf0372277ecf
* | | | | mm-video-v4l2: vdec: Disable input buffer cached-allocations.Shivaprasad Hongal2015-08-192-1/+8
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Disable input buffer cacheing as cache flush is causing higher CPU utilization and resulting in power regression for video playback power. Bug: 21816928 Change-Id: I014b13e48793162f7905d916b92e8466de020472
* / / / mm-video-v4l2: Initialize pipe fd's to -1Shivaprasad Hongal2015-07-091-3/+5
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | While creating a new instance when HW is oveloaded, we return error with out creating pipe fd's. In omx_video destructor it is closing pipes, since the pipes are not initialized there is a chance of closing valid pipe fd's of running instances because of some garbage values present in it. Hence initialized with -1. BUG: 21659665 Change-Id: I1e04a159c41c104959db27b657866120696cb842
* / / mm-video-v4l2: vidc: add support for setting operating-ratePraveen Chavan2015-07-094-1/+60
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | Operating-rate hints the incoming rate of frames in real-time which can be different from the content fps. This rate will use used to set the correct operating point for encoder and decoder. This config will fail with InSufficientResources if the hardware cannot accomodate the requested operating rate. Amended by Ashray Kulkarni <ashrayk@codeaurora.org> bug: 20134262 Change-Id: If3f21067e31a4646ba143b1acd2d075421a6277a
* | mm-video-v4l2: venc: encoder cleanup during error handlingAshray Kulkarni2015-06-251-4/+9
| | | | | | | | | | | | | | | | | | | | when max instance count is reached, driver returns error, as part of error handling (in some cases) close was not called, resulting in increase of active instance count and memory leak. This change fixes both instance cleanup and memory leak. Bug: 20566750 Change-Id: I701fcf0aede048b2a36549cc4e971f976299d1aa
* | mm-video-v4l2: vdec: Handle empty EOS bufferPraveen Chavan2015-06-181-2/+5
|/ | | | | | | | | | Input buffer queued with EOS flag may have 0 filled-length. Ignore checks for pBuffer-sanity and continue to signal EOS. Bug: 21659665 Change-Id: I2d0e09ffe37e73b1799fd41a869cdf0372277ecf
* mm-video-v4l2: re-enable flex-yuv supportPraveen Chavan2015-06-101-0/+3
| | | | | | | | Set FLEXYUV_SUPPORTED to enable flex-yuv support bug: 21596364 Change-Id: I97142cb7d83b369d6bc479f921111d1973478c96
* mm-video-v4l2: Add extended config to set instance priorityPraveen Chavan2015-06-046-0/+92
| | | | | | | | | | | | | Enable priority as hinted by the client: priority = 0 => real-time = 1 => non-realtime Also add the OMX extension for priority and operating-rate. Amended by Ashray Kulkarni <ashrayk@codeaurora.org> Default sessions to non-realtime. bug: 20131548 Change-Id: I37532404a4a3ab5647b3490c3e3ecba2ed604bbf
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-22 16:19:09 +0000