msm: camera: remove 512 bytes limitation from ctrlcmd payload.
This change removes the 512 bytes length limitation from the
payload data passed to the server thread, as part of the control
commands
Change-Id: I871b6a6d467f86431bb5d701784231d7142d60d2
Signed-off-by: Ankit Premrajka <ankitp@codeaurora.org>
diff --git a/drivers/media/video/msm/server/msm_cam_server.c b/drivers/media/video/msm/server/msm_cam_server.c
index 74dd3f2..84aaa69 100644
--- a/drivers/media/video/msm/server/msm_cam_server.c
+++ b/drivers/media/video/msm/server/msm_cam_server.c
@@ -311,7 +311,7 @@
if (command->length > 0) {
command->value =
g_server_dev.server_queue[command->queue_idx].ctrl_data;
- if (command->length > max_control_command_size) {
+ if (command->length > MAX_SERVER_PAYLOAD_LENGTH) {
pr_err("%s: user data %d is too big (max %d)\n",
__func__, command->length,
max_control_command_size);
@@ -476,20 +476,22 @@
struct msm_camera_v4l2_ioctl_t *ioctl_ptr)
{
struct msm_ctrl_cmd ctrlcmd;
- void *temp_data;
+ void *temp_data = NULL;
int rc;
- temp_data = kzalloc(ioctl_ptr->len, GFP_KERNEL);
- if (!temp_data) {
- pr_err("%s could not allocate memory\n", __func__);
- rc = -ENOMEM;
- goto end;
- }
- if (copy_from_user((void *)temp_data,
- (void __user *)ioctl_ptr->ioctl_ptr,
- ioctl_ptr->len)) {
- ERR_COPY_FROM_USER();
- rc = -EFAULT;
- goto copy_from_user_failed;
+ if (ioctl_ptr->len > 0) {
+ temp_data = kzalloc(ioctl_ptr->len, GFP_KERNEL);
+ if (!temp_data) {
+ pr_err("%s could not allocate memory\n", __func__);
+ rc = -ENOMEM;
+ goto end;
+ }
+ if (copy_from_user((void *)temp_data,
+ (void __user *)ioctl_ptr->ioctl_ptr,
+ ioctl_ptr->len)) {
+ ERR_COPY_FROM_USER();
+ rc = -EFAULT;
+ goto copy_from_user_failed;
+ }
}
mutex_lock(&pcam->vid_lock);
@@ -505,6 +507,16 @@
rc = msm_server_control(&g_server_dev, 0, &ctrlcmd);
if (rc < 0)
pr_err("%s: send event failed\n", __func__);
+ else {
+ if (ioctl_ptr->len > 0) {
+ if (copy_to_user((void __user *)ioctl_ptr->ioctl_ptr,
+ (void *)temp_data,
+ ioctl_ptr->len)) {
+ ERR_COPY_TO_USER();
+ rc = -EFAULT;
+ }
+ }
+ }
mutex_unlock(&pcam->vid_lock);
kfree(temp_data);
@@ -1519,7 +1531,12 @@
pcam->server_queue_idx = server_q_idx;
queue = &g_server_dev.server_queue[server_q_idx];
queue->ctrl_data = kzalloc(sizeof(uint8_t) *
- max_control_command_size, GFP_KERNEL);
+ MAX_SERVER_PAYLOAD_LENGTH, GFP_KERNEL);
+ if (queue->ctrl_data == NULL) {
+ pr_err("%s: Could not allocate memory\n", __func__);
+ rc = -ENOMEM;
+ goto error;
+ }
msm_queue_init(&queue->ctrl_q, "control");
msm_queue_init(&queue->eventData_q, "eventdata");
queue->queue_active = 1;
@@ -2523,7 +2540,11 @@
*p_qidx = server_q_idx;
queue = &g_server_dev.server_queue[server_q_idx];
queue->ctrl_data = kzalloc(sizeof(uint8_t) *
- max_control_command_size, GFP_KERNEL);
+ MAX_SERVER_PAYLOAD_LENGTH, GFP_KERNEL);
+ if (!queue->ctrl_data) {
+ pr_err("%s: Could not find memory\n", __func__);
+ return -ENOMEM;
+ }
msm_queue_init(&queue->ctrl_q, "control");
msm_queue_init(&queue->eventData_q, "eventdata");
queue->queue_active = 1;
diff --git a/include/media/msm_camera.h b/include/media/msm_camera.h
index ed9af2c..43159bc 100644
--- a/include/media/msm_camera.h
+++ b/include/media/msm_camera.h
@@ -34,6 +34,8 @@
#define MSM_CAM_IOCTL_MAGIC 'm'
+#define MAX_SERVER_PAYLOAD_LENGTH 8192
+
#define MSM_CAM_IOCTL_GET_SENSOR_INFO \
_IOR(MSM_CAM_IOCTL_MAGIC, 1, struct msm_camsensor_info *)