From patchwork Thu Sep 17 15:28:16 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 255760 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE, SPF_PASS, URIBL_BLOCKED, USER_AGENT_GIT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 448C1C433E2 for ; Thu, 17 Sep 2020 15:49:25 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id D324C2078D for ; Thu, 17 Sep 2020 15:49:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728231AbgIQPsI (ORCPT ); Thu, 17 Sep 2020 11:48:08 -0400 Received: from mout.kundenserver.de ([212.227.126.187]:60775 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728182AbgIQPr2 (ORCPT ); Thu, 17 Sep 2020 11:47:28 -0400 Received: from threadripper.lan ([149.172.98.151]) by mrelayeu.kundenserver.de (mreue011 [212.227.15.129]) with ESMTPA (Nemesis) id 1MUGuZ-1jrobq3GTr-00REDu; Thu, 17 Sep 2020 17:28:25 +0200 From: Arnd Bergmann To: linux-media@vger.kernel.org, mchehab@kernel.org, hverkuil@xs4all.nl Cc: hch@lst.de, linux-kernel@vger.kernel.org, Arnd Bergmann Subject: [PATCH 1/8] media: v4l2: prepare compat-ioctl rework Date: Thu, 17 Sep 2020 17:28:16 +0200 Message-Id: <20200917152823.1241599-2-arnd@arndb.de> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200917152823.1241599-1-arnd@arndb.de> References: <20200917152823.1241599-1-arnd@arndb.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:jLtivs9oR8yT4Amv6wUYDZEGU94xByx2XLV3rL1lfaEk9Rp9+Y+ WK3WkMVSuoxZ4WqzGptxXOYUsHq/yU0Ir+Eb+eb5Irthl2pfOAJ1BsroP4TxgXQ1zDE38dN m5MPdrfXJa5WltPdIWNLsYFjoVdA0lZE5lJ2jOTEPKz23UeauqCc9m4s5zJ0pBcOY7Cj1yL +sHUaUJkEhAXioDNGQfaw== X-UI-Out-Filterresults: notjunk:1; V03:K0:YI0J0n/IYhs=:Gp7a2T2SN9riD8XPq3IFFb nawAq1JW3IPOCyOjrmW53ukdOaYG4m4ONpp6PzLIdIFDzRsyNsHANSxxha5Nb7sDg8YwZHhDo L6+c26QUicAGug4l2hNmVyt3xUF7xV6IKey5q0mZsLsKMlHgs5qheO8td1eIEa+JLi6ILk0S8 8WUiFZex7BvNhQxCPFHpnCDcyLSDEnVz7SMycgV3L0b0AjDX6EKb/FwZdz01yzZXN/WoQYbEd GEtnm+DO1jfp/c1RN6HzDCHSePEVwWMbaXMyAttxiyGJS66o9+KnB6v6If8/rKZXG+mZbUjOq 1w0CpAwJbV6YvwtVPErsOX8iFY3JgFP8w1zz6h/9NVS5sjmes62Kzfmv5c9OQTUpiuAuXZ9Wy v2Y2ZoDYobyLP0LzSg9IyyEvuN7aM6GScELlY+fAoFhLp6gVbtP1WIsZiywE4tl4jU5eG+1JM Cua/fTkDZ/bSxkPu+zL76reFUoGbnDwGJCWhnfHms89BJtdCb4buIazrtPUJxf3yQ+yh1uUPP whz3bM5yxiXlkCtFYoalZA5vSw6PJWFv93lpw/DFWO2tT0GYPrfPPx0eoMhHgTeKHtIZ/wab+ j0kLoJZjCgiodu7BVYvW57sajLiOI+9gFSH02YM4Afwp2smJmY/4Nk9zMp8ZEE+6IfzgMuj0i 47B1fbWNkfqw9xa0u7R1zActOI+Dci+vsbqdGihSu5ZLPThnLC5Y9buEcPgws/0FelgK3k6dX rERvBtw+7ySAwa6g3cUdPVURfESyrfRiYHhm+AgwLjY9qkw3ex911dBqucd+vfN68nNkXuudR njltFKh86q0w0HL/PrcVVHq2aR2mwuhatWEfiNlqJMPDZctrgSoXDSKJ+GPDu1bIUdHREod Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org The v4l2-compat-ioctl32() currently takes an extra round trip through user space pointers when converting the data structure formats. In particular, this involves using the compat_alloc_user_space() and copy_in_user() helpers that often lead to worse compat handlers compared to using in_compat_syscall() checks when copying the data. The native implementation already gained a simpler method to deal with the conversion for the time32 conversion. Hook into the same places to provide a location for reading and writing user space data from inside of the generic video_usercopy() helper. Signed-off-by: Arnd Bergmann --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 53 ++++++++++ drivers/media/v4l2-core/v4l2-ioctl.c | 97 ++++++++++++------- include/media/v4l2-ioctl.h | 11 +++ 3 files changed, 125 insertions(+), 36 deletions(-) diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index 593bcf6c3735..8f2cb03be48b 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -1420,6 +1420,59 @@ static int put_v4l2_edid32(struct v4l2_edid __user *p64, #define VIDIOC_G_OUTPUT32 _IOR ('V', 46, s32) #define VIDIOC_S_OUTPUT32 _IOWR('V', 47, s32) +unsigned int v4l2_compat_translate_cmd(unsigned int cmd) +{ + switch (cmd) { + } + return cmd; +} + +int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) +{ + switch (cmd) { + } + return 0; +} + +int v4l2_compat_put_user(void __user *arg, void *parg, unsigned int cmd) +{ + switch (cmd) { + } + return 0; +} + +int v4l2_compat_get_array_args(struct file *file, void *mbuf, + void __user *user_ptr, size_t array_size, + unsigned int cmd, void *arg) +{ + int err = 0; + + switch (cmd) { + default: + if (copy_from_user(mbuf, user_ptr, array_size)) + err = -EFAULT; + break; + } + + return err; +} + +int v4l2_compat_put_array_args(struct file *file, void __user *user_ptr, + void *mbuf, size_t array_size, + unsigned int cmd, void *arg) +{ + int err = 0; + + switch (cmd) { + default: + if (copy_to_user(user_ptr, mbuf, array_size)) + err = -EFAULT; + break; + } + + return err; +} + /** * alloc_userspace() - Allocates a 64-bits userspace pointer compatible * for calling the native 64-bits version of an ioctl. diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c index a556880f225a..4e79cdac9a5f 100644 --- a/drivers/media/v4l2-core/v4l2-ioctl.c +++ b/drivers/media/v4l2-core/v4l2-ioctl.c @@ -8,6 +8,7 @@ * Mauro Carvalho Chehab (version 2) */ +#include #include #include #include @@ -3103,11 +3104,14 @@ static unsigned int video_translate_cmd(unsigned int cmd) return VIDIOC_PREPARE_BUF; #endif } + if (in_compat_syscall()) + return v4l2_compat_translate_cmd(cmd); return cmd; } -static int video_get_user(void __user *arg, void *parg, unsigned int cmd, +static int video_get_user(void __user *arg, void *parg, + unsigned int real_cmd, unsigned int cmd, bool *always_copy) { unsigned int n = _IOC_SIZE(cmd); @@ -3118,6 +3122,34 @@ static int video_get_user(void __user *arg, void *parg, unsigned int cmd, return 0; } + if (cmd == real_cmd) { + /* + * In some cases, only a few fields are used as input, + * i.e. when the app sets "index" and then the driver + * fills in the rest of the structure for the thing + * with that index. We only need to copy up the first + * non-input field. + */ + if (v4l2_is_known_ioctl(cmd)) { + u32 flags = v4l2_ioctls[_IOC_NR(cmd)].flags; + + if (flags & INFO_FL_CLEAR_MASK) + n = (flags & INFO_FL_CLEAR_MASK) >> 16; + *always_copy = flags & INFO_FL_ALWAYS_COPY; + } + + if (copy_from_user(parg, (void __user *)arg, n)) + return -EFAULT; + + /* zero out anything we don't copy from userspace */ + if (n < _IOC_SIZE(cmd)) + memset((u8 *)parg + n, 0, _IOC_SIZE(cmd) - n); + return 0; + } + + if (in_compat_syscall()) + return v4l2_compat_get_user(arg, parg, cmd); + switch (cmd) { #ifdef CONFIG_COMPAT_32BIT_TIME case VIDIOC_QUERYBUF_TIME32: @@ -3152,39 +3184,26 @@ static int video_get_user(void __user *arg, void *parg, unsigned int cmd, break; } #endif - default: - /* - * In some cases, only a few fields are used as input, - * i.e. when the app sets "index" and then the driver - * fills in the rest of the structure for the thing - * with that index. We only need to copy up the first - * non-input field. - */ - if (v4l2_is_known_ioctl(cmd)) { - u32 flags = v4l2_ioctls[_IOC_NR(cmd)].flags; - - if (flags & INFO_FL_CLEAR_MASK) - n = (flags & INFO_FL_CLEAR_MASK) >> 16; - *always_copy = flags & INFO_FL_ALWAYS_COPY; - } - - if (copy_from_user(parg, (void __user *)arg, n)) - return -EFAULT; - - /* zero out anything we don't copy from userspace */ - if (n < _IOC_SIZE(cmd)) - memset((u8 *)parg + n, 0, _IOC_SIZE(cmd) - n); - break; } - return 0; } -static int video_put_user(void __user *arg, void *parg, unsigned int cmd) +static int video_put_user(void __user *arg, void *parg, + unsigned int real_cmd, unsigned int cmd) { if (!(_IOC_DIR(cmd) & _IOC_READ)) return 0; + if (cmd == real_cmd) { + /* Copy results into user buffer */ + if (copy_to_user(arg, parg, _IOC_SIZE(cmd))) + return -EFAULT; + return 0; + } + + if (in_compat_syscall()) + return v4l2_compat_put_user(arg, parg, cmd); + switch (cmd) { #ifdef CONFIG_COMPAT_32BIT_TIME case VIDIOC_DQEVENT_TIME32: { @@ -3231,11 +3250,6 @@ static int video_put_user(void __user *arg, void *parg, unsigned int cmd) break; } #endif - default: - /* Copy results into user buffer */ - if (copy_to_user(arg, parg, _IOC_SIZE(cmd))) - return -EFAULT; - break; } return 0; @@ -3269,8 +3283,8 @@ video_usercopy(struct file *file, unsigned int orig_cmd, unsigned long arg, parg = mbuf; } - err = video_get_user((void __user *)arg, parg, orig_cmd, - &always_copy); + err = video_get_user((void __user *)arg, parg, cmd, + orig_cmd, &always_copy); if (err) goto out; } @@ -3292,7 +3306,14 @@ video_usercopy(struct file *file, unsigned int orig_cmd, unsigned long arg, if (NULL == mbuf) goto out_array_args; err = -EFAULT; - if (copy_from_user(mbuf, user_ptr, array_size)) + if (in_compat_syscall()) + err = v4l2_compat_get_array_args(file, mbuf, user_ptr, + array_size, orig_cmd, + parg); + else + err = copy_from_user(mbuf, user_ptr, array_size) ? + -EFAULT : 0; + if (err) goto out_array_args; *kernel_ptr = mbuf; } @@ -3313,7 +3334,11 @@ video_usercopy(struct file *file, unsigned int orig_cmd, unsigned long arg, if (has_array_args) { *kernel_ptr = (void __force *)user_ptr; - if (copy_to_user(user_ptr, mbuf, array_size)) + if (in_compat_syscall()) + err = v4l2_compat_put_array_args(file, user_ptr, mbuf, + array_size, orig_cmd, + parg); + else if (copy_to_user(user_ptr, mbuf, array_size)) err = -EFAULT; goto out_array_args; } @@ -3325,7 +3350,7 @@ video_usercopy(struct file *file, unsigned int orig_cmd, unsigned long arg, goto out; out_array_args: - if (video_put_user((void __user *)arg, parg, orig_cmd)) + if (video_put_user((void __user *)arg, parg, cmd, orig_cmd)) err = -EFAULT; out: kvfree(mbuf); diff --git a/include/media/v4l2-ioctl.h b/include/media/v4l2-ioctl.h index 86878fba332b..0db79f36c496 100644 --- a/include/media/v4l2-ioctl.h +++ b/include/media/v4l2-ioctl.h @@ -686,6 +686,17 @@ long int v4l2_compat_ioctl32(struct file *file, unsigned int cmd, unsigned long arg); #endif +unsigned int v4l2_compat_translate_cmd(unsigned int cmd); +int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd); +int v4l2_compat_put_user(void __user *arg, void *parg, unsigned int cmd); +int v4l2_compat_get_array_args(struct file *file, void *mbuf, + void __user *user_ptr, size_t array_size, + unsigned int cmd, void *arg); +int v4l2_compat_put_array_args(struct file *file, void __user *user_ptr, + void *mbuf, size_t array_size, + unsigned int cmd, void *arg); + + /** * typedef v4l2_kioctl - Typedef used to pass an ioctl handler. * From patchwork Thu Sep 17 15:28:17 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 313129 Delivered-To: patch@linaro.org Received: by 2002:a92:5ad1:0:0:0:0:0 with SMTP id b78csp550968ilg; Thu, 17 Sep 2020 08:49:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwPFpo8y2V946YOYB740kjGzS/wyb6Bvp1sefwtGIbi3uBCRgAxEHTUfZ0gqufbrJGoWAFY X-Received: by 2002:a05:6402:164d:: with SMTP id s13mr33237787edx.222.1600357769358; Thu, 17 Sep 2020 08:49:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600357769; cv=none; d=google.com; s=arc-20160816; b=qip2022w0Q7iPZk62+Ta6zmZJMg42SSAGeNAk6NurHQRnHvW5/nX24o3rdyu5Ns4+m Gr7T6VHRKgRgpo2W1m86v/pgev6I+GZu66wgk+UBuJl1I5oZGN8r5FW0C8XXa76mB5tB SZN0f2ePUMMUu5ODi8jr9DSFWaQDVXRdUPF7TlM5xwfCXZ1mY9I9QqBH2E+uk1Sln7FG rQSFyuut2cQFCs1yqFae2F5JjiYSbyD4NH0WazunEMWuO+ZGXmeaJXUtFpJ6Nef0LJgt LNmZ0RuV6mY9NvemtK/em9VUJ+ZGjhBClbQuweDPRzzyNZOAVZaE6/HX5evCylVCYVCj X9NA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=I/R7p+SukKDUOFvguxhhk/LAjYrYB1CkSAGwI1qOpqI=; b=PPqSl+TjxGkSoK6IUqUD5m9fz9N5SsLxoB7jkabnYHZtQYWJyYNJ/GasDGE7UiGzPo 3UigQjDSk76bTZcBAwgyOt1uY9OTKlMy+PFXj6RDbsxqsmFCG8A7mdkBXC5xsob3jl/T LjEIj1d3DE/m7GeD5fh1QOxntpQy/Qqj+LRSXsT/aBJMy2Avez/BDcSkKnH9Ygqs2TKY wxjs4c9i952InJX8JvgJvtMhSl4ynX7weBHN/Jp0Fysa6OQz/U0b/WFVnMJ7JEpvxBBd 3q3RKsH+kSlB6y3SzQe1lXZRIwH1Zzm9QN7/Ss+p6SpmfJxga0aRD4dpJbYvtIwVUg3y G1aw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-media-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-media-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p10si227562ejy.70.2020.09.17.08.49.29; Thu, 17 Sep 2020 08:49:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-media-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-media-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-media-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728262AbgIQPtY (ORCPT + 4 others); Thu, 17 Sep 2020 11:49:24 -0400 Received: from mout.kundenserver.de ([212.227.126.131]:39401 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728161AbgIQPrT (ORCPT ); Thu, 17 Sep 2020 11:47:19 -0400 Received: from threadripper.lan ([149.172.98.151]) by mrelayeu.kundenserver.de (mreue011 [212.227.15.129]) with ESMTPA (Nemesis) id 1MFsER-1kH4gn01sd-00HQ4A; Thu, 17 Sep 2020 17:28:26 +0200 From: Arnd Bergmann To: linux-media@vger.kernel.org, mchehab@kernel.org, hverkuil@xs4all.nl Cc: hch@lst.de, linux-kernel@vger.kernel.org, Arnd Bergmann Subject: [PATCH 2/8] media: v4l2: remove unneeded compat ioctl handlers Date: Thu, 17 Sep 2020 17:28:17 +0200 Message-Id: <20200917152823.1241599-3-arnd@arndb.de> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200917152823.1241599-1-arnd@arndb.de> References: <20200917152823.1241599-1-arnd@arndb.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:++SSgZ3DNeodfdLMxxhVdMY6F5zK7tmiDsaTaRq8Tv7DlFh0gI1 bSE1SOX4Mq/pQJNnY081OagYNaYRDgtdgzvyX6j3+W5TTZVlTNC+wIXK/6nmp38R9MtZ2r+ zfPuySC/KQv/lnf4LVP2rI3XMD0qnAz71YWxkNnottxLKpYWSrAISp3ynQ2/H1x7z/8t8fV JQCdNrjlY22DKDkHBeMbA== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1; V03:K0:onJUFuCvh7o=:5RoNHygoStyY931DmdqFm4 duaiwinvc2Vc78k4u3lbIyCUnSIEy+EYHiaN887S27rLZxkCwE8rw/OuoVn7HT+r1Y9qo/KiM F9f2rdgW9x42AnuwcxtHfboCUQwRUZnIS7IhwU6sSPeze1kRAUGPoGkkwtjzYgNa/Ii9NRO+k hQNuNKfuLw3aQh+i1TBWPRmPGdYkIG4+t3I0oREuSw98Duoh3TvJ0W+Flo5Mt2GaacvjBbiiW hZ4xsVT0YtXY8LEaelpOpZK6W02s3AThMigWVjFaglq4sFbbCJ/usER6IHugm73yTK1ll1A6/ LSye6FsPtag/KDz6XMp5O2mptZrX84ui2/dCfuBB/DjHzk8jRJzh5ECiSNUOZTJfyNGwVYofk 6x6mai33gaJl+DtdjtFQ6dg6Y7vBaJ8mRbAYQlJ/IAe66m2JbA6uOeP4P2UxShQUrJkBRHMO1 57nOokeYn4eln70iZ5sEd6zIE+xdXX8phwazbrX85uYNdFDPWS2h+GxDUc9U3SMctR1iyx2FM Z6u4KPOcC4PBXh/VJesY4HB2g0qGjoWDxNuLhlYgqIxMoE5Yn+rShnDEM+R3Wwh5DbsHz112L GvQ5zzgYyPwEjOMb+oG7vZbrEEmBK2jP2mzG09NHhe5WxrM5G7qavM87QW0EieK4cWeJ1Ixoj 9GeFbP0msdXbh5L5PGhRYDkBYvSebt6zvF85ZFVnU7+i6IDTbIzB2SbpO4ORsebv92VQGn1eN n1kaeBywXEwdaOW32FdV5Z37DSI3QJr2FdY0Au5gSe091HUppGWEPWodt42G5UqGgFoXtruCT kXMOqXVG90KDNYZ9SYFGReFvb0cxk+5tvs9CZlg6E34zSvjXBUlU7hR1uYH7Rbhwxh5HlWU Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org These seven commands are all compatible and do not need any conversion handlers. The existing ones just copy 32-bit integers around, and those are always compatible. Signed-off-by: Arnd Bergmann --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 42 ------------------- 1 file changed, 42 deletions(-) -- 2.27.0 diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index 8f2cb03be48b..f04e29f3aecc 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -1412,14 +1412,6 @@ static int put_v4l2_edid32(struct v4l2_edid __user *p64, #define VIDIOC_PREPARE_BUF32 _IOWR('V', 93, struct v4l2_buffer32) #define VIDIOC_PREPARE_BUF32_TIME32 _IOWR('V', 93, struct v4l2_buffer32_time32) -#define VIDIOC_OVERLAY32 _IOW ('V', 14, s32) -#define VIDIOC_STREAMON32 _IOW ('V', 18, s32) -#define VIDIOC_STREAMOFF32 _IOW ('V', 19, s32) -#define VIDIOC_G_INPUT32 _IOR ('V', 38, s32) -#define VIDIOC_S_INPUT32 _IOWR('V', 39, s32) -#define VIDIOC_G_OUTPUT32 _IOR ('V', 46, s32) -#define VIDIOC_S_OUTPUT32 _IOWR('V', 47, s32) - unsigned int v4l2_compat_translate_cmd(unsigned int cmd) { switch (cmd) { @@ -1550,13 +1542,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar case VIDIOC_DQEVENT32: ncmd = VIDIOC_DQEVENT; break; case VIDIOC_DQEVENT32_TIME32: ncmd = VIDIOC_DQEVENT_TIME32; break; #endif - case VIDIOC_OVERLAY32: ncmd = VIDIOC_OVERLAY; break; - case VIDIOC_STREAMON32: ncmd = VIDIOC_STREAMON; break; - case VIDIOC_STREAMOFF32: ncmd = VIDIOC_STREAMOFF; break; - case VIDIOC_G_INPUT32: ncmd = VIDIOC_G_INPUT; break; - case VIDIOC_S_INPUT32: ncmd = VIDIOC_S_INPUT; break; - case VIDIOC_G_OUTPUT32: ncmd = VIDIOC_G_OUTPUT; break; - case VIDIOC_S_OUTPUT32: ncmd = VIDIOC_S_OUTPUT; break; case VIDIOC_CREATE_BUFS32: ncmd = VIDIOC_CREATE_BUFS; break; case VIDIOC_PREPARE_BUF32: ncmd = VIDIOC_PREPARE_BUF; break; case VIDIOC_PREPARE_BUF32_TIME32: ncmd = VIDIOC_PREPARE_BUF_TIME32; break; @@ -1571,24 +1556,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar * argument into it. */ switch (cmd) { - case VIDIOC_OVERLAY32: - case VIDIOC_STREAMON32: - case VIDIOC_STREAMOFF32: - case VIDIOC_S_INPUT32: - case VIDIOC_S_OUTPUT32: - err = alloc_userspace(sizeof(unsigned int), 0, &new_p64); - if (!err && assign_in_user((unsigned int __user *)new_p64, - (compat_uint_t __user *)p32)) - err = -EFAULT; - compatible_arg = 0; - break; - - case VIDIOC_G_INPUT32: - case VIDIOC_G_OUTPUT32: - err = alloc_userspace(sizeof(unsigned int), 0, &new_p64); - compatible_arg = 0; - break; - case VIDIOC_G_EDID32: case VIDIOC_S_EDID32: err = alloc_userspace(sizeof(struct v4l2_edid), 0, &new_p64); @@ -1761,15 +1728,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar * the original 32 bits structure. */ switch (cmd) { - case VIDIOC_S_INPUT32: - case VIDIOC_S_OUTPUT32: - case VIDIOC_G_INPUT32: - case VIDIOC_G_OUTPUT32: - if (assign_in_user((compat_uint_t __user *)p32, - ((unsigned int __user *)new_p64))) - err = -EFAULT; - break; - case VIDIOC_G_FBUF32: err = put_v4l2_framebuffer32(new_p64, p32); break; From patchwork Thu Sep 17 15:28:18 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 313131 Delivered-To: patch@linaro.org Received: by 2002:a92:5ad1:0:0:0:0:0 with SMTP id b78csp557489ilg; Thu, 17 Sep 2020 08:58:57 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzWEpQeLIYmShTe6xll00UczcRTsMt3BIu2kCTEDWTKphU2nqhbRnen2DyAbZbOUY8Mfi5l X-Received: by 2002:a50:84e8:: with SMTP id 95mr32910569edq.99.1600358337531; Thu, 17 Sep 2020 08:58:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600358337; cv=none; d=google.com; s=arc-20160816; b=M3NrqRsgntxS2Gn2K2IVB1zxggEfKILyiMacY8J069ZqVWuYq2mZUOsSz3r/r7bxQB 2+5oaRUbS5GHofhVjGd9hO/ufsKa7pD4KXBbb6/Avs1LlxLMb0qw4Cij5rz2D75r9ELg PTqA68pA524os3CUlQ1j36OJTcBzrVzOMAL9bxAIJ5RsToW3SDI+oAo0EZabMuQbDZyh QcwvCcVHPdqqbKGe9+WxIbbw9WU096J7mxGui+dE+xZi5jsYWKDlVcSbBw5nu3wGDOly xvWhLNYrZuFmgqNY9hSX1CN+DBkYu55jw20iL6hxFdbG6gflPrvB/V3HYUzh2w7bVAzB tJ/g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=RTJ3fUC3O0MkGixcMqJSkKvGV8xbJZ6dU3qWY3i+Ubo=; b=DDJl09Prz+MiLMln2rtw9K6PvlwFLEKCGPgjjOV0YtmIzmyemYqRups80Bqm/qTeav 9Y22y+1rx+ExYytjfgfT+vrXdrkQxKrpufmYYm4Lsq4tyzbIrRkyUd+0j9CACfMAdPIf TlfGgA5F0r/eaIfe4IleLI7s85bZSQrQjIA9qTJbZpiB68w4qdLO8tuXY49dGkbsNuTv LeCM8+JY7qprPxNmQ629auHh57tVy/s/hwv4RMhq31Pyg+e+elOtPlYXXBzqpO/8kwTL 3QzvmY8b2+RWuDKc1KfWJGUcx0cmgK+LsPeRtgso1J7ncxDaaarWaxxJh2fRTDtAj3u7 ZOsA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-media-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-media-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id z12si61502edm.560.2020.09.17.08.58.57; Thu, 17 Sep 2020 08:58:57 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-media-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-media-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-media-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728172AbgIQP60 (ORCPT + 4 others); Thu, 17 Sep 2020 11:58:26 -0400 Received: from mout.kundenserver.de ([212.227.126.131]:49895 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728244AbgIQPru (ORCPT ); Thu, 17 Sep 2020 11:47:50 -0400 Received: from threadripper.lan ([149.172.98.151]) by mrelayeu.kundenserver.de (mreue011 [212.227.15.129]) with ESMTPA (Nemesis) id 1Mum2d-1kZdjl0yJv-00rnX4; Thu, 17 Sep 2020 17:28:26 +0200 From: Arnd Bergmann To: linux-media@vger.kernel.org, mchehab@kernel.org, hverkuil@xs4all.nl Cc: hch@lst.de, linux-kernel@vger.kernel.org, Arnd Bergmann Subject: [PATCH 3/8] media: v4l2: move v4l2_ext_controls conversion Date: Thu, 17 Sep 2020 17:28:18 +0200 Message-Id: <20200917152823.1241599-4-arnd@arndb.de> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200917152823.1241599-1-arnd@arndb.de> References: <20200917152823.1241599-1-arnd@arndb.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:ES95WvyRSQsf97A6EisoNS3E0xJveE8Ka/nUY4xQYEcGI+ckiFY hKHaeFAPwIvIrjAnWGB7JkdYR57VMHEH3feKPvO5PWxg+fv8ljzcbCS8BN9ns7ipHPNH/8J LG0TdGilFje7xevw4lwTVUQqB01nB2cO0+BrV+n4HYJgVqDO0F3CoAol6SMAEwJXHCykHVt 4n9psSMbXpPeUKHrSTRYQ== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1; V03:K0:oVjGvnPcRuw=:CWwU8Vg4rQ1+UrmfKnI5bp kXYu8D6JyTJWu2o0zLiYSqUZBjwMaR8tBCLO21ga4lx+HzLJwtTISykQBuTqXMuAK8SbqCBww 9CV6fpKhuDNGEnXY6CU6lCt92neNTJJERAWYxj1nlHzXqQmyebBY6+8z+lwSxINvMT5xHRMon +Fzi0B4JjpvpEUEFzXzXYzmZcRf/+MuRn9tDtYZ30OdEewm1W19t7+X8wBHmFvK+HuXnaSm/z KQY7G0Juo9aB70RrjHI8zoqGIvkbLccCLgqNdCmJ88rNMq278MYD1PYsx7uCl99zZ0YFwaI/5 FD9ARWKKgR+HplCXcIXi5wJs/niVhTVL4B0m4QS9Ovx9poOH1q4aeLLD5//W8DpFbp5XYOJxc 1yQSCG8hUdbweGLuKzgs3fb9ttbl2JpHGswFNdjZBMjQPvaLdC/lnHGJOY8ZMpqokx9yBVqfW RxqeG6bhg13Pcp/8RX7SnwuqLSfnc1pmtAjWlRiU/mVbsEDxZ9e+9NOc3Mix7Mw2QWHuVux4Y zLnEJBrtjwF+3Vdy6tAJhStxuHoCVaG5ozTCFDtvwMEaiazoqxGB1FsZkD7prRWef52EHuhmg rMk4TPfHsnRYdqs4z/UkRo7DjESwC9brFAshB9U5asQ0XbvBO83lwJc1+5v6eL3RbvK9cgv02 ivlqbWOzvf/959CAhe8aYbnzkdW1kXawm8+pYayW5pIMNmEv2QUjqoEox1Y961OZkSQBCdmBi JxHR47kzEQflRvLkW6WmBHBYzqlomZDpzRWLhprSG4TJJghxqDaqDeh+BsEAap24UOOkt1e/U SmQ3/mRRINDfReC8PwUVefpky+EALAK6qR7egKqeU4Rsr4CjCUw7ak2Q4r6fTfQnyFayDJf Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org The v4l2_ext_controls ioctl handlers use an indirect pointer to an incompatible data structure, making the conversion particularly tricky. Moving the compat implementation to use the new v4l2_compat_get_user()/v4l2_compat_put_user() helpers makes it noticeably simpler. In v4l2_compat_get_array_args()/v4l2_compat_put_array_args(), the 'file' argument needs to get passed to determine the exact format, which is a bit unfortunate, as no other conversion needs these. Signed-off-by: Arnd Bergmann --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 236 +++++++----------- 1 file changed, 90 insertions(+), 146 deletions(-) -- 2.27.0 diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index f04e29f3aecc..1471dab71703 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -1130,142 +1130,44 @@ static inline bool ctrl_is_pointer(struct file *file, u32 id) (qec.flags & V4L2_CTRL_FLAG_HAS_PAYLOAD); } -static int bufsize_v4l2_ext_controls(struct v4l2_ext_controls32 __user *p32, - u32 *size) -{ - u32 count; - - if (!access_ok(p32, sizeof(*p32)) || - get_user(count, &p32->count)) - return -EFAULT; - if (count > V4L2_CID_MAX_CTRLS) - return -EINVAL; - *size = count * sizeof(struct v4l2_ext_control); - return 0; -} - -static int get_v4l2_ext_controls32(struct file *file, - struct v4l2_ext_controls __user *p64, - struct v4l2_ext_controls32 __user *p32, - void __user *aux_buf, u32 aux_space) +static int get_v4l2_ext_controls32(struct v4l2_ext_controls *p64, + struct v4l2_ext_controls32 __user *p32) { - struct v4l2_ext_control32 __user *ucontrols; - struct v4l2_ext_control __user *kcontrols; - u32 count; - u32 n; - compat_caddr_t p; - - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p64->which, &p32->which) || - get_user(count, &p32->count) || - put_user(count, &p64->count) || - assign_in_user(&p64->error_idx, &p32->error_idx) || - assign_in_user(&p64->request_fd, &p32->request_fd) || - copy_in_user(p64->reserved, p32->reserved, sizeof(p64->reserved))) - return -EFAULT; + struct v4l2_ext_controls32 ec32; - if (count == 0) - return put_user(NULL, &p64->controls); - if (count > V4L2_CID_MAX_CTRLS) - return -EINVAL; - if (get_user(p, &p32->controls)) - return -EFAULT; - ucontrols = compat_ptr(p); - if (!access_ok(ucontrols, count * sizeof(*ucontrols))) - return -EFAULT; - if (aux_space < count * sizeof(*kcontrols)) + if (copy_from_user(&ec32, p32, sizeof(ec32))) return -EFAULT; - kcontrols = aux_buf; - if (put_user_force(kcontrols, &p64->controls)) - return -EFAULT; - - for (n = 0; n < count; n++) { - u32 id; - - if (copy_in_user(kcontrols, ucontrols, sizeof(*ucontrols))) - return -EFAULT; - - if (get_user(id, &kcontrols->id)) - return -EFAULT; - if (ctrl_is_pointer(file, id)) { - void __user *s; + *p64 = (struct v4l2_ext_controls) { + .which = ec32.which, + .count = ec32.count, + .error_idx = ec32.error_idx, + .request_fd = ec32.error_idx, + .reserved[0] = ec32.reserved[0], + .controls = (void __force *)compat_ptr(ec32.controls), + }; - if (get_user(p, &ucontrols->string)) - return -EFAULT; - s = compat_ptr(p); - if (put_user(s, &kcontrols->string)) - return -EFAULT; - } - ucontrols++; - kcontrols++; - } return 0; } -static int put_v4l2_ext_controls32(struct file *file, - struct v4l2_ext_controls __user *p64, +static int put_v4l2_ext_controls32(struct v4l2_ext_controls *p64, struct v4l2_ext_controls32 __user *p32) { - struct v4l2_ext_control32 __user *ucontrols; - struct v4l2_ext_control *kcontrols; - u32 count; - u32 n; - compat_caddr_t p; - - /* - * We need to define kcontrols without __user, even though it does - * point to data in userspace here. The reason is that v4l2-ioctl.c - * copies it from userspace to kernelspace, so its definition in - * videodev2.h doesn't have a __user markup. Defining kcontrols - * with __user causes smatch warnings, so instead declare it - * without __user and cast it as a userspace pointer where needed. - */ - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->which, &p64->which) || - get_user(count, &p64->count) || - put_user(count, &p32->count) || - assign_in_user(&p32->error_idx, &p64->error_idx) || - assign_in_user(&p32->request_fd, &p64->request_fd) || - copy_in_user(p32->reserved, p64->reserved, sizeof(p32->reserved)) || - get_user(kcontrols, &p64->controls)) - return -EFAULT; + struct v4l2_ext_controls32 ec32; + + memset(&ec32, 0, sizeof(ec32)); + ec32 = (struct v4l2_ext_controls32) { + .which = p64->which, + .count = p64->count, + .error_idx = p64->error_idx, + .request_fd = p64->error_idx, + .reserved[0] = p64->reserved[0], + .controls = (uintptr_t)p64->controls, + }; - if (!count || count > (U32_MAX/sizeof(*ucontrols))) - return 0; - if (get_user(p, &p32->controls)) - return -EFAULT; - ucontrols = compat_ptr(p); - if (!access_ok(ucontrols, count * sizeof(*ucontrols))) + if (copy_to_user(p32, &ec32, sizeof(ec32))) return -EFAULT; - for (n = 0; n < count; n++) { - unsigned int size = sizeof(*ucontrols); - u32 id; - - if (get_user_cast(id, &kcontrols->id) || - put_user(id, &ucontrols->id) || - assign_in_user_cast(&ucontrols->size, &kcontrols->size) || - copy_in_user(&ucontrols->reserved2, - (void __user *)&kcontrols->reserved2, - sizeof(ucontrols->reserved2))) - return -EFAULT; - - /* - * Do not modify the pointer when copying a pointer control. - * The contents of the pointer was changed, not the pointer - * itself. - */ - if (ctrl_is_pointer(file, id)) - size -= sizeof(ucontrols->value64); - - if (copy_in_user(ucontrols, - (void __user *)kcontrols, size)) - return -EFAULT; - - ucontrols++; - kcontrols++; - } return 0; } @@ -1415,6 +1317,12 @@ static int put_v4l2_edid32(struct v4l2_edid __user *p64, unsigned int v4l2_compat_translate_cmd(unsigned int cmd) { switch (cmd) { + case VIDIOC_G_EXT_CTRLS32: + return VIDIOC_G_EXT_CTRLS; + case VIDIOC_S_EXT_CTRLS32: + return VIDIOC_S_EXT_CTRLS; + case VIDIOC_TRY_EXT_CTRLS32: + return VIDIOC_TRY_EXT_CTRLS; } return cmd; } @@ -1422,6 +1330,10 @@ unsigned int v4l2_compat_translate_cmd(unsigned int cmd) int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) { switch (cmd) { + case VIDIOC_G_EXT_CTRLS32: + case VIDIOC_S_EXT_CTRLS32: + case VIDIOC_TRY_EXT_CTRLS32: + return get_v4l2_ext_controls32(parg, arg); } return 0; } @@ -1429,6 +1341,10 @@ int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) int v4l2_compat_put_user(void __user *arg, void *parg, unsigned int cmd) { switch (cmd) { + case VIDIOC_G_EXT_CTRLS32: + case VIDIOC_S_EXT_CTRLS32: + case VIDIOC_TRY_EXT_CTRLS32: + return put_v4l2_ext_controls32(parg, arg); } return 0; } @@ -1440,6 +1356,29 @@ int v4l2_compat_get_array_args(struct file *file, void *mbuf, int err = 0; switch (cmd) { + case VIDIOC_G_EXT_CTRLS32: + case VIDIOC_S_EXT_CTRLS32: + case VIDIOC_TRY_EXT_CTRLS32: { + struct v4l2_ext_controls *ecs64 = arg; + struct v4l2_ext_control *ec64 = mbuf; + struct v4l2_ext_control32 __user *ec32 = user_ptr; + int n; + + for (n = 0; n < ecs64->count; n++) { + if (copy_from_user(ec64, ec32, sizeof(*ec32))) + return -EFAULT; + + if (ctrl_is_pointer(file, ec64->id)) { + compat_uptr_t p; + if (get_user(p, &ec32->string)) + return -EFAULT; + ec64->string = compat_ptr(p); + } + ec32++; + ec64++; + } + break; + } default: if (copy_from_user(mbuf, user_ptr, array_size)) err = -EFAULT; @@ -1456,6 +1395,33 @@ int v4l2_compat_put_array_args(struct file *file, void __user *user_ptr, int err = 0; switch (cmd) { + case VIDIOC_G_EXT_CTRLS32: + case VIDIOC_S_EXT_CTRLS32: + case VIDIOC_TRY_EXT_CTRLS32: { + struct v4l2_ext_controls *ecs64 = arg; + struct v4l2_ext_control *ec64 = mbuf; + struct v4l2_ext_control32 __user *ec32 = user_ptr; + int n; + + for (n = 0; n < ecs64->count; n++) { + unsigned int size = sizeof(*ec32); + /* + * Do not modify the pointer when copying a pointer + * control. The contents of the pointer was changed, + * not the pointer itself. + * The structures are otherwise compatible. + */ + if (ctrl_is_pointer(file, ec64->id)) + size -= sizeof(ec32->value64); + + if (copy_to_user(ec32, ec64, size)) + return -EFAULT; + + ec32++; + ec64++; + } + break; + } default: if (copy_to_user(user_ptr, mbuf, array_size)) err = -EFAULT; @@ -1465,6 +1431,7 @@ int v4l2_compat_put_array_args(struct file *file, void __user *user_ptr, return err; } + /** * alloc_userspace() - Allocates a 64-bits userspace pointer compatible * for calling the native 64-bits version of an ioctl. @@ -1535,9 +1502,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar case VIDIOC_ENUMSTD32: ncmd = VIDIOC_ENUMSTD; break; case VIDIOC_ENUMINPUT32: ncmd = VIDIOC_ENUMINPUT; break; case VIDIOC_TRY_FMT32: ncmd = VIDIOC_TRY_FMT; break; - case VIDIOC_G_EXT_CTRLS32: ncmd = VIDIOC_G_EXT_CTRLS; break; - case VIDIOC_S_EXT_CTRLS32: ncmd = VIDIOC_S_EXT_CTRLS; break; - case VIDIOC_TRY_EXT_CTRLS32: ncmd = VIDIOC_TRY_EXT_CTRLS; break; #ifdef CONFIG_X86_64 case VIDIOC_DQEVENT32: ncmd = VIDIOC_DQEVENT; break; case VIDIOC_DQEVENT32_TIME32: ncmd = VIDIOC_DQEVENT_TIME32; break; @@ -1653,20 +1617,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar compatible_arg = 0; break; - case VIDIOC_G_EXT_CTRLS32: - case VIDIOC_S_EXT_CTRLS32: - case VIDIOC_TRY_EXT_CTRLS32: - err = bufsize_v4l2_ext_controls(p32, &aux_space); - if (!err) - err = alloc_userspace(sizeof(struct v4l2_ext_controls), - aux_space, &new_p64); - if (!err) { - aux_buf = new_p64 + sizeof(struct v4l2_ext_controls); - err = get_v4l2_ext_controls32(file, new_p64, p32, - aux_buf, aux_space); - } - compatible_arg = 0; - break; #ifdef CONFIG_X86_64 case VIDIOC_DQEVENT32: err = alloc_userspace(sizeof(struct v4l2_event), 0, &new_p64); @@ -1709,12 +1659,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar * the blocks to maximum allowed value. */ switch (cmd) { - case VIDIOC_G_EXT_CTRLS32: - case VIDIOC_S_EXT_CTRLS32: - case VIDIOC_TRY_EXT_CTRLS32: - if (put_v4l2_ext_controls32(file, new_p64, p32)) - err = -EFAULT; - break; case VIDIOC_S_EDID32: if (put_v4l2_edid32(new_p64, p32)) err = -EFAULT; From patchwork Thu Sep 17 15:28:19 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 313141 Delivered-To: patch@linaro.org Received: by 2002:a92:5ad1:0:0:0:0:0 with SMTP id b78csp682948ilg; Thu, 17 Sep 2020 11:49:21 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzzWujwwJ6njqguZ8hte/fFiqnOO63aAqSyqJ5AtFeVC8/JFSriJ5OgkOSJlLzbaMGW1OPb X-Received: by 2002:aa7:d747:: with SMTP id a7mr33472876eds.304.1600368561502; Thu, 17 Sep 2020 11:49:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600368561; cv=none; d=google.com; s=arc-20160816; b=T2oH7gyD/vgf5g9WWtBeGkQec58GaMqnNh6NxyOTSNwkX4RyJoQiLcOeltrNG8yi5j lqyp56zPxqGxuA2Ico9z3PNmYqdOoW5pqgMmJe6A5UBbmDXpCE+qxS/CHZfCjsef9TZz gRizXZIa0Y9fv+60eIr09QsigYnoXFAxI9m2TBPHrWP1Xo/Co5vnhUMoGNt5fMVo3HaR lJYddsrkFu2ez1KGNnTI4wMSytKHhYiHgY4V4MORg/VkkQgPi3bS8h6pmChai6NxakNC 3qUKWl2eyO2xu5RpWRe2/C1GWKKf+p/brNshmWqAysMdTTIweMzqp+CZw8IgXVYIzDko LiYw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=1rvr2BVFFCTOUEke8QL6WWahahEPU0wR3vn3Rxv5DOU=; b=eooXitFJxVaydkprceD0r/jFL/06psyPnKpLBug/WDoS6FiC767DyN/i1nM1tgbXqe gkg9NKGA1X6/Q29IVFyBPOPr4Qz2IQBH30AM/vh0tblieWUTyvBtdjeH91sBby7CFKEE 8UKj20w/UNORv1fx7xu6JcE4c05nMRkMwA6fZs68i/5gU7i/F7j8rsZSObai2Jif7uGZ njgXgRqpobXp2J2YvLq5e+4KY/eGOacurFi5CQHED8bQ862EoxoZHtpvFwj4iMKX05ds M6ZYpowv7e8L0hqnbJ9/ie6s0rblJ6MHz90D6eNCnqHl3GzT7anJ4D4IS4r3tfznFr7p LmJA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-media-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-media-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id c25si376537eds.548.2020.09.17.11.49.21; Thu, 17 Sep 2020 11:49:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-media-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-media-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-media-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728570AbgIQQdp (ORCPT + 4 others); Thu, 17 Sep 2020 12:33:45 -0400 Received: from mout.kundenserver.de ([212.227.126.131]:60113 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728555AbgIQQdU (ORCPT ); Thu, 17 Sep 2020 12:33:20 -0400 Received: from threadripper.lan ([149.172.98.151]) by mrelayeu.kundenserver.de (mreue011 [212.227.15.129]) with ESMTPA (Nemesis) id 1MpD39-1kq8OL1wr9-00qkok; Thu, 17 Sep 2020 17:28:26 +0200 From: Arnd Bergmann To: linux-media@vger.kernel.org, mchehab@kernel.org, hverkuil@xs4all.nl Cc: hch@lst.de, linux-kernel@vger.kernel.org, Arnd Bergmann Subject: [PATCH 4/8] media: v4l2: move compat handling for v4l2_buffer Date: Thu, 17 Sep 2020 17:28:19 +0200 Message-Id: <20200917152823.1241599-5-arnd@arndb.de> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200917152823.1241599-1-arnd@arndb.de> References: <20200917152823.1241599-1-arnd@arndb.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:zgR99yeXBWunSRNR2pQVeQw2zfQ2QgupaadkCUuxgfQ0m/ngvSN fr1gCQSAYuLCz9ZKBbpYxLIJ2hNP3PYcz7heEVrjomAjzZ/4ZoltkJi+kKGYsXVDFrwyDyb n3JRXYT+UYlLk3GXXv/e4Zx50hX2dHYu1pc5FZ+uNJVfcXAxv1NjGoDrj+YDeL9DMxVyTdz UtBQT5wRlooMIq6Gtz90A== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1; V03:K0:09lHKTPDzvI=:q48J7VshHUYXbKEn9xXrr/ Vi1hBW1teUSt/YTUeOwncItKn6uHaeEaCSXs4yZHkXw8Mu1tR1nxakhs/ox1P/eDHfF1yg0JD gafhXSfPpzHIhLzQS4Bk6gU5GlK7/CLtxyP2YHfaauPHYRczn3npQt74RbXxdFhWGNsCi0Eqg cuzaRDnisQEHB+N9Ur0HZ1hdPTLSKkOBIiA4x5dNkBQ6FRO40LMA5pNGZB1hFQgnzFUEHJITV OYMTcMT5kuk7tw7nDyEP/IgCC+IDT7i9zvJH5pVevSPioG6tyjq2+EDLVJI0FmbKYZfj18eov 2kmnFgW9qbHTA0eFQ1xi8I1inXjlwNXyoCkYzJKu+Jv0Bxx8WGRg0OIfcM2GUDpCqrT/aJ01N RCzyIkBbLjUHS6o6HM1BG8gcGZp2KsO+DejKvgCkqHNaAoqpcWyWPFFwZtxmFMd9QSLIKKb79 yy795Yh0S9PzomAgEx9Q/rD49kU7lCWThVUgVsja6YoLnZEitODGXNEQ3qby4E7RDmUmaTs0v FXFi0oSNpMHFbQVDsESjGv5CM7PzPWIiQeDvf0m1sCriPQTVf79tB6IwG69rOjK15MCixywG6 U6s8TiedZHWsOYUC533SYX3O0rlNLyvWddszaxrGcL6bcEl3liJmKK9wFrKDEyLGhshbKLWDq GQqEuzKGkfp1+Uo6EGV+9UVYH6xr+BPZRIH81wfch2B6VsnGkHNluZab5OJ4ixu9Q+q8/TVVB ImI1VUgWSsQWj5813kneEtWBEjZLhf/Mm8pbGI37GH7eOu9QcHFlEEaEKMQ9huwyKVuaBhL00 CilmZLV8NjpFdXACJc/B1Milw2iwb/yWlD9DBBsYBzhTc/mkNw5pEXL1UM5SQIPVt30HvFm Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org The ioctl commands based on v4l2_buffer have two sets of compat calls, one for native time32 structures, and one for compat structures on 64-bit architectures. Change the compat version to use the same approach as the other simpler one, for both versions of the structure. In an earlier version of the patch, I unified the v4l2_buffer_time32 and v4l2_buffer32_time32 compatibility handling into a single implementation, but that relied on having it all in one file, rather than having the in_compat_syscall() version in v4l2-compat-ioctl32.c. Signed-off-by: Arnd Bergmann --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 729 +++++++----------- 1 file changed, 276 insertions(+), 453 deletions(-) -- 2.27.0 diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index 1471dab71703..d1055bef8933 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -527,480 +527,257 @@ struct v4l2_buffer32_time32 { __s32 request_fd; }; -static int get_v4l2_plane32(struct v4l2_plane __user *p64, +static int get_v4l2_plane32(struct v4l2_plane *p64, struct v4l2_plane32 __user *p32, enum v4l2_memory memory) { - compat_ulong_t p; + struct v4l2_plane32 plane32; + typeof(p64->m) m = {}; - if (copy_in_user(p64, p32, 2 * sizeof(__u32)) || - copy_in_user(&p64->data_offset, &p32->data_offset, - sizeof(p64->data_offset))) + if (copy_from_user(&plane32, p32, sizeof(plane32))) return -EFAULT; switch (memory) { case V4L2_MEMORY_MMAP: case V4L2_MEMORY_OVERLAY: - if (copy_in_user(&p64->m.mem_offset, &p32->m.mem_offset, - sizeof(p32->m.mem_offset))) - return -EFAULT; + m.mem_offset = plane32.m.mem_offset; break; case V4L2_MEMORY_USERPTR: - if (get_user(p, &p32->m.userptr) || - put_user((unsigned long)compat_ptr(p), &p64->m.userptr)) - return -EFAULT; + m.userptr = (unsigned long)compat_ptr(plane32.m.userptr); break; case V4L2_MEMORY_DMABUF: - if (copy_in_user(&p64->m.fd, &p32->m.fd, sizeof(p32->m.fd))) - return -EFAULT; + m.fd = plane32.m.fd; break; } + memset(p64, 0, sizeof(*p64)); + *p64 = (struct v4l2_plane) { + .bytesused = p64->bytesused, + .length = p64->bytesused, + .m = m, + .data_offset = p64->data_offset, + }; + return 0; } -static int put_v4l2_plane32(struct v4l2_plane __user *p64, +static int put_v4l2_plane32(struct v4l2_plane *p64, struct v4l2_plane32 __user *p32, enum v4l2_memory memory) { - unsigned long p; + struct v4l2_plane32 plane32; - if (copy_in_user(p32, p64, 2 * sizeof(__u32)) || - copy_in_user(&p32->data_offset, &p64->data_offset, - sizeof(p64->data_offset))) - return -EFAULT; + memset(&plane32, 0, sizeof(plane32)); + plane32 = (struct v4l2_plane32) { + .bytesused = p64->bytesused, + .length = p64->bytesused, + .data_offset = p64->data_offset, + }; switch (memory) { case V4L2_MEMORY_MMAP: case V4L2_MEMORY_OVERLAY: - if (copy_in_user(&p32->m.mem_offset, &p64->m.mem_offset, - sizeof(p64->m.mem_offset))) - return -EFAULT; + plane32.m.mem_offset = p64->m.mem_offset; break; case V4L2_MEMORY_USERPTR: - if (get_user(p, &p64->m.userptr) || - put_user((compat_ulong_t)ptr_to_compat((void __user *)p), - &p32->m.userptr)) - return -EFAULT; + plane32.m.userptr = (uintptr_t)(p64->m.userptr); break; case V4L2_MEMORY_DMABUF: - if (copy_in_user(&p32->m.fd, &p64->m.fd, sizeof(p64->m.fd))) - return -EFAULT; + plane32.m.fd = p64->m.fd; break; } - return 0; -} - -static int bufsize_v4l2_buffer(struct v4l2_buffer32 __user *p32, u32 *size) -{ - u32 type; - u32 length; - - if (!access_ok(p32, sizeof(*p32)) || - get_user(type, &p32->type) || - get_user(length, &p32->length)) + if (copy_to_user(p32, &plane32, sizeof(plane32))) return -EFAULT; - if (V4L2_TYPE_IS_MULTIPLANAR(type)) { - if (length > VIDEO_MAX_PLANES) - return -EINVAL; - - /* - * We don't really care if userspace decides to kill itself - * by passing a very big length value - */ - *size = length * sizeof(struct v4l2_plane); - } else { - *size = 0; - } return 0; } -static int bufsize_v4l2_buffer_time32(struct v4l2_buffer32_time32 __user *p32, u32 *size) +static int get_v4l2_buffer32(struct v4l2_buffer *vb, + struct v4l2_buffer32 __user *arg, + bool querybuf) { - u32 type; - u32 length; + struct v4l2_buffer32 vb32; - if (!access_ok(p32, sizeof(*p32)) || - get_user(type, &p32->type) || - get_user(length, &p32->length)) + if (copy_from_user(&vb32, arg, sizeof(vb32))) return -EFAULT; - if (V4L2_TYPE_IS_MULTIPLANAR(type)) { - if (length > VIDEO_MAX_PLANES) - return -EINVAL; + memset(vb, 0, sizeof(*vb)); + *vb = (struct v4l2_buffer) { + .index = vb32.index, + .type = vb32.type, + .bytesused = vb32.bytesused, + .flags = vb32.flags, + .field = vb32.field, + .timestamp.tv_sec = vb32.timestamp.tv_sec, + .timestamp.tv_usec = vb32.timestamp.tv_usec, + .timecode = vb32.timecode, + .sequence = vb32.sequence, + .memory = vb32.memory, + .m.offset = vb32.m.offset, + .length = vb32.length, + .request_fd = vb32.request_fd, + }; - /* - * We don't really care if userspace decides to kill itself - * by passing a very big length value - */ - *size = length * sizeof(struct v4l2_plane); - } else { - *size = 0; + switch (vb->memory) { + case V4L2_MEMORY_MMAP: + case V4L2_MEMORY_OVERLAY: + vb->m.offset = vb32.m.offset; + break; + case V4L2_MEMORY_USERPTR: + vb->m.userptr = vb32.m.userptr; + break; + case V4L2_MEMORY_DMABUF: + vb->m.fd = vb32.m.fd; + break; } - return 0; -} - -static int get_v4l2_buffer32(struct v4l2_buffer __user *p64, - struct v4l2_buffer32 __user *p32, - void __user *aux_buf, u32 aux_space) -{ - u32 type; - u32 length; - s32 request_fd; - enum v4l2_memory memory; - struct v4l2_plane32 __user *uplane32; - struct v4l2_plane __user *uplane; - compat_caddr_t p; - int ret; - - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p64->index, &p32->index) || - get_user(type, &p32->type) || - put_user(type, &p64->type) || - assign_in_user(&p64->flags, &p32->flags) || - get_user(memory, &p32->memory) || - put_user(memory, &p64->memory) || - get_user(length, &p32->length) || - put_user(length, &p64->length) || - get_user(request_fd, &p32->request_fd) || - put_user(request_fd, &p64->request_fd)) - return -EFAULT; - if (V4L2_TYPE_IS_OUTPUT(type)) - if (assign_in_user(&p64->bytesused, &p32->bytesused) || - assign_in_user(&p64->field, &p32->field) || - assign_in_user(&p64->timestamp.tv_sec, - &p32->timestamp.tv_sec) || - assign_in_user(&p64->timestamp.tv_usec, - &p32->timestamp.tv_usec)) - return -EFAULT; + if (V4L2_TYPE_IS_MULTIPLANAR(vb->type)) + vb->m.planes = (void __force *) + compat_ptr(vb32.m.planes); - if (V4L2_TYPE_IS_MULTIPLANAR(type)) { - u32 num_planes = length; - - if (num_planes == 0) { - /* - * num_planes == 0 is legal, e.g. when userspace doesn't - * need planes array on DQBUF - */ - return put_user(NULL, &p64->m.planes); - } - if (num_planes > VIDEO_MAX_PLANES) - return -EINVAL; - - if (get_user(p, &p32->m.planes)) - return -EFAULT; - - uplane32 = compat_ptr(p); - if (!access_ok(uplane32, - num_planes * sizeof(*uplane32))) - return -EFAULT; - - /* - * We don't really care if userspace decides to kill itself - * by passing a very big num_planes value - */ - if (aux_space < num_planes * sizeof(*uplane)) - return -EFAULT; - - uplane = aux_buf; - if (put_user_force(uplane, &p64->m.planes)) - return -EFAULT; - - while (num_planes--) { - ret = get_v4l2_plane32(uplane, uplane32, memory); - if (ret) - return ret; - uplane++; - uplane32++; - } - } else { - switch (memory) { - case V4L2_MEMORY_MMAP: - case V4L2_MEMORY_OVERLAY: - if (assign_in_user(&p64->m.offset, &p32->m.offset)) - return -EFAULT; - break; - case V4L2_MEMORY_USERPTR: { - compat_ulong_t userptr; - - if (get_user(userptr, &p32->m.userptr) || - put_user((unsigned long)compat_ptr(userptr), - &p64->m.userptr)) - return -EFAULT; - break; - } - case V4L2_MEMORY_DMABUF: - if (assign_in_user(&p64->m.fd, &p32->m.fd)) - return -EFAULT; - break; - } - } + if (querybuf) + vb->request_fd = 0; return 0; } -static int get_v4l2_buffer32_time32(struct v4l2_buffer_time32 __user *p64, - struct v4l2_buffer32_time32 __user *p32, - void __user *aux_buf, u32 aux_space) +#ifdef CONFIG_COMPAT_32BIT_TIME +static int get_v4l2_buffer32_time32(struct v4l2_buffer *vb, + struct v4l2_buffer32_time32 __user *arg, + bool querybuf) { - u32 type; - u32 length; - s32 request_fd; - enum v4l2_memory memory; - struct v4l2_plane32 __user *uplane32; - struct v4l2_plane __user *uplane; - compat_caddr_t p; - int ret; + struct v4l2_buffer32_time32 vb32; - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p64->index, &p32->index) || - get_user(type, &p32->type) || - put_user(type, &p64->type) || - assign_in_user(&p64->flags, &p32->flags) || - get_user(memory, &p32->memory) || - put_user(memory, &p64->memory) || - get_user(length, &p32->length) || - put_user(length, &p64->length) || - get_user(request_fd, &p32->request_fd) || - put_user(request_fd, &p64->request_fd)) + if (copy_from_user(&vb32, arg, sizeof(vb32))) return -EFAULT; - if (V4L2_TYPE_IS_OUTPUT(type)) - if (assign_in_user(&p64->bytesused, &p32->bytesused) || - assign_in_user(&p64->field, &p32->field) || - assign_in_user(&p64->timestamp.tv_sec, - &p32->timestamp.tv_sec) || - assign_in_user(&p64->timestamp.tv_usec, - &p32->timestamp.tv_usec)) - return -EFAULT; - - if (V4L2_TYPE_IS_MULTIPLANAR(type)) { - u32 num_planes = length; - - if (num_planes == 0) { - /* - * num_planes == 0 is legal, e.g. when userspace doesn't - * need planes array on DQBUF - */ - return put_user(NULL, &p64->m.planes); - } - if (num_planes > VIDEO_MAX_PLANES) - return -EINVAL; - - if (get_user(p, &p32->m.planes)) - return -EFAULT; - - uplane32 = compat_ptr(p); - if (!access_ok(uplane32, - num_planes * sizeof(*uplane32))) - return -EFAULT; - - /* - * We don't really care if userspace decides to kill itself - * by passing a very big num_planes value - */ - if (aux_space < num_planes * sizeof(*uplane)) - return -EFAULT; - - uplane = aux_buf; - if (put_user_force(uplane, &p64->m.planes)) - return -EFAULT; - - while (num_planes--) { - ret = get_v4l2_plane32(uplane, uplane32, memory); - if (ret) - return ret; - uplane++; - uplane32++; - } - } else { - switch (memory) { - case V4L2_MEMORY_MMAP: - case V4L2_MEMORY_OVERLAY: - if (assign_in_user(&p64->m.offset, &p32->m.offset)) - return -EFAULT; - break; - case V4L2_MEMORY_USERPTR: { - compat_ulong_t userptr; - - if (get_user(userptr, &p32->m.userptr) || - put_user((unsigned long)compat_ptr(userptr), - &p64->m.userptr)) - return -EFAULT; - break; - } - case V4L2_MEMORY_DMABUF: - if (assign_in_user(&p64->m.fd, &p32->m.fd)) - return -EFAULT; - break; - } + *vb = (struct v4l2_buffer) { + .index = vb32.index, + .type = vb32.type, + .bytesused = vb32.bytesused, + .flags = vb32.flags, + .field = vb32.field, + .timestamp.tv_sec = vb32.timestamp.tv_sec, + .timestamp.tv_usec = vb32.timestamp.tv_usec, + .timecode = vb32.timecode, + .sequence = vb32.sequence, + .memory = vb32.memory, + .m.offset = vb32.m.offset, + .length = vb32.length, + .request_fd = vb32.request_fd, + }; + switch (vb->memory) { + case V4L2_MEMORY_MMAP: + case V4L2_MEMORY_OVERLAY: + vb->m.offset = vb32.m.offset; + break; + case V4L2_MEMORY_USERPTR: + vb->m.userptr = vb32.m.userptr; + break; + case V4L2_MEMORY_DMABUF: + vb->m.fd = vb32.m.fd; + break; } + if (V4L2_TYPE_IS_MULTIPLANAR(vb->type)) + vb->m.planes = (void __force *) + compat_ptr(vb32.m.planes); + if (querybuf) + vb->request_fd = 0; + return 0; } +#endif -static int put_v4l2_buffer32(struct v4l2_buffer __user *p64, - struct v4l2_buffer32 __user *p32) +static int put_v4l2_buffer32(struct v4l2_buffer *vb, + struct v4l2_buffer32 __user *arg) { - u32 type; - u32 length; - enum v4l2_memory memory; - struct v4l2_plane32 __user *uplane32; - struct v4l2_plane *uplane; - compat_caddr_t p; - int ret; + struct v4l2_buffer32 vb32;; + + memset (&vb32, 0, sizeof vb32); + vb32 = (struct v4l2_buffer32) { + .index = vb->index, + .type = vb->type, + .bytesused = vb->bytesused, + .flags = vb->flags, + .field = vb->field, + .timestamp.tv_sec = vb->timestamp.tv_sec, + .timestamp.tv_usec = vb->timestamp.tv_usec, + .timecode = vb->timecode, + .sequence = vb->sequence, + .memory = vb->memory, + .m.offset = vb->m.offset, + .length = vb->length, + .request_fd = vb->request_fd, + }; - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->index, &p64->index) || - get_user(type, &p64->type) || - put_user(type, &p32->type) || - assign_in_user(&p32->flags, &p64->flags) || - get_user(memory, &p64->memory) || - put_user(memory, &p32->memory)) - return -EFAULT; + switch (vb->memory) { + case V4L2_MEMORY_MMAP: + case V4L2_MEMORY_OVERLAY: + vb32.m.offset = vb->m.offset; + break; + case V4L2_MEMORY_USERPTR: + vb32.m.userptr = vb->m.userptr; + break; + case V4L2_MEMORY_DMABUF: + vb32.m.fd = vb->m.fd; + break; + } - if (assign_in_user(&p32->bytesused, &p64->bytesused) || - assign_in_user(&p32->field, &p64->field) || - assign_in_user(&p32->timestamp.tv_sec, &p64->timestamp.tv_sec) || - assign_in_user(&p32->timestamp.tv_usec, &p64->timestamp.tv_usec) || - copy_in_user(&p32->timecode, &p64->timecode, sizeof(p64->timecode)) || - assign_in_user(&p32->sequence, &p64->sequence) || - assign_in_user(&p32->reserved2, &p64->reserved2) || - assign_in_user(&p32->request_fd, &p64->request_fd) || - get_user(length, &p64->length) || - put_user(length, &p32->length)) - return -EFAULT; + if (V4L2_TYPE_IS_MULTIPLANAR(vb->type)) + vb32.m.planes = (uintptr_t)vb->m.planes; - if (V4L2_TYPE_IS_MULTIPLANAR(type)) { - u32 num_planes = length; - - if (num_planes == 0) - return 0; - /* We need to define uplane without __user, even though - * it does point to data in userspace here. The reason is - * that v4l2-ioctl.c copies it from userspace to kernelspace, - * so its definition in videodev2.h doesn't have a - * __user markup. Defining uplane with __user causes - * smatch warnings, so instead declare it without __user - * and cast it as a userspace pointer to put_v4l2_plane32(). - */ - if (get_user(uplane, &p64->m.planes)) - return -EFAULT; - if (get_user(p, &p32->m.planes)) - return -EFAULT; - uplane32 = compat_ptr(p); - - while (num_planes--) { - ret = put_v4l2_plane32((void __user *)uplane, - uplane32, memory); - if (ret) - return ret; - ++uplane; - ++uplane32; - } - } else { - switch (memory) { - case V4L2_MEMORY_MMAP: - case V4L2_MEMORY_OVERLAY: - if (assign_in_user(&p32->m.offset, &p64->m.offset)) - return -EFAULT; - break; - case V4L2_MEMORY_USERPTR: - if (assign_in_user(&p32->m.userptr, &p64->m.userptr)) - return -EFAULT; - break; - case V4L2_MEMORY_DMABUF: - if (assign_in_user(&p32->m.fd, &p64->m.fd)) - return -EFAULT; - break; - } - } + if (copy_to_user(arg, &vb32, sizeof(vb32))) + return -EFAULT; return 0; } -static int put_v4l2_buffer32_time32(struct v4l2_buffer_time32 __user *p64, - struct v4l2_buffer32_time32 __user *p32) +#ifdef CONFIG_COMPAT_32BIT_TIME +static int put_v4l2_buffer32_time32(struct v4l2_buffer *vb, + struct v4l2_buffer32_time32 __user *arg) { - u32 type; - u32 length; - enum v4l2_memory memory; - struct v4l2_plane32 __user *uplane32; - struct v4l2_plane *uplane; - compat_caddr_t p; - int ret; + struct v4l2_buffer32_time32 vb32; + + memset (&vb32, 0, sizeof vb32); + vb32 = (struct v4l2_buffer32_time32) { + .index = vb->index, + .type = vb->type, + .bytesused = vb->bytesused, + .flags = vb->flags, + .field = vb->field, + .timestamp.tv_sec = vb->timestamp.tv_sec, + .timestamp.tv_usec = vb->timestamp.tv_usec, + .timecode = vb->timecode, + .sequence = vb->sequence, + .memory = vb->memory, + .m.offset = vb->m.offset, + .length = vb->length, + .request_fd = vb->request_fd, + }; + switch (vb->memory) { + case V4L2_MEMORY_MMAP: + case V4L2_MEMORY_OVERLAY: + vb32.m.offset = vb->m.offset; + break; + case V4L2_MEMORY_USERPTR: + vb32.m.userptr = vb->m.userptr; + break; + case V4L2_MEMORY_DMABUF: + vb32.m.fd = vb->m.fd; + break; + } - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->index, &p64->index) || - get_user(type, &p64->type) || - put_user(type, &p32->type) || - assign_in_user(&p32->flags, &p64->flags) || - get_user(memory, &p64->memory) || - put_user(memory, &p32->memory)) - return -EFAULT; + if (V4L2_TYPE_IS_MULTIPLANAR(vb->type)) + vb32.m.planes = (uintptr_t)vb->m.planes; - if (assign_in_user(&p32->bytesused, &p64->bytesused) || - assign_in_user(&p32->field, &p64->field) || - assign_in_user(&p32->timestamp.tv_sec, &p64->timestamp.tv_sec) || - assign_in_user(&p32->timestamp.tv_usec, &p64->timestamp.tv_usec) || - copy_in_user(&p32->timecode, &p64->timecode, sizeof(p64->timecode)) || - assign_in_user(&p32->sequence, &p64->sequence) || - assign_in_user(&p32->reserved2, &p64->reserved2) || - assign_in_user(&p32->request_fd, &p64->request_fd) || - get_user(length, &p64->length) || - put_user(length, &p32->length)) + if (copy_to_user(arg, &vb32, sizeof(vb32))) return -EFAULT; - if (V4L2_TYPE_IS_MULTIPLANAR(type)) { - u32 num_planes = length; - - if (num_planes == 0) - return 0; - /* We need to define uplane without __user, even though - * it does point to data in userspace here. The reason is - * that v4l2-ioctl.c copies it from userspace to kernelspace, - * so its definition in videodev2.h doesn't have a - * __user markup. Defining uplane with __user causes - * smatch warnings, so instead declare it without __user - * and cast it as a userspace pointer to put_v4l2_plane32(). - */ - if (get_user(uplane, &p64->m.planes)) - return -EFAULT; - if (get_user(p, &p32->m.planes)) - return -EFAULT; - uplane32 = compat_ptr(p); - - while (num_planes--) { - ret = put_v4l2_plane32((void __user *)uplane, - uplane32, memory); - if (ret) - return ret; - ++uplane; - ++uplane32; - } - } else { - switch (memory) { - case V4L2_MEMORY_MMAP: - case V4L2_MEMORY_OVERLAY: - if (assign_in_user(&p32->m.offset, &p64->m.offset)) - return -EFAULT; - break; - case V4L2_MEMORY_USERPTR: - if (assign_in_user(&p32->m.userptr, &p64->m.userptr)) - return -EFAULT; - break; - case V4L2_MEMORY_DMABUF: - if (assign_in_user(&p32->m.fd, &p64->m.fd)) - return -EFAULT; - break; - } - } - return 0; } +#endif struct v4l2_framebuffer32 { __u32 capability; @@ -1317,12 +1094,30 @@ static int put_v4l2_edid32(struct v4l2_edid __user *p64, unsigned int v4l2_compat_translate_cmd(unsigned int cmd) { switch (cmd) { +#ifdef CONFIG_COMPAT_32BIT_TIME + case VIDIOC_QUERYBUF32_TIME32: + return VIDIOC_QUERYBUF; + case VIDIOC_QBUF32_TIME32: + return VIDIOC_QBUF; + case VIDIOC_DQBUF32_TIME32: + return VIDIOC_DQBUF; + case VIDIOC_PREPARE_BUF32_TIME32: + return VIDIOC_PREPARE_BUF; +#endif + case VIDIOC_QUERYBUF32: + return VIDIOC_QUERYBUF; + case VIDIOC_QBUF32: + return VIDIOC_QBUF; + case VIDIOC_DQBUF32: + return VIDIOC_DQBUF; case VIDIOC_G_EXT_CTRLS32: return VIDIOC_G_EXT_CTRLS; case VIDIOC_S_EXT_CTRLS32: return VIDIOC_S_EXT_CTRLS; case VIDIOC_TRY_EXT_CTRLS32: return VIDIOC_TRY_EXT_CTRLS; + case VIDIOC_PREPARE_BUF32: + return VIDIOC_PREPARE_BUF; } return cmd; } @@ -1330,6 +1125,21 @@ unsigned int v4l2_compat_translate_cmd(unsigned int cmd) int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) { switch (cmd) { +#ifdef CONFIG_COMPAT_32BIT_TIME + case VIDIOC_QUERYBUF32_TIME32: + case VIDIOC_QBUF32_TIME32: + case VIDIOC_DQBUF32_TIME32: + case VIDIOC_PREPARE_BUF32_TIME32: + return get_v4l2_buffer32_time32(parg, arg, + cmd == VIDIOC_QUERYBUF32_TIME32); +#endif + case VIDIOC_QUERYBUF32: + case VIDIOC_QBUF32: + case VIDIOC_DQBUF32: + case VIDIOC_PREPARE_BUF32: + return get_v4l2_buffer32(parg, arg, + cmd == VIDIOC_QUERYBUF32); + case VIDIOC_G_EXT_CTRLS32: case VIDIOC_S_EXT_CTRLS32: case VIDIOC_TRY_EXT_CTRLS32: @@ -1341,6 +1151,19 @@ int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) int v4l2_compat_put_user(void __user *arg, void *parg, unsigned int cmd) { switch (cmd) { +#ifdef CONFIG_COMPAT_32BIT_TIME + case VIDIOC_QUERYBUF32_TIME32: + case VIDIOC_QBUF32_TIME32: + case VIDIOC_DQBUF32_TIME32: + case VIDIOC_PREPARE_BUF32_TIME32: + return put_v4l2_buffer32_time32(parg, arg); +#endif + case VIDIOC_QUERYBUF32: + case VIDIOC_QBUF32: + case VIDIOC_DQBUF32: + case VIDIOC_PREPARE_BUF32: + return put_v4l2_buffer32(parg, arg); + case VIDIOC_G_EXT_CTRLS32: case VIDIOC_S_EXT_CTRLS32: case VIDIOC_TRY_EXT_CTRLS32: @@ -1356,6 +1179,33 @@ int v4l2_compat_get_array_args(struct file *file, void *mbuf, int err = 0; switch (cmd) { + case VIDIOC_QUERYBUF32_TIME32: + case VIDIOC_QBUF32_TIME32: + case VIDIOC_DQBUF32_TIME32: + case VIDIOC_PREPARE_BUF32_TIME32: + case VIDIOC_QUERYBUF32: + case VIDIOC_QBUF32: + case VIDIOC_DQBUF32: + case VIDIOC_PREPARE_BUF32: { + struct v4l2_buffer *b64 = arg; + struct v4l2_plane *p64 = mbuf; + struct v4l2_plane32 __user *p32 = user_ptr; + u32 num_planes = p64->length; + + if (V4L2_TYPE_IS_MULTIPLANAR(b64->type)) { + if (num_planes == 0) + return 0; + + while (num_planes--) { + err = get_v4l2_plane32(p64, p32, b64->memory); + if (err) + return err; + ++p64; + ++p32; + } + } + break; + } case VIDIOC_G_EXT_CTRLS32: case VIDIOC_S_EXT_CTRLS32: case VIDIOC_TRY_EXT_CTRLS32: { @@ -1395,6 +1245,33 @@ int v4l2_compat_put_array_args(struct file *file, void __user *user_ptr, int err = 0; switch (cmd) { + case VIDIOC_QUERYBUF32_TIME32: + case VIDIOC_QBUF32_TIME32: + case VIDIOC_DQBUF32_TIME32: + case VIDIOC_PREPARE_BUF32_TIME32: + case VIDIOC_QUERYBUF32: + case VIDIOC_QBUF32: + case VIDIOC_DQBUF32: + case VIDIOC_PREPARE_BUF32: { + struct v4l2_buffer *b64 = arg; + struct v4l2_plane *p64 = mbuf; + struct v4l2_plane32 __user *p32 = user_ptr; + u32 num_planes = p64->length; + + if (V4L2_TYPE_IS_MULTIPLANAR(b64->type)) { + if (num_planes == 0) + return 0; + + while (num_planes--) { + err = put_v4l2_plane32(p64, p32, b64->memory); + if (err) + return err; + ++p64; + ++p32; + } + } + break; + } case VIDIOC_G_EXT_CTRLS32: case VIDIOC_S_EXT_CTRLS32: case VIDIOC_TRY_EXT_CTRLS32: { @@ -1491,14 +1368,8 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar switch (cmd) { case VIDIOC_G_FMT32: ncmd = VIDIOC_G_FMT; break; case VIDIOC_S_FMT32: ncmd = VIDIOC_S_FMT; break; - case VIDIOC_QUERYBUF32: ncmd = VIDIOC_QUERYBUF; break; - case VIDIOC_QUERYBUF32_TIME32: ncmd = VIDIOC_QUERYBUF_TIME32; break; case VIDIOC_G_FBUF32: ncmd = VIDIOC_G_FBUF; break; case VIDIOC_S_FBUF32: ncmd = VIDIOC_S_FBUF; break; - case VIDIOC_QBUF32: ncmd = VIDIOC_QBUF; break; - case VIDIOC_QBUF32_TIME32: ncmd = VIDIOC_QBUF_TIME32; break; - case VIDIOC_DQBUF32: ncmd = VIDIOC_DQBUF; break; - case VIDIOC_DQBUF32_TIME32: ncmd = VIDIOC_DQBUF_TIME32; break; case VIDIOC_ENUMSTD32: ncmd = VIDIOC_ENUMSTD; break; case VIDIOC_ENUMINPUT32: ncmd = VIDIOC_ENUMINPUT; break; case VIDIOC_TRY_FMT32: ncmd = VIDIOC_TRY_FMT; break; @@ -1507,8 +1378,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar case VIDIOC_DQEVENT32_TIME32: ncmd = VIDIOC_DQEVENT_TIME32; break; #endif case VIDIOC_CREATE_BUFS32: ncmd = VIDIOC_CREATE_BUFS; break; - case VIDIOC_PREPARE_BUF32: ncmd = VIDIOC_PREPARE_BUF; break; - case VIDIOC_PREPARE_BUF32_TIME32: ncmd = VIDIOC_PREPARE_BUF_TIME32; break; case VIDIOC_G_EDID32: ncmd = VIDIOC_G_EDID; break; case VIDIOC_S_EDID32: ncmd = VIDIOC_S_EDID; break; default: ncmd = cmd; break; @@ -1556,38 +1425,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar compatible_arg = 0; break; - case VIDIOC_PREPARE_BUF32: - case VIDIOC_QUERYBUF32: - case VIDIOC_QBUF32: - case VIDIOC_DQBUF32: - err = bufsize_v4l2_buffer(p32, &aux_space); - if (!err) - err = alloc_userspace(sizeof(struct v4l2_buffer), - aux_space, &new_p64); - if (!err) { - aux_buf = new_p64 + sizeof(struct v4l2_buffer); - err = get_v4l2_buffer32(new_p64, p32, - aux_buf, aux_space); - } - compatible_arg = 0; - break; - - case VIDIOC_PREPARE_BUF32_TIME32: - case VIDIOC_QUERYBUF32_TIME32: - case VIDIOC_QBUF32_TIME32: - case VIDIOC_DQBUF32_TIME32: - err = bufsize_v4l2_buffer_time32(p32, &aux_space); - if (!err) - err = alloc_userspace(sizeof(struct v4l2_buffer), - aux_space, &new_p64); - if (!err) { - aux_buf = new_p64 + sizeof(struct v4l2_buffer); - err = get_v4l2_buffer32_time32(new_p64, p32, - aux_buf, aux_space); - } - compatible_arg = 0; - break; - case VIDIOC_S_FBUF32: err = alloc_userspace(sizeof(struct v4l2_framebuffer), 0, &new_p64); @@ -1700,20 +1537,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar err = put_v4l2_create32(new_p64, p32); break; - case VIDIOC_PREPARE_BUF32: - case VIDIOC_QUERYBUF32: - case VIDIOC_QBUF32: - case VIDIOC_DQBUF32: - err = put_v4l2_buffer32(new_p64, p32); - break; - - case VIDIOC_PREPARE_BUF32_TIME32: - case VIDIOC_QUERYBUF32_TIME32: - case VIDIOC_QBUF32_TIME32: - case VIDIOC_DQBUF32_TIME32: - err = put_v4l2_buffer32_time32(new_p64, p32); - break; - case VIDIOC_ENUMSTD32: err = put_v4l2_standard32(new_p64, p32); break; From patchwork Thu Sep 17 15:28:20 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 313143 Delivered-To: patch@linaro.org Received: by 2002:a92:5ad1:0:0:0:0:0 with SMTP id b78csp683423ilg; Thu, 17 Sep 2020 11:50:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJybBUf2CVApET+XmrtMwRFqAQaikMJ0QOoFW1az+jd2MdY+RUTKd86IRhrJFL8XvEhOX8Yu X-Received: by 2002:a50:a2e6:: with SMTP id 93mr33143417edm.147.1600368605860; Thu, 17 Sep 2020 11:50:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600368605; cv=none; d=google.com; s=arc-20160816; b=0uxuQ+408m+zMj4xuO/8+RXe3zPUXx/lI6D7JnDccfjQdTtswq5Is3VX2scMVbjqE6 1nBlv+x3C+NpZ70+oolq8+IgEH2qsmWdDDjdHDOquqePETW10ZsOB7GARnvAwbHR98zq 1yzrStelxC+0ZvPi5KbUYpXjE7q2qV1eBjKqPo6ShcqrzPB3qsx07eFu57t/0rLmHKax vEMljbHfd8I2OANF/rDFNApMH/9GVWBYedW7ISSiVhUlfP8xlExYn/08R4qAAgAeGh/x J8BN6pktN7ptTqAmwvvMH2ASeZs8OHRVtoBrVClvz8B2X+8tkGFmJXL3klvRghm3AF6f Eygg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=zn/yAl4SynJKa7wi2mYMqLcc7wH9JGjde0KeorXtsaQ=; b=X1hZaGv41e261+CcHhiI3cOSpYa/g2vD9aq+GhWRFmOIsSle7/0iAWrL3Ez47sVdow LAclEq/PyRmqOXrgQXXAcT/UAjv32JWsyfOVJsJ0ElKhga9Ea5OXOUXDG9064FGZaJc8 ISRbXm39rqm/Y8LJtQpN03fdvImurTZJTM/KSvXqmigP+YqGz/qJZteGx2s5B4u8LEeq lWk4WIpXXUpbaCKAvW/Aus5lN+QySaFu1NcPxM3pz0TQ6WRxxPisVP9Y7PpZLbm1WS3n 14Ygs4JAtY7mBGj4pLHfngkhnDo/5ne1txWY/wYf0Eq4ctWBKjf+GUiqAAga+dopKu94 T5/A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-media-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-media-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id r12si422334edb.495.2020.09.17.11.50.05; Thu, 17 Sep 2020 11:50:05 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-media-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-media-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-media-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726376AbgIQSt4 (ORCPT + 4 others); Thu, 17 Sep 2020 14:49:56 -0400 Received: from mout.kundenserver.de ([212.227.126.130]:43985 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728077AbgIQQcz (ORCPT ); Thu, 17 Sep 2020 12:32:55 -0400 Received: from threadripper.lan ([149.172.98.151]) by mrelayeu.kundenserver.de (mreue011 [212.227.15.129]) with ESMTPA (Nemesis) id 1MwwqB-1kgGVF2t0F-00yQIY; Thu, 17 Sep 2020 17:28:26 +0200 From: Arnd Bergmann To: linux-media@vger.kernel.org, mchehab@kernel.org, hverkuil@xs4all.nl Cc: hch@lst.de, linux-kernel@vger.kernel.org, Arnd Bergmann Subject: [PATCH 5/8] media: v4l2: allocate v4l2_clip objects early Date: Thu, 17 Sep 2020 17:28:20 +0200 Message-Id: <20200917152823.1241599-6-arnd@arndb.de> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200917152823.1241599-1-arnd@arndb.de> References: <20200917152823.1241599-1-arnd@arndb.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:Wq1fCdRcFHZE3TDFnh8T0Vdh2pTDLIen4VbwT9TgfNKcdiRlp+K mWSzQA90fd1lmbh2NdwXg6GNCj/acRZbURMxBGlJxl9nE5ao2xRksyH03V2oHtKO0Up43HT UCynnspvF2tOuwXGVHAjYG7ZfHbXhOugD97QXuhmppnGsXErCQ8iEesuOrFDyLQw+86Bg4S gk/vxM4V+Q9u8dhMLxl8Q== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1; V03:K0:z8NJpNL4+Dc=:B47wzkulHLd0XwajUEkZwt CNN9crb600qEJLHBfUP7mGUD0LXIZgxF6sIQr+YX8T3W7AIb6sCchvKhbKdvNaYM7hiDE1PUo bZf+gDFl+NmYTmHeKDkYQjZTOI26JyJDozODvcdSvSjfsf/iZc9xPsbo0FeTsR61mmINbcmfd xn/0iRHPmtmkZ7kFAfKhdvLJ0neZmaGq3IuQBmX2yXqjwy6pYRMYGZqvfPDNYtq9Ila6T7xGf rZsS2YBBmI+jS+je6IdlFR7HBrlMqMwhN8yldkstDf3hTNhbF97oM6RinxDql+4PQ4LLGNwnB oy8jyEzsZgGXA554+ebUQsTho9AoTEnPTXHtRHiXqNdVhn3SvHsi4Cotmkix9/q96xDCSaeYe FkfbHSTrEKKARnP2p3Bv1I1rvYk2j5UgeWiA7euXyhTZKCZnLUN2eJOsHW96iBPiqqE29K4PG Kcy/ZP8flNHSKfhJ7HHJA9nugaUMKTdNMKakpqYCNwQRlcDpdqQO1ShC99wFE/obVSAMzgQo9 4U2PzRkqWxWdkbBPerb8+dT60y2U2LYgNT0FRMuR83po/r6ZjKBK52Urk9cuBwtDt9EA/Rd7q nI1TDcomI/lp4SveaXjpy68562uBkf9as4+PiCj6Kr5qNqn1oIo6pPFECL95OOmioHW7wqa2A ACEkeqStRpIWCyAjlnPKj1XSzRAKgFwd8Y7FAqxu0+X6EBpwxlIA0vFy3TlTJQYee6SmUMxif KIRunezNBtrBqfgqX9RX3pBMhJU/zDSYUyK7f0wqzPwbWkTwS0jjHh37D56R1XDaQ9P0jv8JU 3LuV2WYJi4wOJ670kTHqBFwySKo7ecuY/2qxfzzDn9rV28tn74F1awqWIoIRRyPlx2a6Fsa Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org The v4l2_format based ioctls can have an indirect pointer to an array of v4l2_clip structures for overlay mode, depending on the 'type' member. There are only five drivers that use the overlay mode and copy the data through the __user pointer. Change the five drivers to use memcpy() instead, and copy the data in common code using the check_array_args() helpers. This allows for a subsequent patch that use the same mechanism for compat ioctl handlers. Note that there is another pointer for a 'bitmap' that is only used in the 'vivid' driver and nowhere else. There is no easy way to use the same trick without adding complexity to the common code, so this remains a __user pointer. Signed-off-by: Arnd Bergmann --- drivers/media/common/saa7146/saa7146_video.c | 6 ++--- drivers/media/pci/bt8xx/bttv-driver.c | 8 ++----- drivers/media/pci/saa7134/saa7134-video.c | 19 ++++++--------- .../media/test-drivers/vivid/vivid-vid-cap.c | 18 ++++++--------- .../media/test-drivers/vivid/vivid-vid-out.c | 18 ++++++--------- drivers/media/v4l2-core/v4l2-ioctl.c | 23 ++++++++++++++++++- include/uapi/linux/videodev2.h | 2 +- 7 files changed, 48 insertions(+), 46 deletions(-) -- 2.27.0 diff --git a/drivers/media/common/saa7146/saa7146_video.c b/drivers/media/common/saa7146/saa7146_video.c index ccd15b4d4920..7b8795eca589 100644 --- a/drivers/media/common/saa7146/saa7146_video.c +++ b/drivers/media/common/saa7146/saa7146_video.c @@ -771,10 +771,8 @@ static int vidioc_s_fmt_vid_overlay(struct file *file, void *__fh, struct v4l2_f vv->ov.nclips = f->fmt.win.clipcount; if (vv->ov.nclips > 16) vv->ov.nclips = 16; - if (copy_from_user(vv->ov.clips, f->fmt.win.clips, - sizeof(struct v4l2_clip) * vv->ov.nclips)) { - return -EFAULT; - } + memcpy(vv->ov.clips, f->fmt.win.clips, + sizeof(struct v4l2_clip) * vv->ov.nclips); /* vv->ov.fh is used to indicate that we have valid overlay information, too */ vv->ov.fh = fh; diff --git a/drivers/media/pci/bt8xx/bttv-driver.c b/drivers/media/pci/bt8xx/bttv-driver.c index 9144f795fb93..d32929f65507 100644 --- a/drivers/media/pci/bt8xx/bttv-driver.c +++ b/drivers/media/pci/bt8xx/bttv-driver.c @@ -2143,12 +2143,8 @@ static int setup_window_lock(struct bttv_fh *fh, struct bttv *btv, clips = kmalloc(size,GFP_KERNEL); if (NULL == clips) return -ENOMEM; - if (n > 0) { - if (copy_from_user(clips,win->clips,sizeof(struct v4l2_clip)*n)) { - kfree(clips); - return -EFAULT; - } - } + if (n > 0) + memcpy(clips, win->clips, sizeof(struct v4l2_clip)*n); /* clip against screen */ if (NULL != btv->fbuf.base) diff --git a/drivers/media/pci/saa7134/saa7134-video.c b/drivers/media/pci/saa7134/saa7134-video.c index a8ac94fadc14..4d11e3d47df9 100644 --- a/drivers/media/pci/saa7134/saa7134-video.c +++ b/drivers/media/pci/saa7134/saa7134-video.c @@ -1265,9 +1265,7 @@ static int saa7134_g_fmt_vid_overlay(struct file *file, void *priv, struct v4l2_format *f) { struct saa7134_dev *dev = video_drvdata(file); - struct v4l2_clip __user *clips = f->fmt.win.clips; u32 clipcount = f->fmt.win.clipcount; - int err = 0; int i; if (saa7134_no_overlay > 0) { @@ -1275,20 +1273,18 @@ static int saa7134_g_fmt_vid_overlay(struct file *file, void *priv, return -EINVAL; } f->fmt.win = dev->win; - f->fmt.win.clips = clips; - if (clips == NULL) + if (!f->fmt.win.clips) clipcount = 0; if (dev->nclips < clipcount) clipcount = dev->nclips; f->fmt.win.clipcount = clipcount; - for (i = 0; !err && i < clipcount; i++) { - if (copy_to_user(&f->fmt.win.clips[i].c, &dev->clips[i].c, - sizeof(struct v4l2_rect))) - err = -EFAULT; + for (i = 0; i < clipcount; i++) { + memcpy(&f->fmt.win.clips[i].c, &dev->clips[i].c, + sizeof(struct v4l2_rect)); } - return err; + return 0; } static int saa7134_try_fmt_vid_cap(struct file *file, void *priv, @@ -1396,9 +1392,8 @@ static int saa7134_s_fmt_vid_overlay(struct file *file, void *priv, dev->win = f->fmt.win; dev->nclips = f->fmt.win.clipcount; - if (copy_from_user(dev->clips, f->fmt.win.clips, - sizeof(struct v4l2_clip) * dev->nclips)) - return -EFAULT; + memcpy(dev->clips, f->fmt.win.clips, + sizeof(struct v4l2_clip) * dev->nclips); if (priv == dev->overlay_owner) { spin_lock_irqsave(&dev->slock, flags); diff --git a/drivers/media/test-drivers/vivid/vivid-vid-cap.c b/drivers/media/test-drivers/vivid/vivid-vid-cap.c index e94beef008c8..a07bd796a9d7 100644 --- a/drivers/media/test-drivers/vivid/vivid-vid-cap.c +++ b/drivers/media/test-drivers/vivid/vivid-vid-cap.c @@ -1081,11 +1081,9 @@ int vidioc_g_fmt_vid_overlay(struct file *file, void *priv, ((compose->width + 7) / 8) * compose->height)) return -EFAULT; } - if (clipcount && win->clips) { - if (copy_to_user(win->clips, dev->clips_cap, - clipcount * sizeof(dev->clips_cap[0]))) - return -EFAULT; - } + if (clipcount && win->clips) + memcpy(win->clips, dev->clips_cap, + clipcount * sizeof(dev->clips_cap[0])); return 0; } @@ -1115,9 +1113,8 @@ int vidioc_try_fmt_vid_overlay(struct file *file, void *priv, if (win->clipcount > MAX_CLIPS) win->clipcount = MAX_CLIPS; if (win->clipcount) { - if (copy_from_user(dev->try_clips_cap, win->clips, - win->clipcount * sizeof(dev->clips_cap[0]))) - return -EFAULT; + memcpy(dev->try_clips_cap, win->clips, + win->clipcount * sizeof(dev->clips_cap[0])); for (i = 0; i < win->clipcount; i++) { struct v4l2_rect *r = &dev->try_clips_cap[i].c; @@ -1140,9 +1137,8 @@ int vidioc_try_fmt_vid_overlay(struct file *file, void *priv, return -EINVAL; } } - if (copy_to_user(win->clips, dev->try_clips_cap, - win->clipcount * sizeof(dev->clips_cap[0]))) - return -EFAULT; + memcpy(win->clips, dev->try_clips_cap, + win->clipcount * sizeof(dev->clips_cap[0])); } return 0; } diff --git a/drivers/media/test-drivers/vivid/vivid-vid-out.c b/drivers/media/test-drivers/vivid/vivid-vid-out.c index ee3446e3217c..ac1e981e8342 100644 --- a/drivers/media/test-drivers/vivid/vivid-vid-out.c +++ b/drivers/media/test-drivers/vivid/vivid-vid-out.c @@ -857,11 +857,9 @@ int vidioc_g_fmt_vid_out_overlay(struct file *file, void *priv, ((dev->compose_out.width + 7) / 8) * dev->compose_out.height)) return -EFAULT; } - if (clipcount && win->clips) { - if (copy_to_user(win->clips, dev->clips_out, - clipcount * sizeof(dev->clips_out[0]))) - return -EFAULT; - } + if (clipcount && win->clips) + memcpy(win->clips, dev->clips_out, + clipcount * sizeof(dev->clips_out[0])); return 0; } @@ -891,9 +889,8 @@ int vidioc_try_fmt_vid_out_overlay(struct file *file, void *priv, if (win->clipcount > MAX_CLIPS) win->clipcount = MAX_CLIPS; if (win->clipcount) { - if (copy_from_user(dev->try_clips_out, win->clips, - win->clipcount * sizeof(dev->clips_out[0]))) - return -EFAULT; + memcpy(dev->try_clips_out, win->clips, + win->clipcount * sizeof(dev->clips_out[0])); for (i = 0; i < win->clipcount; i++) { struct v4l2_rect *r = &dev->try_clips_out[i].c; @@ -916,9 +913,8 @@ int vidioc_try_fmt_vid_out_overlay(struct file *file, void *priv, return -EINVAL; } } - if (copy_to_user(win->clips, dev->try_clips_out, - win->clipcount * sizeof(dev->clips_out[0]))) - return -EFAULT; + memcpy(win->clips, dev->try_clips_out, + win->clipcount * sizeof(dev->clips_out[0])); } return 0; } diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c index 4e79cdac9a5f..93f75e5de746 100644 --- a/drivers/media/v4l2-core/v4l2-ioctl.c +++ b/drivers/media/v4l2-core/v4l2-ioctl.c @@ -1584,7 +1584,7 @@ static int v4l_g_fmt(const struct v4l2_ioctl_ops *ops, switch (p->type) { case V4L2_BUF_TYPE_VIDEO_OVERLAY: case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY: { - struct v4l2_clip __user *clips = p->fmt.win.clips; + struct v4l2_clip *clips = p->fmt.win.clips; u32 clipcount = p->fmt.win.clipcount; void __user *bitmap = p->fmt.win.bitmap; @@ -3083,6 +3083,27 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size, } break; } + case VIDIOC_G_FMT: + case VIDIOC_S_FMT: + case VIDIOC_TRY_FMT: { + struct v4l2_format *fmt = parg; + + if (fmt->type != V4L2_BUF_TYPE_VIDEO_OVERLAY && + fmt->type != V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY) + break; + if (fmt->fmt.win.clipcount > 2048) + return -EINVAL; + if (!fmt->fmt.win.clipcount) + break; + + *user_ptr = (void __user *)fmt->fmt.win.clips; + *kernel_ptr = (void **)&fmt->fmt.win.clips; + *array_size = sizeof(struct v4l2_clip) + * fmt->fmt.win.clipcount; + + ret = 1; + break; + } } return ret; diff --git a/include/uapi/linux/videodev2.h b/include/uapi/linux/videodev2.h index c7b70ff53bc1..19f315abc69f 100644 --- a/include/uapi/linux/videodev2.h +++ b/include/uapi/linux/videodev2.h @@ -1185,7 +1185,7 @@ struct v4l2_window { struct v4l2_rect w; __u32 field; /* enum v4l2_field */ __u32 chromakey; - struct v4l2_clip __user *clips; + struct v4l2_clip *clips; __u32 clipcount; void __user *bitmap; __u8 global_alpha; From patchwork Thu Sep 17 15:28:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 255748 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 79A97C43461 for ; Thu, 17 Sep 2020 18:49:38 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 4064021D7B for ; Thu, 17 Sep 2020 18:49:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726388AbgIQStc (ORCPT ); Thu, 17 Sep 2020 14:49:32 -0400 Received: from mout.kundenserver.de ([212.227.126.130]:53129 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728497AbgIQQdG (ORCPT ); Thu, 17 Sep 2020 12:33:06 -0400 Received: from threadripper.lan ([149.172.98.151]) by mrelayeu.kundenserver.de (mreue011 [212.227.15.129]) with ESMTPA (Nemesis) id 1MYvse-1jx3Os3oiO-00UozF; Thu, 17 Sep 2020 17:28:26 +0200 From: Arnd Bergmann To: linux-media@vger.kernel.org, mchehab@kernel.org, hverkuil@xs4all.nl Cc: hch@lst.de, linux-kernel@vger.kernel.org, Arnd Bergmann Subject: [PATCH 6/8] media: v4l2: convert v4l2_format compat ioctls Date: Thu, 17 Sep 2020 17:28:21 +0200 Message-Id: <20200917152823.1241599-7-arnd@arndb.de> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200917152823.1241599-1-arnd@arndb.de> References: <20200917152823.1241599-1-arnd@arndb.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:3uo0iCWQ2x7fhkiTWo1iuiTXrf+RA3n/nuQPsm2jTZxoXfdGUOd XvPoMbqfm9kYR//NgckHVRBOBGlegx0xwsUHXNwYRf1m4UDflXGhPB4Bu8tAkuiEdneygxn yPEFu4S+Ue0CxVHsGgoVsj8ysEPvRX/KQCzKtv5GnQ6XwpHmuU7SprXRQz/cuH6jiK7gB2r wf6+wIFtYe0uCJc6MDguA== X-UI-Out-Filterresults: notjunk:1; V03:K0:QlWg2nKb6Lk=:7zsFDBRmINanzNJSiYLvHh ONHxMU4FembGnxydgFH4LkP1dnl0Pbaosaa+xIAprg/uP7QWQKlIOXLONNLTzBNHoc5/zvC0W PhIQoDxUq4/9A55LvUY0Q2RfGOB41w77eIDZdZ+pFhWN0TlBaDfgh8dwBeMQoriXgXV0B5HBw 0KA1GCoUc0ScxU58sS1p3xhQSs3mksgBaI3zdlmjQgRQcJtM0t1hBuO7jwH88rnTsXM8Pk0+f cjTABXwhejZDIjfJu4yUrZNs45mPLm5yaNNYSVebayx1vFCJi192/odfyaAcPj1L6yAWlxvKb oqZMQYZv6h8a7xiu45TBXF8xK96Zh+H5e/qV3UMkgXCkYRO/0xdWyW71mUzDWx0kJ1aSMZLuj MMEpoN95mOH7sG2iIHvDcJM6T+OR5FKJ30kIb4qATa+DxhjRrMTOzw1OksIDMePJOFQ0h7b9m MKslFl6xRPbPCWOxXs3CZ6Lxtll0IryTlkG2G7R9WzWD8JD8NJs8/5T6Pd11kvoqOrm+f7QLf b0pAooAH0BW8GpjLRKwnkiP7AcFoPXNJsTND8cYUPaqaXP67eoijd4c/NpNmnyXjwsW8tQV2P 6Y2uHYyAYW6qnTe5fJydZ/qHuH8lzNAe7gYC5s5qDGmo6jYeRmpTK02P9o7bO1UxfAlx4NZAE qqOINQDsA5NP8vPSPk9nucpYP6+I9dvUqw9WCuOKsRQkjgiAgPikmlHec+OFVoTVA3qYqXCV7 qq2N8fVzmCpVVUZ7/4acDdP5BJqyfQxJ8RN8aypUW8pcQQ9RfzXfS+ms+LR8r7p4nj5coo7Oy eeKs21W75XIHZTCphkL+UXqquNoApruxPfgcEo+zizSul71sJiL6IQwbsSlQtXEsI1N0hBr Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org Now that the 'clips' array is accessed by common code in the native ioctl handler, the same can be done for the compat version, greatly simplifying the compat code for these four ioctl commands. Signed-off-by: Arnd Bergmann --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 348 +++++++----------- 1 file changed, 139 insertions(+), 209 deletions(-) diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index d1055bef8933..f0f3c9f9a0ef 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -150,77 +150,54 @@ struct v4l2_window32 { __u8 global_alpha; }; -static int get_v4l2_window32(struct v4l2_window __user *p64, - struct v4l2_window32 __user *p32, - void __user *aux_buf, u32 aux_space) +static int get_v4l2_window32(struct v4l2_window *p64, + struct v4l2_window32 __user *p32) { - struct v4l2_clip32 __user *uclips; - struct v4l2_clip __user *kclips; - compat_caddr_t p; - u32 clipcount; + struct v4l2_window32 w32; - if (!access_ok(p32, sizeof(*p32)) || - copy_in_user(&p64->w, &p32->w, sizeof(p32->w)) || - assign_in_user(&p64->field, &p32->field) || - assign_in_user(&p64->chromakey, &p32->chromakey) || - assign_in_user(&p64->global_alpha, &p32->global_alpha) || - get_user(clipcount, &p32->clipcount) || - put_user(clipcount, &p64->clipcount)) + if (copy_from_user(&w32, p32, sizeof(w32))) return -EFAULT; - if (clipcount > 2048) - return -EINVAL; - if (!clipcount) - return put_user(NULL, &p64->clips); - if (get_user(p, &p32->clips)) - return -EFAULT; - uclips = compat_ptr(p); - if (aux_space < clipcount * sizeof(*kclips)) - return -EFAULT; - kclips = aux_buf; - if (put_user(kclips, &p64->clips)) - return -EFAULT; + *p64 = (struct v4l2_window) { + .w = w32.w, + .field = w32.field, + .chromakey = w32.chromakey, + .clips = (void __force *)compat_ptr(w32.clips), + .clipcount = w32.clipcount, + .bitmap = compat_ptr(w32.bitmap), + .global_alpha = w32.global_alpha, + }; + + if (p64->clipcount > 2048) + return -EINVAL; + if (!p64->clipcount) + p64->clips = NULL; - while (clipcount--) { - if (copy_in_user(&kclips->c, &uclips->c, sizeof(uclips->c))) - return -EFAULT; - if (put_user(clipcount ? kclips + 1 : NULL, &kclips->next)) - return -EFAULT; - uclips++; - kclips++; - } return 0; } -static int put_v4l2_window32(struct v4l2_window __user *p64, +static int put_v4l2_window32(struct v4l2_window *p64, struct v4l2_window32 __user *p32) { - struct v4l2_clip __user *kclips; - struct v4l2_clip32 __user *uclips; - compat_caddr_t p; - u32 clipcount; - - if (copy_in_user(&p32->w, &p64->w, sizeof(p64->w)) || - assign_in_user(&p32->field, &p64->field) || - assign_in_user(&p32->chromakey, &p64->chromakey) || - assign_in_user(&p32->global_alpha, &p64->global_alpha) || - get_user(clipcount, &p64->clipcount) || - put_user(clipcount, &p32->clipcount)) - return -EFAULT; - if (!clipcount) - return 0; + struct v4l2_window32 w32; + + memset(&w32, 0, sizeof(w32)); + w32 = (struct v4l2_window32) { + .w = p64->w, + .field = p64->field, + .chromakey = p64->chromakey, + .clips = (uintptr_t)p64->clips, + .clipcount = p64->clipcount, + .bitmap = ptr_to_compat(p64->bitmap), + .global_alpha = p64->global_alpha, + }; - if (get_user(kclips, &p64->clips)) + /* copy everything except the clips pointer */ + if (copy_to_user(p32, &w32, offsetof(struct v4l2_window32, clips)) || + copy_to_user(&p32->clipcount, &w32.clipcount, + sizeof(w32) - offsetof(struct v4l2_window32, clipcount))) return -EFAULT; - if (get_user(p, &p32->clips)) - return -EFAULT; - uclips = compat_ptr(p); - while (clipcount--) { - if (copy_in_user(&uclips->c, &kclips->c, sizeof(uclips->c))) - return -EFAULT; - uclips++; - kclips++; - } + return 0; } @@ -261,171 +238,101 @@ struct v4l2_create_buffers32 { __u32 reserved[6]; }; -static int __bufsize_v4l2_format(struct v4l2_format32 __user *p32, u32 *size) -{ - u32 type; - - if (get_user(type, &p32->type)) - return -EFAULT; - - switch (type) { - case V4L2_BUF_TYPE_VIDEO_OVERLAY: - case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY: { - u32 clipcount; - - if (get_user(clipcount, &p32->fmt.win.clipcount)) - return -EFAULT; - if (clipcount > 2048) - return -EINVAL; - *size = clipcount * sizeof(struct v4l2_clip); - return 0; - } - default: - *size = 0; - return 0; - } -} - -static int bufsize_v4l2_format(struct v4l2_format32 __user *p32, u32 *size) -{ - if (!access_ok(p32, sizeof(*p32))) - return -EFAULT; - return __bufsize_v4l2_format(p32, size); -} - -static int __get_v4l2_format32(struct v4l2_format __user *p64, - struct v4l2_format32 __user *p32, - void __user *aux_buf, u32 aux_space) +static int get_v4l2_format32(struct v4l2_format *p64, + struct v4l2_format32 __user *p32) { - u32 type; - - if (get_user(type, &p32->type) || put_user(type, &p64->type)) + if (get_user(p64->type, &p32->type)) return -EFAULT; - switch (type) { + switch (p64->type) { case V4L2_BUF_TYPE_VIDEO_CAPTURE: case V4L2_BUF_TYPE_VIDEO_OUTPUT: - return copy_in_user(&p64->fmt.pix, &p32->fmt.pix, - sizeof(p64->fmt.pix)) ? -EFAULT : 0; + return copy_from_user(&p64->fmt.pix, &p32->fmt.pix, + sizeof(p64->fmt.pix)) ? -EFAULT : 0; case V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE: case V4L2_BUF_TYPE_VIDEO_OUTPUT_MPLANE: - return copy_in_user(&p64->fmt.pix_mp, &p32->fmt.pix_mp, - sizeof(p64->fmt.pix_mp)) ? -EFAULT : 0; + return copy_from_user(&p64->fmt.pix_mp, &p32->fmt.pix_mp, + sizeof(p64->fmt.pix_mp)) ? -EFAULT : 0; case V4L2_BUF_TYPE_VIDEO_OVERLAY: case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY: - return get_v4l2_window32(&p64->fmt.win, &p32->fmt.win, - aux_buf, aux_space); + return get_v4l2_window32(&p64->fmt.win, &p32->fmt.win); case V4L2_BUF_TYPE_VBI_CAPTURE: case V4L2_BUF_TYPE_VBI_OUTPUT: - return copy_in_user(&p64->fmt.vbi, &p32->fmt.vbi, - sizeof(p64->fmt.vbi)) ? -EFAULT : 0; + return copy_from_user(&p64->fmt.vbi, &p32->fmt.vbi, + sizeof(p64->fmt.vbi)) ? -EFAULT : 0; case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE: case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT: - return copy_in_user(&p64->fmt.sliced, &p32->fmt.sliced, - sizeof(p64->fmt.sliced)) ? -EFAULT : 0; + return copy_from_user(&p64->fmt.sliced, &p32->fmt.sliced, + sizeof(p64->fmt.sliced)) ? -EFAULT : 0; case V4L2_BUF_TYPE_SDR_CAPTURE: case V4L2_BUF_TYPE_SDR_OUTPUT: - return copy_in_user(&p64->fmt.sdr, &p32->fmt.sdr, - sizeof(p64->fmt.sdr)) ? -EFAULT : 0; + return copy_from_user(&p64->fmt.sdr, &p32->fmt.sdr, + sizeof(p64->fmt.sdr)) ? -EFAULT : 0; case V4L2_BUF_TYPE_META_CAPTURE: case V4L2_BUF_TYPE_META_OUTPUT: - return copy_in_user(&p64->fmt.meta, &p32->fmt.meta, - sizeof(p64->fmt.meta)) ? -EFAULT : 0; + return copy_from_user(&p64->fmt.meta, &p32->fmt.meta, + sizeof(p64->fmt.meta)) ? -EFAULT : 0; default: return -EINVAL; } } -static int get_v4l2_format32(struct v4l2_format __user *p64, - struct v4l2_format32 __user *p32, - void __user *aux_buf, u32 aux_space) -{ - if (!access_ok(p32, sizeof(*p32))) - return -EFAULT; - return __get_v4l2_format32(p64, p32, aux_buf, aux_space); -} - -static int bufsize_v4l2_create(struct v4l2_create_buffers32 __user *p32, - u32 *size) -{ - if (!access_ok(p32, sizeof(*p32))) - return -EFAULT; - return __bufsize_v4l2_format(&p32->format, size); -} - -static int get_v4l2_create32(struct v4l2_create_buffers __user *p64, - struct v4l2_create_buffers32 __user *p32, - void __user *aux_buf, u32 aux_space) +static int get_v4l2_create32(struct v4l2_create_buffers *p64, + struct v4l2_create_buffers32 __user *p32) { - if (!access_ok(p32, sizeof(*p32)) || - copy_in_user(p64, p32, - offsetof(struct v4l2_create_buffers32, format)) || - assign_in_user(&p64->flags, &p32->flags)) + if (copy_from_user(p64, p32, + offsetof(struct v4l2_create_buffers32, format)) || + get_user(p64->flags, &p32->flags)) return -EFAULT; - return __get_v4l2_format32(&p64->format, &p32->format, - aux_buf, aux_space); + return get_v4l2_format32(&p64->format, &p32->format); } -static int __put_v4l2_format32(struct v4l2_format __user *p64, - struct v4l2_format32 __user *p32) +static int put_v4l2_format32(struct v4l2_format *p64, + struct v4l2_format32 __user *p32) { - u32 type; - - if (get_user(type, &p64->type)) - return -EFAULT; - - switch (type) { + switch (p64->type) { case V4L2_BUF_TYPE_VIDEO_CAPTURE: case V4L2_BUF_TYPE_VIDEO_OUTPUT: - return copy_in_user(&p32->fmt.pix, &p64->fmt.pix, + return copy_to_user(&p32->fmt.pix, &p64->fmt.pix, sizeof(p64->fmt.pix)) ? -EFAULT : 0; case V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE: case V4L2_BUF_TYPE_VIDEO_OUTPUT_MPLANE: - return copy_in_user(&p32->fmt.pix_mp, &p64->fmt.pix_mp, + return copy_to_user(&p32->fmt.pix_mp, &p64->fmt.pix_mp, sizeof(p64->fmt.pix_mp)) ? -EFAULT : 0; case V4L2_BUF_TYPE_VIDEO_OVERLAY: case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY: return put_v4l2_window32(&p64->fmt.win, &p32->fmt.win); case V4L2_BUF_TYPE_VBI_CAPTURE: case V4L2_BUF_TYPE_VBI_OUTPUT: - return copy_in_user(&p32->fmt.vbi, &p64->fmt.vbi, + return copy_to_user(&p32->fmt.vbi, &p64->fmt.vbi, sizeof(p64->fmt.vbi)) ? -EFAULT : 0; case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE: case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT: - return copy_in_user(&p32->fmt.sliced, &p64->fmt.sliced, + return copy_to_user(&p32->fmt.sliced, &p64->fmt.sliced, sizeof(p64->fmt.sliced)) ? -EFAULT : 0; case V4L2_BUF_TYPE_SDR_CAPTURE: case V4L2_BUF_TYPE_SDR_OUTPUT: - return copy_in_user(&p32->fmt.sdr, &p64->fmt.sdr, + return copy_to_user(&p32->fmt.sdr, &p64->fmt.sdr, sizeof(p64->fmt.sdr)) ? -EFAULT : 0; case V4L2_BUF_TYPE_META_CAPTURE: case V4L2_BUF_TYPE_META_OUTPUT: - return copy_in_user(&p32->fmt.meta, &p64->fmt.meta, + return copy_to_user(&p32->fmt.meta, &p64->fmt.meta, sizeof(p64->fmt.meta)) ? -EFAULT : 0; default: return -EINVAL; } } -static int put_v4l2_format32(struct v4l2_format __user *p64, - struct v4l2_format32 __user *p32) -{ - if (!access_ok(p32, sizeof(*p32))) - return -EFAULT; - return __put_v4l2_format32(p64, p32); -} - -static int put_v4l2_create32(struct v4l2_create_buffers __user *p64, +static int put_v4l2_create32(struct v4l2_create_buffers *p64, struct v4l2_create_buffers32 __user *p32) { - if (!access_ok(p32, sizeof(*p32)) || - copy_in_user(p32, p64, + if (copy_to_user(p32, p64, offsetof(struct v4l2_create_buffers32, format)) || - assign_in_user(&p32->capabilities, &p64->capabilities) || - assign_in_user(&p32->flags, &p64->flags) || - copy_in_user(p32->reserved, p64->reserved, sizeof(p64->reserved))) + put_user(p64->capabilities, &p32->capabilities) || + put_user(p64->flags, &p32->flags) || + copy_to_user(p32->reserved, p64->reserved, sizeof(p64->reserved))) return -EFAULT; - return __put_v4l2_format32(&p64->format, &p32->format); + return put_v4l2_format32(&p64->format, &p32->format); } struct v4l2_standard32 { @@ -1094,6 +1001,12 @@ static int put_v4l2_edid32(struct v4l2_edid __user *p64, unsigned int v4l2_compat_translate_cmd(unsigned int cmd) { switch (cmd) { + case VIDIOC_G_FMT32: + return VIDIOC_G_FMT; + case VIDIOC_S_FMT32: + return VIDIOC_S_FMT; + case VIDIOC_TRY_FMT32: + return VIDIOC_TRY_FMT; #ifdef CONFIG_COMPAT_32BIT_TIME case VIDIOC_QUERYBUF32_TIME32: return VIDIOC_QUERYBUF; @@ -1125,6 +1038,10 @@ unsigned int v4l2_compat_translate_cmd(unsigned int cmd) int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) { switch (cmd) { + case VIDIOC_G_FMT32: + case VIDIOC_S_FMT32: + case VIDIOC_TRY_FMT32: + return get_v4l2_format32(parg, arg); #ifdef CONFIG_COMPAT_32BIT_TIME case VIDIOC_QUERYBUF32_TIME32: case VIDIOC_QBUF32_TIME32: @@ -1144,6 +1061,9 @@ int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) case VIDIOC_S_EXT_CTRLS32: case VIDIOC_TRY_EXT_CTRLS32: return get_v4l2_ext_controls32(parg, arg); + + case VIDIOC_CREATE_BUFS32: + return get_v4l2_create32(parg, arg); } return 0; } @@ -1151,6 +1071,10 @@ int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) int v4l2_compat_put_user(void __user *arg, void *parg, unsigned int cmd) { switch (cmd) { + case VIDIOC_G_FMT32: + case VIDIOC_S_FMT32: + case VIDIOC_TRY_FMT32: + return put_v4l2_format32(parg, arg); #ifdef CONFIG_COMPAT_32BIT_TIME case VIDIOC_QUERYBUF32_TIME32: case VIDIOC_QBUF32_TIME32: @@ -1168,6 +1092,9 @@ int v4l2_compat_put_user(void __user *arg, void *parg, unsigned int cmd) case VIDIOC_S_EXT_CTRLS32: case VIDIOC_TRY_EXT_CTRLS32: return put_v4l2_ext_controls32(parg, arg); + + case VIDIOC_CREATE_BUFS32: + return put_v4l2_create32(parg, arg); } return 0; } @@ -1179,6 +1106,29 @@ int v4l2_compat_get_array_args(struct file *file, void *mbuf, int err = 0; switch (cmd) { + case VIDIOC_G_FMT32: + case VIDIOC_S_FMT32: + case VIDIOC_TRY_FMT32: { + struct v4l2_format *f64 = arg; + struct v4l2_clip *c64 = mbuf; + struct v4l2_clip32 __user *c32 = user_ptr; + u32 clipcount = f64->fmt.win.clipcount; + + if ((f64->type != V4L2_BUF_TYPE_VIDEO_OVERLAY && + f64->type != V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY) || + clipcount == 0) + return 0; + if (clipcount > 2048) + return -EINVAL; + while (clipcount--) { + if (copy_from_user(c64, c32, sizeof(c64->c))) + return -EFAULT; + c64->next = NULL; + c64++; + c32++; + } + break; + } case VIDIOC_QUERYBUF32_TIME32: case VIDIOC_QBUF32_TIME32: case VIDIOC_DQBUF32_TIME32: @@ -1245,6 +1195,28 @@ int v4l2_compat_put_array_args(struct file *file, void __user *user_ptr, int err = 0; switch (cmd) { + case VIDIOC_G_FMT32: + case VIDIOC_S_FMT32: + case VIDIOC_TRY_FMT32: { + struct v4l2_format *f64 = arg; + struct v4l2_clip *c64 = mbuf; + struct v4l2_clip32 __user *c32 = user_ptr; + u32 clipcount = f64->fmt.win.clipcount; + + if ((f64->type != V4L2_BUF_TYPE_VIDEO_OVERLAY && + f64->type != V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY) || + clipcount == 0) + return 0; + if (clipcount > 2048) + return -EINVAL; + while (clipcount--) { + if (copy_to_user(c32, c64, sizeof(c64->c))) + return -EFAULT; + c64++; + c32++; + } + break; + } case VIDIOC_QUERYBUF32_TIME32: case VIDIOC_QBUF32_TIME32: case VIDIOC_DQBUF32_TIME32: @@ -1366,18 +1338,14 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar * 1. When struct size is different, converts the command. */ switch (cmd) { - case VIDIOC_G_FMT32: ncmd = VIDIOC_G_FMT; break; - case VIDIOC_S_FMT32: ncmd = VIDIOC_S_FMT; break; case VIDIOC_G_FBUF32: ncmd = VIDIOC_G_FBUF; break; case VIDIOC_S_FBUF32: ncmd = VIDIOC_S_FBUF; break; case VIDIOC_ENUMSTD32: ncmd = VIDIOC_ENUMSTD; break; case VIDIOC_ENUMINPUT32: ncmd = VIDIOC_ENUMINPUT; break; - case VIDIOC_TRY_FMT32: ncmd = VIDIOC_TRY_FMT; break; #ifdef CONFIG_X86_64 case VIDIOC_DQEVENT32: ncmd = VIDIOC_DQEVENT; break; case VIDIOC_DQEVENT32_TIME32: ncmd = VIDIOC_DQEVENT_TIME32; break; #endif - case VIDIOC_CREATE_BUFS32: ncmd = VIDIOC_CREATE_BUFS; break; case VIDIOC_G_EDID32: ncmd = VIDIOC_G_EDID; break; case VIDIOC_S_EDID32: ncmd = VIDIOC_S_EDID; break; default: ncmd = cmd; break; @@ -1397,34 +1365,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar compatible_arg = 0; break; - case VIDIOC_G_FMT32: - case VIDIOC_S_FMT32: - case VIDIOC_TRY_FMT32: - err = bufsize_v4l2_format(p32, &aux_space); - if (!err) - err = alloc_userspace(sizeof(struct v4l2_format), - aux_space, &new_p64); - if (!err) { - aux_buf = new_p64 + sizeof(struct v4l2_format); - err = get_v4l2_format32(new_p64, p32, - aux_buf, aux_space); - } - compatible_arg = 0; - break; - - case VIDIOC_CREATE_BUFS32: - err = bufsize_v4l2_create(p32, &aux_space); - if (!err) - err = alloc_userspace(sizeof(struct v4l2_create_buffers), - aux_space, &new_p64); - if (!err) { - aux_buf = new_p64 + sizeof(struct v4l2_create_buffers); - err = get_v4l2_create32(new_p64, p32, - aux_buf, aux_space); - } - compatible_arg = 0; - break; - case VIDIOC_S_FBUF32: err = alloc_userspace(sizeof(struct v4l2_framebuffer), 0, &new_p64); @@ -1527,16 +1467,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar err = put_v4l2_edid32(new_p64, p32); break; - case VIDIOC_G_FMT32: - case VIDIOC_S_FMT32: - case VIDIOC_TRY_FMT32: - err = put_v4l2_format32(new_p64, p32); - break; - - case VIDIOC_CREATE_BUFS32: - err = put_v4l2_create32(new_p64, p32); - break; - case VIDIOC_ENUMSTD32: err = put_v4l2_standard32(new_p64, p32); break; From patchwork Thu Sep 17 15:28:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 313132 Delivered-To: patch@linaro.org Received: by 2002:a92:5ad1:0:0:0:0:0 with SMTP id b78csp587126ilg; Thu, 17 Sep 2020 09:34:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzU/k7PR5ZkNV2d6TgwpBXJONmLgu71fkno2GpXVca5IjTOFHq5/QcqRz4dpcOn8FekoCXc X-Received: by 2002:a17:906:fb8c:: with SMTP id lr12mr33132176ejb.9.1600360477785; Thu, 17 Sep 2020 09:34:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600360477; cv=none; d=google.com; s=arc-20160816; b=goFpd/CE/cyWxbEWU3jfeLILJJICvLCTBLi5CLaqK+3E7HhjpsIabUwtmM3k84U+jt 0juQMw2+goG6zznljgx1ao2fvtEJUdPMUMfUlITXe9Pa1H3DUQ2FDHENpLyBF6k32+Cj MKqidH4NOwNkDK7utXQKP2RnPSzOq1R9Tq44GUvNsQw/D5bNz0btDT+YmtcI0h3cIyDj 0OQFsPzhYE4/4ng15CtzvELk417OkUU1VhiOh5RAo8o1ONQ36FZLze3noyG+cWJ2z0zp +GgKsSt8zUPxtU9aiAbE+j3x/YPMySw//+38C0NMmMzhK792/QWlzDm1aKqvzKwu992U /pOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=eWlOB233lWqZcVeDDfVEpdarq9Akywe0w1JNp8uruGc=; b=Fd2I+O72upZ1c7RbtoXPoyY8KTMqPU6wDnicIv/G1sMoWBcDDHmvpPuUEdfOM/KMJw z8nZ2uJ+23+ET3N0wWFcgmrFV2utDqKUOH3FDwXFxMkcWkIEqSvECNPdwPCsr9OsgzuT k6iRJPYvb+YM8DFJe7Dc+NX62R9+xoGw9XV9KM+n1Zm2liGkMz6/rEQSLyft+fS85Knr pshk5yVOLlH+96/AKD8ePzuOpljhnLqkrusy7baWoVhDNTBgrIm4L+SI6/lpAq8I2T7c 61LELC5usn/yjFAVgltsP7rKyHIRheUPK80K5+jvF3ILPdGlok8E+aDkOrfnqBxpBb41 OGkg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-media-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-media-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f6si142232edc.423.2020.09.17.09.34.37; Thu, 17 Sep 2020 09:34:37 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-media-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-media-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-media-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728550AbgIQQdz (ORCPT + 4 others); Thu, 17 Sep 2020 12:33:55 -0400 Received: from mout.kundenserver.de ([212.227.126.133]:45273 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728562AbgIQQdZ (ORCPT ); Thu, 17 Sep 2020 12:33:25 -0400 Received: from threadripper.lan ([149.172.98.151]) by mrelayeu.kundenserver.de (mreue011 [212.227.15.129]) with ESMTPA (Nemesis) id 1MY5s5-1k05nq0Z3t-00YOx6; Thu, 17 Sep 2020 17:28:27 +0200 From: Arnd Bergmann To: linux-media@vger.kernel.org, mchehab@kernel.org, hverkuil@xs4all.nl Cc: hch@lst.de, linux-kernel@vger.kernel.org, Arnd Bergmann Subject: [PATCH 7/8] media: v4l2: remaining compat handlers Date: Thu, 17 Sep 2020 17:28:22 +0200 Message-Id: <20200917152823.1241599-8-arnd@arndb.de> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200917152823.1241599-1-arnd@arndb.de> References: <20200917152823.1241599-1-arnd@arndb.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:iGjEzENY5O6hel39eyTaVFST7gE+/tzBTAUdNx39Sq9PmWNiSwv Qm1uHC4HWHJpEWtTnGdMATN4JlGywJFA1iKLosOilTPscF5xSLjKzs+Yfy5BibukT8ZFe+G 9DnQdPSP2W1zV+jKbnm/hyhTBF2l+rHjykVEKtPxyjW2dSq4i47vYGVD1GSv7PEXuDQ3KyF lm6Pdb0TvbcBAy6S/oE5w== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1; V03:K0:WSf72vxBqAU=:lgLZ4IXCcB4gqir1IXY514 LYLgc+qdopO151LBuYgRBtXCyWQMp+uGDCHqs2hg8RsWKO69BXrdyypBjD4uXX5b0ttX8E6ki psr9w7J9gZwT0Bec0OYBsxg6IzGJgOipXv4ierR3YqLFqlvfcX65t7rXbdroJ/yV3Mo/eYiGJ 5HrAYZGrkOT/xLMayAF9Xq+M6rJH7wJYrrMniaNkWNT/89o5v+syvuNoRElVUn1W42yezt3RY JURWodjVXWktbyvSg2XFbpEyRGbqgGDxEPtPVIuczpvZ5SGx76ENQj1MrTYyRxjAxTdPEVJzN g1edW7zmZ9ue08ijwBJL2Y6uXlfgHgvFY2CFA0KpSA8069pbZRwNcO4NUcu3gGMMKGCR1adA7 FVclujNUm2KPNX/0+X5ZZ0ndMKrQ56JbrOn7ZuWu/WpbLwUEeSZsy9VnnSs5u0fbua9fIdA9Q RxMAn50Lg9F2gDVVgBghfDadsttwgu+BylY8pqkV5y4bg9L5ddxYyfL0UAEEZXbENgcVmbDDd X/PCPYZC44PXp64fdDAb+gHKOoXMTYOYV0+IBOHVBOYiLRgrFcR0nXQPXx+aevYl7TmaWUErB ZHRVx/jjIgkMDMSgSwATzk1pSKMh0rtTBzBvsvNsg/pF1AZa3b8Em8o24BqCdIDm19be0qOkQ 8FyCLttdBswbrikEKMfT2NlaqYKVpUbRnC2Tfg6CbHTurY+Zi1GBsn4UPQiGFvKnrRENA+j/5 1AiPA2lQv8j+c4h9QuOclt1y0qaj3My1PD1BX9mS3Hs07lWbqbDuaJx5EX8g0WQKXiDhqFEVu 4RvKtYW0cDu4YpJGHewE0gD3jGEohuTF0q8Z+iHaZ0oNyBhtG1xCRShgKwCCa5cPILwOuM/ Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org There are eight remaining ioctl commands handled by copying incompatible data structures in v4l2_compat_ioctl32(), all of them fairly simple. Change them to instead go through the native ioctl infrastructure and only special-case the data copy. Signed-off-by: Arnd Bergmann --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 277 +++++++----------- 1 file changed, 103 insertions(+), 174 deletions(-) -- 2.27.0 diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index f0f3c9f9a0ef..1d0315d09f6a 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -344,27 +344,23 @@ struct v4l2_standard32 { __u32 reserved[4]; }; -static int get_v4l2_standard32(struct v4l2_standard __user *p64, +static int get_v4l2_standard32(struct v4l2_standard *p64, struct v4l2_standard32 __user *p32) { /* other fields are not set by the user, nor used by the driver */ - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p64->index, &p32->index)) - return -EFAULT; - return 0; + return get_user(p64->index, &p32->index); } -static int put_v4l2_standard32(struct v4l2_standard __user *p64, +static int put_v4l2_standard32(struct v4l2_standard *p64, struct v4l2_standard32 __user *p32) { - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->index, &p64->index) || - assign_in_user(&p32->id, &p64->id) || - copy_in_user(p32->name, p64->name, sizeof(p32->name)) || - copy_in_user(&p32->frameperiod, &p64->frameperiod, + if (put_user(p64->index, &p32->index) || + put_user(p64->index, &p32->id) || + copy_to_user(p32->name, p64->name, sizeof(p32->name)) || + copy_to_user(&p32->frameperiod, &p64->frameperiod, sizeof(p32->frameperiod)) || - assign_in_user(&p32->framelines, &p64->framelines) || - copy_in_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) + put_user(p64->framelines, &p32->framelines) || + copy_to_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) return -EFAULT; return 0; } @@ -702,33 +698,30 @@ struct v4l2_framebuffer32 { } fmt; }; -static int get_v4l2_framebuffer32(struct v4l2_framebuffer __user *p64, +static int get_v4l2_framebuffer32(struct v4l2_framebuffer *p64, struct v4l2_framebuffer32 __user *p32) { compat_caddr_t tmp; - if (!access_ok(p32, sizeof(*p32)) || - get_user(tmp, &p32->base) || - put_user_force(compat_ptr(tmp), &p64->base) || - assign_in_user(&p64->capability, &p32->capability) || - assign_in_user(&p64->flags, &p32->flags) || - copy_in_user(&p64->fmt, &p32->fmt, sizeof(p64->fmt))) + if (get_user(tmp, &p32->base) || + get_user(p64->capability, &p32->capability) || + get_user(p64->flags, &p32->flags) || + copy_from_user(&p64->fmt, &p32->fmt, sizeof(p64->fmt))) return -EFAULT; + p64->base = (void __force *)compat_ptr(tmp); + return 0; } -static int put_v4l2_framebuffer32(struct v4l2_framebuffer __user *p64, +static int put_v4l2_framebuffer32(struct v4l2_framebuffer *p64, struct v4l2_framebuffer32 __user *p32) { - void *base; - - if (!access_ok(p32, sizeof(*p32)) || - get_user(base, &p64->base) || - put_user(ptr_to_compat((void __user *)base), &p32->base) || - assign_in_user(&p32->capability, &p64->capability) || - assign_in_user(&p32->flags, &p64->flags) || - copy_in_user(&p32->fmt, &p64->fmt, sizeof(p64->fmt))) + if (put_user((uintptr_t)p64->base, &p32->base) || + put_user(p64->capability, &p32->capability) || + put_user(p64->flags, &p32->flags) || + copy_to_user(&p32->fmt, &p64->fmt, sizeof(p64->fmt))) return -EFAULT; + return 0; } @@ -748,18 +741,18 @@ struct v4l2_input32 { * The 64-bit v4l2_input struct has extra padding at the end of the struct. * Otherwise it is identical to the 32-bit version. */ -static inline int get_v4l2_input32(struct v4l2_input __user *p64, +static inline int get_v4l2_input32(struct v4l2_input *p64, struct v4l2_input32 __user *p32) { - if (copy_in_user(p64, p32, sizeof(*p32))) + if (copy_from_user(p64, p32, sizeof(*p32))) return -EFAULT; return 0; } -static inline int put_v4l2_input32(struct v4l2_input __user *p64, +static inline int put_v4l2_input32(struct v4l2_input *p64, struct v4l2_input32 __user *p32) { - if (copy_in_user(p32, p64, sizeof(*p32))) + if (copy_to_user(p32, p64, sizeof(*p32))) return -EFAULT; return 0; } @@ -893,34 +886,32 @@ struct v4l2_event32_time32 { __u32 reserved[8]; }; -static int put_v4l2_event32(struct v4l2_event __user *p64, +static int put_v4l2_event32(struct v4l2_event *p64, struct v4l2_event32 __user *p32) { - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->type, &p64->type) || - copy_in_user(&p32->u, &p64->u, sizeof(p64->u)) || - assign_in_user(&p32->pending, &p64->pending) || - assign_in_user(&p32->sequence, &p64->sequence) || - assign_in_user(&p32->timestamp.tv_sec, &p64->timestamp.tv_sec) || - assign_in_user(&p32->timestamp.tv_nsec, &p64->timestamp.tv_nsec) || - assign_in_user(&p32->id, &p64->id) || - copy_in_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) + if (put_user(p64->type, &p32->type) || + copy_to_user(&p32->u, &p64->u, sizeof(p64->u)) || + put_user(p64->pending, &p32->pending) || + put_user(p64->sequence, &p32->sequence) || + put_user(p64->timestamp.tv_sec, &p32->timestamp.tv_sec) || + put_user(p64->timestamp.tv_nsec, &p32->timestamp.tv_nsec) || + put_user(p64->id, &p32->id) || + copy_to_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) return -EFAULT; return 0; } -static int put_v4l2_event32_time32(struct v4l2_event_time32 __user *p64, +static int put_v4l2_event32_time32(struct v4l2_event *p64, struct v4l2_event32_time32 __user *p32) { - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->type, &p64->type) || - copy_in_user(&p32->u, &p64->u, sizeof(p64->u)) || - assign_in_user(&p32->pending, &p64->pending) || - assign_in_user(&p32->sequence, &p64->sequence) || - assign_in_user(&p32->timestamp.tv_sec, &p64->timestamp.tv_sec) || - assign_in_user(&p32->timestamp.tv_nsec, &p64->timestamp.tv_nsec) || - assign_in_user(&p32->id, &p64->id) || - copy_in_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) + if (put_user(p64->type, &p32->type) || + copy_to_user(&p32->u, &p64->u, sizeof(p64->u)) || + put_user(p64->pending, &p32->pending) || + put_user(p64->sequence, &p32->sequence) || + put_user(p64->timestamp.tv_sec, &p32->timestamp.tv_sec) || + put_user(p64->timestamp.tv_nsec, &p32->timestamp.tv_nsec) || + put_user(p64->id, &p32->id) || + copy_to_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) return -EFAULT; return 0; } @@ -934,34 +925,23 @@ struct v4l2_edid32 { compat_caddr_t edid; }; -static int get_v4l2_edid32(struct v4l2_edid __user *p64, +static int get_v4l2_edid32(struct v4l2_edid *p64, struct v4l2_edid32 __user *p32) { - compat_uptr_t tmp; - - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p64->pad, &p32->pad) || - assign_in_user(&p64->start_block, &p32->start_block) || - assign_in_user_cast(&p64->blocks, &p32->blocks) || - get_user(tmp, &p32->edid) || - put_user_force(compat_ptr(tmp), &p64->edid) || - copy_in_user(p64->reserved, p32->reserved, sizeof(p64->reserved))) + compat_uptr_t edid; + + if (copy_from_user(p64, p32, offsetof(struct v4l2_edid32, edid)) || + get_user(edid, &p32->edid)) return -EFAULT; + + p64->edid = (void __force *)compat_ptr(edid); return 0; } -static int put_v4l2_edid32(struct v4l2_edid __user *p64, +static int put_v4l2_edid32(struct v4l2_edid *p64, struct v4l2_edid32 __user *p32) { - void *edid; - - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->pad, &p64->pad) || - assign_in_user(&p32->start_block, &p64->start_block) || - assign_in_user(&p32->blocks, &p64->blocks) || - get_user(edid, &p64->edid) || - put_user(ptr_to_compat((void __user *)edid), &p32->edid) || - copy_in_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) + if (copy_to_user(p32, p64, offsetof(struct v4l2_edid32, edid))) return -EFAULT; return 0; } @@ -1007,6 +987,10 @@ unsigned int v4l2_compat_translate_cmd(unsigned int cmd) return VIDIOC_S_FMT; case VIDIOC_TRY_FMT32: return VIDIOC_TRY_FMT; + case VIDIOC_G_FBUF32: + return VIDIOC_G_FBUF; + case VIDIOC_S_FBUF32: + return VIDIOC_S_FBUF; #ifdef CONFIG_COMPAT_32BIT_TIME case VIDIOC_QUERYBUF32_TIME32: return VIDIOC_QUERYBUF; @@ -1031,6 +1015,20 @@ unsigned int v4l2_compat_translate_cmd(unsigned int cmd) return VIDIOC_TRY_EXT_CTRLS; case VIDIOC_PREPARE_BUF32: return VIDIOC_PREPARE_BUF; + case VIDIOC_ENUMSTD32: + return VIDIOC_ENUMSTD; + case VIDIOC_ENUMINPUT32: + return VIDIOC_ENUMINPUT; + case VIDIOC_G_EDID32: + return VIDIOC_G_EDID; + case VIDIOC_S_EDID32: + return VIDIOC_S_EDID; +#ifdef CONFIG_X86_64 + case VIDIOC_DQEVENT32: + return VIDIOC_DQEVENT; + case VIDIOC_DQEVENT32_TIME32: + return VIDIOC_DQEVENT_TIME32; +#endif } return cmd; } @@ -1042,6 +1040,9 @@ int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) case VIDIOC_S_FMT32: case VIDIOC_TRY_FMT32: return get_v4l2_format32(parg, arg); + + case VIDIOC_S_FBUF32: + return get_v4l2_framebuffer32(parg, arg); #ifdef CONFIG_COMPAT_32BIT_TIME case VIDIOC_QUERYBUF32_TIME32: case VIDIOC_QBUF32_TIME32: @@ -1064,6 +1065,16 @@ int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) case VIDIOC_CREATE_BUFS32: return get_v4l2_create32(parg, arg); + + case VIDIOC_ENUMSTD32: + return get_v4l2_standard32(parg, arg); + + case VIDIOC_ENUMINPUT32: + return get_v4l2_input32(parg, arg); + + case VIDIOC_G_EDID32: + case VIDIOC_S_EDID32: + return get_v4l2_edid32(parg, arg); } return 0; } @@ -1075,6 +1086,9 @@ int v4l2_compat_put_user(void __user *arg, void *parg, unsigned int cmd) case VIDIOC_S_FMT32: case VIDIOC_TRY_FMT32: return put_v4l2_format32(parg, arg); + + case VIDIOC_G_FBUF32: + return put_v4l2_framebuffer32(parg, arg); #ifdef CONFIG_COMPAT_32BIT_TIME case VIDIOC_QUERYBUF32_TIME32: case VIDIOC_QBUF32_TIME32: @@ -1095,6 +1109,22 @@ int v4l2_compat_put_user(void __user *arg, void *parg, unsigned int cmd) case VIDIOC_CREATE_BUFS32: return put_v4l2_create32(parg, arg); + + case VIDIOC_ENUMSTD32: + return put_v4l2_standard32(parg, arg); + + case VIDIOC_ENUMINPUT32: + return put_v4l2_input32(parg, arg); + + case VIDIOC_G_EDID32: + case VIDIOC_S_EDID32: + return put_v4l2_edid32(parg, arg); +#ifdef CONFIG_X86_64 + case VIDIOC_DQEVENT32: + return put_v4l2_event32(parg, arg); + case VIDIOC_DQEVENT32_TIME32: + return put_v4l2_event32_time32(parg, arg); +#endif } return 0; } @@ -1338,16 +1368,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar * 1. When struct size is different, converts the command. */ switch (cmd) { - case VIDIOC_G_FBUF32: ncmd = VIDIOC_G_FBUF; break; - case VIDIOC_S_FBUF32: ncmd = VIDIOC_S_FBUF; break; - case VIDIOC_ENUMSTD32: ncmd = VIDIOC_ENUMSTD; break; - case VIDIOC_ENUMINPUT32: ncmd = VIDIOC_ENUMINPUT; break; -#ifdef CONFIG_X86_64 - case VIDIOC_DQEVENT32: ncmd = VIDIOC_DQEVENT; break; - case VIDIOC_DQEVENT32_TIME32: ncmd = VIDIOC_DQEVENT_TIME32; break; -#endif - case VIDIOC_G_EDID32: ncmd = VIDIOC_G_EDID; break; - case VIDIOC_S_EDID32: ncmd = VIDIOC_S_EDID; break; default: ncmd = cmd; break; } @@ -1357,53 +1377,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar * argument into it. */ switch (cmd) { - case VIDIOC_G_EDID32: - case VIDIOC_S_EDID32: - err = alloc_userspace(sizeof(struct v4l2_edid), 0, &new_p64); - if (!err) - err = get_v4l2_edid32(new_p64, p32); - compatible_arg = 0; - break; - - case VIDIOC_S_FBUF32: - err = alloc_userspace(sizeof(struct v4l2_framebuffer), 0, - &new_p64); - if (!err) - err = get_v4l2_framebuffer32(new_p64, p32); - compatible_arg = 0; - break; - - case VIDIOC_G_FBUF32: - err = alloc_userspace(sizeof(struct v4l2_framebuffer), 0, - &new_p64); - compatible_arg = 0; - break; - - case VIDIOC_ENUMSTD32: - err = alloc_userspace(sizeof(struct v4l2_standard), 0, - &new_p64); - if (!err) - err = get_v4l2_standard32(new_p64, p32); - compatible_arg = 0; - break; - - case VIDIOC_ENUMINPUT32: - err = alloc_userspace(sizeof(struct v4l2_input), 0, &new_p64); - if (!err) - err = get_v4l2_input32(new_p64, p32); - compatible_arg = 0; - break; - -#ifdef CONFIG_X86_64 - case VIDIOC_DQEVENT32: - err = alloc_userspace(sizeof(struct v4l2_event), 0, &new_p64); - compatible_arg = 0; - break; - case VIDIOC_DQEVENT32_TIME32: - err = alloc_userspace(sizeof(struct v4l2_event_time32), 0, &new_p64); - compatible_arg = 0; - break; -#endif } if (err) return err; @@ -1425,55 +1398,11 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar if (err == -ENOTTY) return err; - /* - * 4. Special case: even after an error we need to put the - * results back for some ioctls. - * - * In the case of EXT_CTRLS, the error_idx will contain information - * on which control failed. - * - * In the case of S_EDID, the driver can return E2BIG and set - * the blocks to maximum allowed value. - */ - switch (cmd) { - case VIDIOC_S_EDID32: - if (put_v4l2_edid32(new_p64, p32)) - err = -EFAULT; - break; - } - if (err) - return err; - /* * 5. Copy the data returned at the 64 bits userspace pointer to * the original 32 bits structure. */ switch (cmd) { - case VIDIOC_G_FBUF32: - err = put_v4l2_framebuffer32(new_p64, p32); - break; - -#ifdef CONFIG_X86_64 - case VIDIOC_DQEVENT32: - err = put_v4l2_event32(new_p64, p32); - break; - - case VIDIOC_DQEVENT32_TIME32: - err = put_v4l2_event32_time32(new_p64, p32); - break; -#endif - - case VIDIOC_G_EDID32: - err = put_v4l2_edid32(new_p64, p32); - break; - - case VIDIOC_ENUMSTD32: - err = put_v4l2_standard32(new_p64, p32); - break; - - case VIDIOC_ENUMINPUT32: - err = put_v4l2_input32(new_p64, p32); - break; } return err; } From patchwork Thu Sep 17 15:28:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 313127 Delivered-To: patch@linaro.org Received: by 2002:a92:5ad1:0:0:0:0:0 with SMTP id b78csp550907ilg; Thu, 17 Sep 2020 08:49:24 -0700 (PDT) X-Google-Smtp-Source: ABdhPJy6XZDN7JkCek2jhvaj7as3CvVbQOgp7PPzhNtylGRz9ADdlPgRmv2PgyTKDGgrDdri7N9F X-Received: by 2002:a17:906:1192:: with SMTP id n18mr33060034eja.515.1600357764705; Thu, 17 Sep 2020 08:49:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600357764; cv=none; d=google.com; s=arc-20160816; b=lFrronBFrfSjNO+NBLbbC5WbPmVR2snpwDql0JokQNgIdL6s0I/8PdIiAkjk8sOBR1 iswSg22QR4dbnwzl5PF37dL/WAePel9tFok65Bs8y/nwGTf5atQEeUaLWhXH1/fdtZA4 zM+7S1AvmlqxoDQth5aW6K23YBQLF8WHBOccF9J7Kt7k0FurvQ6Vf3HT36tKNJ7tdvXT ZYa4inWQ7X7/I9JjfVQvhUam1/gLqjI8r0A/rSoEng12ckBcrH4lzSSxDl8Dd0HF19c7 IlAK8L0lpwnQx+6iy2FfP2s/Nq1hGsvUTimtb3tYWlKpNlTUJil4TJLTn1qG/vavtQi7 sCRw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=JS42C/lypxlyuzVefqDN4cu2EgmLc+BnTMYM3h7VNcQ=; b=fmWJ2/Dz2c1QIasY5GV0XgufbSwdf92JLkj9YWgOhmyftydH++ISC8YQ2tyYdJafR+ xbBm/P0OGOlPqA2RlLdJmvLo2TRZtZhvsFuH99mIFm07J0mAHOw709mpqwdBMqXtcyYk rQqszDiTBbWxEl2H2E4EhtFk9UrPInz7I+eSJVXVELyyVKCLl5qSQSIE1gJlUl/QHv25 2UFxsJ/61fdsBE6eGzmausPZy1+SeL3MOCngIEbF7KUROxnZoeny5iu1z32rQvfKSLZm TMztwlUQO7UeuN6Zb7B2rEJqv2joyNYca/FBrTrZW3EWVYiFKOqxrZ4Q/5Skhr/jj8bv yusA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-media-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-media-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id p10si227562ejy.70.2020.09.17.08.49.24; Thu, 17 Sep 2020 08:49:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-media-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-media-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-media-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728257AbgIQPsk (ORCPT + 4 others); Thu, 17 Sep 2020 11:48:40 -0400 Received: from mout.kundenserver.de ([212.227.126.131]:39421 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728202AbgIQPr2 (ORCPT ); Thu, 17 Sep 2020 11:47:28 -0400 Received: from threadripper.lan ([149.172.98.151]) by mrelayeu.kundenserver.de (mreue011 [212.227.15.129]) with ESMTPA (Nemesis) id 1MofLl-1kpZtS1V17-00p6vM; Thu, 17 Sep 2020 17:28:27 +0200 From: Arnd Bergmann To: linux-media@vger.kernel.org, mchehab@kernel.org, hverkuil@xs4all.nl Cc: hch@lst.de, linux-kernel@vger.kernel.org, Arnd Bergmann Subject: [PATCH 8/8] media: v4l2: remove remaining compat_ioctl Date: Thu, 17 Sep 2020 17:28:23 +0200 Message-Id: <20200917152823.1241599-9-arnd@arndb.de> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20200917152823.1241599-1-arnd@arndb.de> References: <20200917152823.1241599-1-arnd@arndb.de> MIME-Version: 1.0 X-Provags-ID: V03:K1:UQpH7xxfSoMMzvGWVdvSYJYU9cfRwA4DwM036Ag1uPjtdysQR+6 lUDv/ndkjiR5iamA3bhW2mMdNOiaAvZE6++dDA90Na2xOrhmRQWEE8x/R0ZK9uKcOxNtTec WACZ8MI5/05qJKwjicfrZngoW1lDCmMhen2IhxmTP/Mz1nMr5CKa8yJMQfrvADmuuhaC+sU mpjv+su0XBoYgmAU2C7Aw== X-Spam-Flag: NO X-UI-Out-Filterresults: notjunk:1; V03:K0:yUGd2r36ygE=:2P76FWdRQus0ot6UjuXD0h wCaLg8Ud0ioyDQJtGKD9/T6klNz38NtPvuagaTPYu7Xugq7GC1uzjGwywUf799uN/PfnRc+d5 Ua4gEVs7HadKZt69cWerEewnNbdDwaAZPbyKOGTiUXjIDJ8xCbuUWN7cg0qnAEDFgueiGl8WM WlAqMxXtpFflRKfHV7RrSf0q38p15eXXuMMwTWmJwxmDUCfZdihD+XmZWAXVLEG/SX2Y/FmM9 TItvcmIjNmiFt3M0XN1NbV9jrkTPhjSjUCIfG15NJTH2X7fHtv0eokiBeLdpnPMlfmSQ57hnB 8zG/FmuV6gtvRr/HpcYdwPrKKVRmPT3PA0wqzxaEGJ/uRtv++ZmmcLBorWjAPg+AEsoHX8fE9 VtG4NPSKTvbx7gHTKrSHjMIqE+jP2YH/ZgT6FWQsZXfT+sSem8LEzHELvC7AWSLlBr1sHBH4A D8xMW25crcAVaiqWwF0wLMpj4RuwCCxTb0ko30BJHYBKXgq4F/JzCIzTiN5IdpEylkveCn2CY 8xbGW1M/wzISCgUY46vnbYqzBi2mrI100dTeJSQifR6hmhUZbQeCmpThzzwGqExUR4coxDgwM LomZMSvFlVfK8qBLY5t3ZoFmc3q6gFcF2NFr2v741fTC4UPHPUErcMYzyXyQom4/+kIiuK7Gx e3pseqYMlzn7bLATWCP+udzQuQGIzYwSHlWbJ0uJsa1jHE2QywYebvEpPJmBeySrAbu0DzVXZ WJR3NQ4k+m76jxW+aYm7zqgWzq2uw0i6diuMmcxLo6ntUlglzgmywVbvbZgaHYEKEpZINZKNG rZgkSnkYuX9FaG0tSNxs0c2VQI/Zt2doXtGst5t6CJv2I9FDPjalI6011IwCu/id7vRfGn8 Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org There are no remaining conversions in v4l2_compat_ioctl32(), so all the infrastructure for it can be removed, with the only remaining bit being the compat_ioctl32() callback into drivers that implement their own incompatible data structures. Signed-off-by: Arnd Bergmann --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 197 +----------------- 1 file changed, 2 insertions(+), 195 deletions(-) -- 2.27.0 diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index 1d0315d09f6a..22c4349ff43d 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -23,103 +23,6 @@ #include #include -/** - * assign_in_user() - Copy from one __user var to another one - * - * @to: __user var where data will be stored - * @from: __user var where data will be retrieved. - * - * As this code very often needs to allocate userspace memory, it is easier - * to have a macro that will do both get_user() and put_user() at once. - * - * This function complements the macros defined at asm-generic/uaccess.h. - * It uses the same argument order as copy_in_user() - */ -#define assign_in_user(to, from) \ -({ \ - typeof(*from) __assign_tmp; \ - \ - get_user(__assign_tmp, from) || put_user(__assign_tmp, to); \ -}) - -/** - * get_user_cast() - Stores at a kernelspace local var the contents from a - * pointer with userspace data that is not tagged with __user. - * - * @__x: var where data will be stored - * @__ptr: var where data will be retrieved. - * - * Sometimes we need to declare a pointer without __user because it - * comes from a pointer struct field that will be retrieved from userspace - * by the 64-bit native ioctl handler. This function ensures that the - * @__ptr will be cast to __user before calling get_user() in order to - * avoid warnings with static code analyzers like smatch. - */ -#define get_user_cast(__x, __ptr) \ -({ \ - get_user(__x, (typeof(*__ptr) __user *)(__ptr)); \ -}) - -/** - * put_user_force() - Stores the contents of a kernelspace local var - * into a userspace pointer, removing any __user cast. - * - * @__x: var where data will be stored - * @__ptr: var where data will be retrieved. - * - * Sometimes we need to remove the __user attribute from some data, - * by passing the __force macro. This function ensures that the - * @__ptr will be cast with __force before calling put_user(), in order to - * avoid warnings with static code analyzers like smatch. - */ -#define put_user_force(__x, __ptr) \ -({ \ - put_user((typeof(*__x) __force *)(__x), __ptr); \ -}) - -/** - * assign_in_user_cast() - Copy from one __user var to another one - * - * @to: __user var where data will be stored - * @from: var where data will be retrieved that needs to be cast to __user. - * - * As this code very often needs to allocate userspace memory, it is easier - * to have a macro that will do both get_user_cast() and put_user() at once. - * - * This function should be used instead of assign_in_user() when the @from - * variable was not declared as __user. See get_user_cast() for more details. - * - * This function complements the macros defined at asm-generic/uaccess.h. - * It uses the same argument order as copy_in_user() - */ -#define assign_in_user_cast(to, from) \ -({ \ - typeof(*from) __assign_tmp; \ - \ - get_user_cast(__assign_tmp, from) || put_user(__assign_tmp, to);\ -}) - -/** - * native_ioctl - Ancillary function that calls the native 64 bits ioctl - * handler. - * - * @file: pointer to &struct file with the file handler - * @cmd: ioctl to be called - * @arg: arguments passed from/to the ioctl handler - * - * This function calls the native ioctl handler at v4l2-dev, e. g. v4l2_ioctl() - */ -static long native_ioctl(struct file *file, unsigned int cmd, unsigned long arg) -{ - long ret = -ENOIOCTLCMD; - - if (file->f_op->unlocked_ioctl) - ret = file->f_op->unlocked_ioctl(file, cmd, arg); - - return ret; -} - - /* * Per-ioctl data copy handlers. * @@ -1310,103 +1213,6 @@ int v4l2_compat_put_array_args(struct file *file, void __user *user_ptr, return err; } - -/** - * alloc_userspace() - Allocates a 64-bits userspace pointer compatible - * for calling the native 64-bits version of an ioctl. - * - * @size: size of the structure itself to be allocated. - * @aux_space: extra size needed to store "extra" data, e.g. space for - * other __user data that is pointed to fields inside the - * structure. - * @new_p64: pointer to a pointer to be filled with the allocated struct. - * - * Return: - * - * if it can't allocate memory, either -ENOMEM or -EFAULT will be returned. - * Zero otherwise. - */ -static int alloc_userspace(unsigned int size, u32 aux_space, - void __user **new_p64) -{ - *new_p64 = compat_alloc_user_space(size + aux_space); - if (!*new_p64) - return -ENOMEM; - if (clear_user(*new_p64, size)) - return -EFAULT; - return 0; -} - -/** - * do_video_ioctl() - Ancillary function with handles a compat32 ioctl call - * - * @file: pointer to &struct file with the file handler - * @cmd: ioctl to be called - * @arg: arguments passed from/to the ioctl handler - * - * This function is called when a 32 bits application calls a V4L2 ioctl - * and the Kernel is compiled with 64 bits. - * - * This function is called by v4l2_compat_ioctl32() when the function is - * not private to some specific driver. - * - * It converts a 32-bits struct into a 64 bits one, calls the native 64-bits - * ioctl handler and fills back the 32-bits struct with the results of the - * native call. - */ -static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long arg) -{ - void __user *p32 = compat_ptr(arg); - void __user *new_p64 = NULL; - void __user *aux_buf; - u32 aux_space; - int compatible_arg = 1; - long err = 0; - unsigned int ncmd; - - /* - * 1. When struct size is different, converts the command. - */ - switch (cmd) { - default: ncmd = cmd; break; - } - - /* - * 2. Allocates a 64-bits userspace pointer to store the - * values of the ioctl and copy data from the 32-bits __user - * argument into it. - */ - switch (cmd) { - } - if (err) - return err; - - /* - * 3. Calls the native 64-bits ioctl handler. - * - * For the functions where a conversion was not needed, - * compatible_arg is true, and it will call it with the arguments - * provided by userspace and stored at @p32 var. - * - * Otherwise, it will pass the newly allocated @new_p64 argument. - */ - if (compatible_arg) - err = native_ioctl(file, ncmd, (unsigned long)p32); - else - err = native_ioctl(file, ncmd, (unsigned long)new_p64); - - if (err == -ENOTTY) - return err; - - /* - * 5. Copy the data returned at the 64 bits userspace pointer to - * the original 32 bits structure. - */ - switch (cmd) { - } - return err; -} - /** * v4l2_compat_ioctl32() - Handles a compat32 ioctl call * @@ -1430,7 +1236,8 @@ long v4l2_compat_ioctl32(struct file *file, unsigned int cmd, unsigned long arg) return ret; if (_IOC_TYPE(cmd) == 'V' && _IOC_NR(cmd) < BASE_VIDIOC_PRIVATE) - ret = do_video_ioctl(file, cmd, arg); + ret = file->f_op->unlocked_ioctl(file, cmd, + (unsigned long)compat_ptr(arg)); else if (vdev->fops->compat_ioctl32) ret = vdev->fops->compat_ioctl32(file, cmd, arg);