From patchwork Fri Oct 30 16:55:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 11870313 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1906E14B4 for ; Fri, 30 Oct 2020 16:55:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id E2516221FF for ; Fri, 30 Oct 2020 16:55:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604076948; bh=neFXMFtMlZM1GFNm+RLu2Iz3KJrNqMJWP03QjnJSjOg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=uLtpFlZDUx3dfY34jiM7q20PmA/Hvs/olbgG9K6We1H+GNZjEsAPYea3YDt9jc2sM 34RQOIf/6/gTWMuWbxI//EcWkx1N4DhRuLFKuDgXM0FTEtosIBmo4rliw8Fz3An3RD Wzci6F05sV/0Jas3Ri0Moo/ss/p0EVROdnYzQE5o= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727182AbgJ3Qzo (ORCPT ); Fri, 30 Oct 2020 12:55:44 -0400 Received: from mail.kernel.org ([198.145.29.99]:60686 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726239AbgJ3Qzn (ORCPT ); Fri, 30 Oct 2020 12:55:43 -0400 Received: from localhost.localdomain (HSI-KBW-46-223-126-90.hsi.kabel-badenwuerttemberg.de [46.223.126.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B7D5420756; Fri, 30 Oct 2020 16:55:39 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604076941; bh=neFXMFtMlZM1GFNm+RLu2Iz3KJrNqMJWP03QjnJSjOg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=enYw2uV8I7hLoFbcmrF8G+UwC5tv2NFaUiZEORke2oddlsaReWQPkf5zOAznCY70P ZVP//bM96ixfcpxwvVLvxoxs8gN8DQ8uloH49dABLSuNMnJImvQT95WBljRnMy+Bv8 jkd3t/gXzSLlWU92XtRoaaLxe34LT1Mwl+9dPv4A= From: Arnd Bergmann To: Hans Verkuil Cc: Arnd Bergmann , linux-media@vger.kernel.org, mchehab@kernel.org, hch@lst.de, linux-kernel@vger.kernel.org, Hans Verkuil Subject: [PATCH v2 1/8] media: v4l2: prepare compat-ioctl rework Date: Fri, 30 Oct 2020 17:55:22 +0100 Message-Id: <20201030165529.1255175-2-arnd@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20201030165529.1255175-1-arnd@kernel.org> References: <20201030165529.1255175-1-arnd@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org From: Arnd Bergmann The v4l2-compat-ioctl32() currently takes an extra round trip through user space pointers when converting the data structure formats. In particular, this involves using the compat_alloc_user_space() and copy_in_user() helpers that often lead to worse compat handlers compared to using in_compat_syscall() checks when copying the data. The native implementation already gained a simpler method to deal with the conversion for the time32 conversion. Hook into the same places to provide a location for reading and writing user space data from inside of the generic video_usercopy() helper. Hans Verkuil rewrote the video_get_user() function here to simplify the zeroing of the extra input fields and fixed a couple of bugs in the original implementation. Co-developed-by: Hans Verkuil Signed-off-by: Hans Verkuil Signed-off-by: Arnd Bergmann --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 53 ++++++ drivers/media/v4l2-core/v4l2-ioctl.c | 159 ++++++++++-------- include/media/v4l2-ioctl.h | 11 ++ 3 files changed, 156 insertions(+), 67 deletions(-) diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index a99e82ec9ab6..7c939d5c5232 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -1414,6 +1414,59 @@ static int put_v4l2_edid32(struct v4l2_edid __user *p64, #define VIDIOC_G_OUTPUT32 _IOR ('V', 46, s32) #define VIDIOC_S_OUTPUT32 _IOWR('V', 47, s32) +unsigned int v4l2_compat_translate_cmd(unsigned int cmd) +{ + switch (cmd) { + } + return cmd; +} + +int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) +{ + switch (cmd) { + } + return 0; +} + +int v4l2_compat_put_user(void __user *arg, void *parg, unsigned int cmd) +{ + switch (cmd) { + } + return 0; +} + +int v4l2_compat_get_array_args(struct file *file, void *mbuf, + void __user *user_ptr, size_t array_size, + unsigned int cmd, void *arg) +{ + int err = 0; + + switch (cmd) { + default: + if (copy_from_user(mbuf, user_ptr, array_size)) + err = -EFAULT; + break; + } + + return err; +} + +int v4l2_compat_put_array_args(struct file *file, void __user *user_ptr, + void *mbuf, size_t array_size, + unsigned int cmd, void *arg) +{ + int err = 0; + + switch (cmd) { + default: + if (copy_to_user(user_ptr, mbuf, array_size)) + err = -EFAULT; + break; + } + + return err; +} + /** * alloc_userspace() - Allocates a 64-bits userspace pointer compatible * for calling the native 64-bits version of an ioctl. diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c index eeff398fbdcc..b8be61a09776 100644 --- a/drivers/media/v4l2-core/v4l2-ioctl.c +++ b/drivers/media/v4l2-core/v4l2-ioctl.c @@ -8,6 +8,7 @@ * Mauro Carvalho Chehab (version 2) */ +#include #include #include #include @@ -3104,14 +3105,18 @@ static unsigned int video_translate_cmd(unsigned int cmd) return VIDIOC_PREPARE_BUF; #endif } + if (in_compat_syscall()) + return v4l2_compat_translate_cmd(cmd); return cmd; } -static int video_get_user(void __user *arg, void *parg, unsigned int cmd, +static int video_get_user(void __user *arg, void *parg, + unsigned int real_cmd, unsigned int cmd, bool *always_copy) { - unsigned int n = _IOC_SIZE(cmd); + unsigned int n = _IOC_SIZE(real_cmd); + int err = 0; if (!(_IOC_DIR(cmd) & _IOC_WRITE)) { /* read-only ioctl */ @@ -3119,73 +3124,82 @@ static int video_get_user(void __user *arg, void *parg, unsigned int cmd, return 0; } - switch (cmd) { -#ifdef CONFIG_COMPAT_32BIT_TIME - case VIDIOC_QUERYBUF_TIME32: - case VIDIOC_QBUF_TIME32: - case VIDIOC_DQBUF_TIME32: - case VIDIOC_PREPARE_BUF_TIME32: { - struct v4l2_buffer_time32 vb32; - struct v4l2_buffer *vb = parg; - - if (copy_from_user(&vb32, arg, sizeof(vb32))) - return -EFAULT; - - *vb = (struct v4l2_buffer) { - .index = vb32.index, - .type = vb32.type, - .bytesused = vb32.bytesused, - .flags = vb32.flags, - .field = vb32.field, - .timestamp.tv_sec = vb32.timestamp.tv_sec, - .timestamp.tv_usec = vb32.timestamp.tv_usec, - .timecode = vb32.timecode, - .sequence = vb32.sequence, - .memory = vb32.memory, - .m.userptr = vb32.m.userptr, - .length = vb32.length, - .request_fd = vb32.request_fd, - }; - - if (cmd == VIDIOC_QUERYBUF_TIME32) - vb->request_fd = 0; + /* + * In some cases, only a few fields are used as input, + * i.e. when the app sets "index" and then the driver + * fills in the rest of the structure for the thing + * with that index. We only need to copy up the first + * non-input field. + */ + if (v4l2_is_known_ioctl(real_cmd)) { + u32 flags = v4l2_ioctls[_IOC_NR(real_cmd)].flags; - break; + if (flags & INFO_FL_CLEAR_MASK) + n = (flags & INFO_FL_CLEAR_MASK) >> 16; + *always_copy = flags & INFO_FL_ALWAYS_COPY; } -#endif - default: - /* - * In some cases, only a few fields are used as input, - * i.e. when the app sets "index" and then the driver - * fills in the rest of the structure for the thing - * with that index. We only need to copy up the first - * non-input field. - */ - if (v4l2_is_known_ioctl(cmd)) { - u32 flags = v4l2_ioctls[_IOC_NR(cmd)].flags; - - if (flags & INFO_FL_CLEAR_MASK) - n = (flags & INFO_FL_CLEAR_MASK) >> 16; - *always_copy = flags & INFO_FL_ALWAYS_COPY; - } + if (cmd == real_cmd) { if (copy_from_user(parg, (void __user *)arg, n)) - return -EFAULT; - - /* zero out anything we don't copy from userspace */ - if (n < _IOC_SIZE(cmd)) - memset((u8 *)parg + n, 0, _IOC_SIZE(cmd) - n); - break; + err = -EFAULT; + } else if (in_compat_syscall()) { + err = v4l2_compat_get_user(arg, parg, cmd); + } else { + switch (cmd) { +#ifdef CONFIG_COMPAT_32BIT_TIME + case VIDIOC_QUERYBUF_TIME32: + case VIDIOC_QBUF_TIME32: + case VIDIOC_DQBUF_TIME32: + case VIDIOC_PREPARE_BUF_TIME32: { + struct v4l2_buffer_time32 vb32; + struct v4l2_buffer *vb = parg; + + if (copy_from_user(&vb32, arg, sizeof(vb32))) + return -EFAULT; + + *vb = (struct v4l2_buffer) { + .index = vb32.index, + .type = vb32.type, + .bytesused = vb32.bytesused, + .flags = vb32.flags, + .field = vb32.field, + .timestamp.tv_sec = vb32.timestamp.tv_sec, + .timestamp.tv_usec = vb32.timestamp.tv_usec, + .timecode = vb32.timecode, + .sequence = vb32.sequence, + .memory = vb32.memory, + .m.userptr = vb32.m.userptr, + .length = vb32.length, + .request_fd = vb32.request_fd, + }; + break; + } +#endif + } } - return 0; + /* zero out anything we don't copy from userspace */ + if (!err && n < _IOC_SIZE(real_cmd)) + memset((u8 *)parg + n, 0, _IOC_SIZE(real_cmd) - n); + return err; } -static int video_put_user(void __user *arg, void *parg, unsigned int cmd) +static int video_put_user(void __user *arg, void *parg, + unsigned int real_cmd, unsigned int cmd) { if (!(_IOC_DIR(cmd) & _IOC_READ)) return 0; + if (cmd == real_cmd) { + /* Copy results into user buffer */ + if (copy_to_user(arg, parg, _IOC_SIZE(cmd))) + return -EFAULT; + return 0; + } + + if (in_compat_syscall()) + return v4l2_compat_put_user(arg, parg, cmd); + switch (cmd) { #ifdef CONFIG_COMPAT_32BIT_TIME case VIDIOC_DQEVENT_TIME32: { @@ -3236,11 +3250,6 @@ static int video_put_user(void __user *arg, void *parg, unsigned int cmd) break; } #endif - default: - /* Copy results into user buffer */ - if (copy_to_user(arg, parg, _IOC_SIZE(cmd))) - return -EFAULT; - break; } return 0; @@ -3274,8 +3283,8 @@ video_usercopy(struct file *file, unsigned int orig_cmd, unsigned long arg, parg = mbuf; } - err = video_get_user((void __user *)arg, parg, orig_cmd, - &always_copy); + err = video_get_user((void __user *)arg, parg, cmd, + orig_cmd, &always_copy); if (err) goto out; } @@ -3297,7 +3306,14 @@ video_usercopy(struct file *file, unsigned int orig_cmd, unsigned long arg, if (NULL == mbuf) goto out_array_args; err = -EFAULT; - if (copy_from_user(mbuf, user_ptr, array_size)) + if (in_compat_syscall()) + err = v4l2_compat_get_array_args(file, mbuf, user_ptr, + array_size, orig_cmd, + parg); + else + err = copy_from_user(mbuf, user_ptr, array_size) ? + -EFAULT : 0; + if (err) goto out_array_args; *kernel_ptr = mbuf; } @@ -3318,8 +3334,17 @@ video_usercopy(struct file *file, unsigned int orig_cmd, unsigned long arg, if (has_array_args) { *kernel_ptr = (void __force *)user_ptr; - if (copy_to_user(user_ptr, mbuf, array_size)) + if (in_compat_syscall()) { + int put_err; + + put_err = v4l2_compat_put_array_args(file, user_ptr, mbuf, + array_size, orig_cmd, + parg); + if (put_err) + err = put_err; + } else if (copy_to_user(user_ptr, mbuf, array_size)) { err = -EFAULT; + } goto out_array_args; } /* @@ -3330,7 +3355,7 @@ video_usercopy(struct file *file, unsigned int orig_cmd, unsigned long arg, goto out; out_array_args: - if (video_put_user((void __user *)arg, parg, orig_cmd)) + if (video_put_user((void __user *)arg, parg, cmd, orig_cmd)) err = -EFAULT; out: kvfree(mbuf); diff --git a/include/media/v4l2-ioctl.h b/include/media/v4l2-ioctl.h index 86878fba332b..0db79f36c496 100644 --- a/include/media/v4l2-ioctl.h +++ b/include/media/v4l2-ioctl.h @@ -686,6 +686,17 @@ long int v4l2_compat_ioctl32(struct file *file, unsigned int cmd, unsigned long arg); #endif +unsigned int v4l2_compat_translate_cmd(unsigned int cmd); +int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd); +int v4l2_compat_put_user(void __user *arg, void *parg, unsigned int cmd); +int v4l2_compat_get_array_args(struct file *file, void *mbuf, + void __user *user_ptr, size_t array_size, + unsigned int cmd, void *arg); +int v4l2_compat_put_array_args(struct file *file, void __user *user_ptr, + void *mbuf, size_t array_size, + unsigned int cmd, void *arg); + + /** * typedef v4l2_kioctl - Typedef used to pass an ioctl handler. * From patchwork Fri Oct 30 16:55:23 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 11870335 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id DC43514C0 for ; Fri, 30 Oct 2020 16:56:19 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id BA298221FA for ; Fri, 30 Oct 2020 16:56:19 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604076979; bh=t7Sl1Pzu+/YBp2XhTNhTX6P+UIVbjjy0p02B2wp6jDA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=TIHwhp5UK5zPXN6OWh9lynq9eJU4GAx1YdyOQulrU9u+xMvPZDg4jDoVLeix93ePd //wyHaAm1OllGX3NYRowfVQzFWWFmNZmAotQed1b5iQtIQ1XTLGPkqz8Ba4S/erybm W2p+xeOh9OWVAzVMwDyexrVqXfjRnPuK0hxOp1r8= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726259AbgJ3Q4Q (ORCPT ); Fri, 30 Oct 2020 12:56:16 -0400 Received: from mail.kernel.org ([198.145.29.99]:60746 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727144AbgJ3Qzo (ORCPT ); Fri, 30 Oct 2020 12:55:44 -0400 Received: from localhost.localdomain (HSI-KBW-46-223-126-90.hsi.kabel-badenwuerttemberg.de [46.223.126.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BC99622242; Fri, 30 Oct 2020 16:55:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604076943; bh=t7Sl1Pzu+/YBp2XhTNhTX6P+UIVbjjy0p02B2wp6jDA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=q1lrZVo4lBdUY4LcFXplHowysUMTk2NXo+MxhTuvVgqi9FQrOb/0gkz47B+mE70BQ gtXNakXgd1TwWiMaeMcdHXWYkvf8XNS+aIvHq3styqNq4wORJUfbDxJoqx+xCrnxey zCUtJv+0iFJK7+MMyB2+eHj28ZrgqwkW8IBh1ZUg= From: Arnd Bergmann To: Hans Verkuil Cc: Arnd Bergmann , linux-media@vger.kernel.org, mchehab@kernel.org, hch@lst.de, linux-kernel@vger.kernel.org Subject: [PATCH v2 2/8] media: v4l2: remove unneeded compat ioctl handlers Date: Fri, 30 Oct 2020 17:55:23 +0100 Message-Id: <20201030165529.1255175-3-arnd@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20201030165529.1255175-1-arnd@kernel.org> References: <20201030165529.1255175-1-arnd@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org From: Arnd Bergmann These seven commands are all compatible and do not need any conversion handlers. The existing ones just copy 32-bit integers around, and those are always compatible. Signed-off-by: Arnd Bergmann --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 42 ------------------- 1 file changed, 42 deletions(-) diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index 7c939d5c5232..a76f6ac5b1eb 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -1406,14 +1406,6 @@ static int put_v4l2_edid32(struct v4l2_edid __user *p64, #define VIDIOC_PREPARE_BUF32 _IOWR('V', 93, struct v4l2_buffer32) #define VIDIOC_PREPARE_BUF32_TIME32 _IOWR('V', 93, struct v4l2_buffer32_time32) -#define VIDIOC_OVERLAY32 _IOW ('V', 14, s32) -#define VIDIOC_STREAMON32 _IOW ('V', 18, s32) -#define VIDIOC_STREAMOFF32 _IOW ('V', 19, s32) -#define VIDIOC_G_INPUT32 _IOR ('V', 38, s32) -#define VIDIOC_S_INPUT32 _IOWR('V', 39, s32) -#define VIDIOC_G_OUTPUT32 _IOR ('V', 46, s32) -#define VIDIOC_S_OUTPUT32 _IOWR('V', 47, s32) - unsigned int v4l2_compat_translate_cmd(unsigned int cmd) { switch (cmd) { @@ -1544,13 +1536,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar case VIDIOC_DQEVENT32: ncmd = VIDIOC_DQEVENT; break; case VIDIOC_DQEVENT32_TIME32: ncmd = VIDIOC_DQEVENT_TIME32; break; #endif - case VIDIOC_OVERLAY32: ncmd = VIDIOC_OVERLAY; break; - case VIDIOC_STREAMON32: ncmd = VIDIOC_STREAMON; break; - case VIDIOC_STREAMOFF32: ncmd = VIDIOC_STREAMOFF; break; - case VIDIOC_G_INPUT32: ncmd = VIDIOC_G_INPUT; break; - case VIDIOC_S_INPUT32: ncmd = VIDIOC_S_INPUT; break; - case VIDIOC_G_OUTPUT32: ncmd = VIDIOC_G_OUTPUT; break; - case VIDIOC_S_OUTPUT32: ncmd = VIDIOC_S_OUTPUT; break; case VIDIOC_CREATE_BUFS32: ncmd = VIDIOC_CREATE_BUFS; break; case VIDIOC_PREPARE_BUF32: ncmd = VIDIOC_PREPARE_BUF; break; case VIDIOC_PREPARE_BUF32_TIME32: ncmd = VIDIOC_PREPARE_BUF_TIME32; break; @@ -1565,24 +1550,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar * argument into it. */ switch (cmd) { - case VIDIOC_OVERLAY32: - case VIDIOC_STREAMON32: - case VIDIOC_STREAMOFF32: - case VIDIOC_S_INPUT32: - case VIDIOC_S_OUTPUT32: - err = alloc_userspace(sizeof(unsigned int), 0, &new_p64); - if (!err && assign_in_user((unsigned int __user *)new_p64, - (compat_uint_t __user *)p32)) - err = -EFAULT; - compatible_arg = 0; - break; - - case VIDIOC_G_INPUT32: - case VIDIOC_G_OUTPUT32: - err = alloc_userspace(sizeof(unsigned int), 0, &new_p64); - compatible_arg = 0; - break; - case VIDIOC_G_EDID32: case VIDIOC_S_EDID32: err = alloc_userspace(sizeof(struct v4l2_edid), 0, &new_p64); @@ -1755,15 +1722,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar * the original 32 bits structure. */ switch (cmd) { - case VIDIOC_S_INPUT32: - case VIDIOC_S_OUTPUT32: - case VIDIOC_G_INPUT32: - case VIDIOC_G_OUTPUT32: - if (assign_in_user((compat_uint_t __user *)p32, - ((unsigned int __user *)new_p64))) - err = -EFAULT; - break; - case VIDIOC_G_FBUF32: err = put_v4l2_framebuffer32(new_p64, p32); break; From patchwork Fri Oct 30 16:55:24 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 11870315 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 502DB14C0 for ; Fri, 30 Oct 2020 16:55:48 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2F56A22242 for ; Fri, 30 Oct 2020 16:55:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604076948; bh=3HHkPHxUAoaKPZnU75UL9Fi/9SVSDzWYfAj9CVPMYC0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=j2EFqJ4zpB7qzZltLdy4hp/42+QvJXjF8/oGq1xZEi+njG2zXMKVc5+pMtWUXSvX2 6fIMHdpAQGmrGfMtMP6RWbBSn2UBdUVcZ7ypHYU3kL2yaP6ebzfpbeImtCXyHv89Ez rf3KiCefLzbDrvtMLRkULRddaQRCDvHNn1dhrBEA= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727233AbgJ3Qzr (ORCPT ); Fri, 30 Oct 2020 12:55:47 -0400 Received: from mail.kernel.org ([198.145.29.99]:60776 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726239AbgJ3Qzq (ORCPT ); Fri, 30 Oct 2020 12:55:46 -0400 Received: from localhost.localdomain (HSI-KBW-46-223-126-90.hsi.kabel-badenwuerttemberg.de [46.223.126.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8AE442076E; Fri, 30 Oct 2020 16:55:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604076945; bh=3HHkPHxUAoaKPZnU75UL9Fi/9SVSDzWYfAj9CVPMYC0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=a6K2gEWcB6d5tQ/5C07Gq+IH4VCgUT6NhFkW6dKY5D9xKNfjZBWNQQRTi58uui2bn O1BHCj5Rsu7zLDYyptT+tZDfT7yPAGKPVIyiqlT5IuNadBbCkhELQyTD+hoGVWC/dA 6qq1RL32uwhix6tpNPBZ0cPBxS0sKmjoaxcUpv4M= From: Arnd Bergmann To: Hans Verkuil Cc: Arnd Bergmann , linux-media@vger.kernel.org, mchehab@kernel.org, hch@lst.de, linux-kernel@vger.kernel.org Subject: [PATCH v2 3/8] media: v4l2: move v4l2_ext_controls conversion Date: Fri, 30 Oct 2020 17:55:24 +0100 Message-Id: <20201030165529.1255175-4-arnd@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20201030165529.1255175-1-arnd@kernel.org> References: <20201030165529.1255175-1-arnd@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org From: Arnd Bergmann The v4l2_ext_controls ioctl handlers use an indirect pointer to an incompatible data structure, making the conversion particularly tricky. Moving the compat implementation to use the new v4l2_compat_get_user()/v4l2_compat_put_user() helpers makes it noticeably simpler. In v4l2_compat_get_array_args()/v4l2_compat_put_array_args(), the 'file' argument needs to get passed to determine the exact format, which is a bit unfortunate, as no other conversion needs these. Signed-off-by: Arnd Bergmann --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 236 +++++++----------- 1 file changed, 90 insertions(+), 146 deletions(-) diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index a76f6ac5b1eb..fa94cdec7df5 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -1124,142 +1124,44 @@ static inline bool ctrl_is_pointer(struct file *file, u32 id) (qec.flags & V4L2_CTRL_FLAG_HAS_PAYLOAD); } -static int bufsize_v4l2_ext_controls(struct v4l2_ext_controls32 __user *p32, - u32 *size) -{ - u32 count; - - if (!access_ok(p32, sizeof(*p32)) || - get_user(count, &p32->count)) - return -EFAULT; - if (count > V4L2_CID_MAX_CTRLS) - return -EINVAL; - *size = count * sizeof(struct v4l2_ext_control); - return 0; -} - -static int get_v4l2_ext_controls32(struct file *file, - struct v4l2_ext_controls __user *p64, - struct v4l2_ext_controls32 __user *p32, - void __user *aux_buf, u32 aux_space) +static int get_v4l2_ext_controls32(struct v4l2_ext_controls *p64, + struct v4l2_ext_controls32 __user *p32) { - struct v4l2_ext_control32 __user *ucontrols; - struct v4l2_ext_control __user *kcontrols; - u32 count; - u32 n; - compat_caddr_t p; - - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p64->which, &p32->which) || - get_user(count, &p32->count) || - put_user(count, &p64->count) || - assign_in_user(&p64->error_idx, &p32->error_idx) || - assign_in_user(&p64->request_fd, &p32->request_fd) || - copy_in_user(p64->reserved, p32->reserved, sizeof(p64->reserved))) - return -EFAULT; + struct v4l2_ext_controls32 ec32; - if (count == 0) - return put_user(NULL, &p64->controls); - if (count > V4L2_CID_MAX_CTRLS) - return -EINVAL; - if (get_user(p, &p32->controls)) - return -EFAULT; - ucontrols = compat_ptr(p); - if (!access_ok(ucontrols, count * sizeof(*ucontrols))) - return -EFAULT; - if (aux_space < count * sizeof(*kcontrols)) + if (copy_from_user(&ec32, p32, sizeof(ec32))) return -EFAULT; - kcontrols = aux_buf; - if (put_user_force(kcontrols, &p64->controls)) - return -EFAULT; - - for (n = 0; n < count; n++) { - u32 id; - - if (copy_in_user(kcontrols, ucontrols, sizeof(*ucontrols))) - return -EFAULT; - - if (get_user(id, &kcontrols->id)) - return -EFAULT; - if (ctrl_is_pointer(file, id)) { - void __user *s; + *p64 = (struct v4l2_ext_controls) { + .which = ec32.which, + .count = ec32.count, + .error_idx = ec32.error_idx, + .request_fd = ec32.request_fd, + .reserved[0] = ec32.reserved[0], + .controls = (void __force *)compat_ptr(ec32.controls), + }; - if (get_user(p, &ucontrols->string)) - return -EFAULT; - s = compat_ptr(p); - if (put_user(s, &kcontrols->string)) - return -EFAULT; - } - ucontrols++; - kcontrols++; - } return 0; } -static int put_v4l2_ext_controls32(struct file *file, - struct v4l2_ext_controls __user *p64, +static int put_v4l2_ext_controls32(struct v4l2_ext_controls *p64, struct v4l2_ext_controls32 __user *p32) { - struct v4l2_ext_control32 __user *ucontrols; - struct v4l2_ext_control *kcontrols; - u32 count; - u32 n; - compat_caddr_t p; - - /* - * We need to define kcontrols without __user, even though it does - * point to data in userspace here. The reason is that v4l2-ioctl.c - * copies it from userspace to kernelspace, so its definition in - * videodev2.h doesn't have a __user markup. Defining kcontrols - * with __user causes smatch warnings, so instead declare it - * without __user and cast it as a userspace pointer where needed. - */ - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->which, &p64->which) || - get_user(count, &p64->count) || - put_user(count, &p32->count) || - assign_in_user(&p32->error_idx, &p64->error_idx) || - assign_in_user(&p32->request_fd, &p64->request_fd) || - copy_in_user(p32->reserved, p64->reserved, sizeof(p32->reserved)) || - get_user(kcontrols, &p64->controls)) - return -EFAULT; + struct v4l2_ext_controls32 ec32; + + memset(&ec32, 0, sizeof(ec32)); + ec32 = (struct v4l2_ext_controls32) { + .which = p64->which, + .count = p64->count, + .error_idx = p64->error_idx, + .request_fd = p64->request_fd, + .reserved[0] = p64->reserved[0], + .controls = (uintptr_t)p64->controls, + }; - if (!count || count > (U32_MAX/sizeof(*ucontrols))) - return 0; - if (get_user(p, &p32->controls)) - return -EFAULT; - ucontrols = compat_ptr(p); - if (!access_ok(ucontrols, count * sizeof(*ucontrols))) + if (copy_to_user(p32, &ec32, sizeof(ec32))) return -EFAULT; - for (n = 0; n < count; n++) { - unsigned int size = sizeof(*ucontrols); - u32 id; - - if (get_user_cast(id, &kcontrols->id) || - put_user(id, &ucontrols->id) || - assign_in_user_cast(&ucontrols->size, &kcontrols->size) || - copy_in_user(&ucontrols->reserved2, - (void __user *)&kcontrols->reserved2, - sizeof(ucontrols->reserved2))) - return -EFAULT; - - /* - * Do not modify the pointer when copying a pointer control. - * The contents of the pointer was changed, not the pointer - * itself. - */ - if (ctrl_is_pointer(file, id)) - size -= sizeof(ucontrols->value64); - - if (copy_in_user(ucontrols, - (void __user *)kcontrols, size)) - return -EFAULT; - - ucontrols++; - kcontrols++; - } return 0; } @@ -1409,6 +1311,12 @@ static int put_v4l2_edid32(struct v4l2_edid __user *p64, unsigned int v4l2_compat_translate_cmd(unsigned int cmd) { switch (cmd) { + case VIDIOC_G_EXT_CTRLS32: + return VIDIOC_G_EXT_CTRLS; + case VIDIOC_S_EXT_CTRLS32: + return VIDIOC_S_EXT_CTRLS; + case VIDIOC_TRY_EXT_CTRLS32: + return VIDIOC_TRY_EXT_CTRLS; } return cmd; } @@ -1416,6 +1324,10 @@ unsigned int v4l2_compat_translate_cmd(unsigned int cmd) int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) { switch (cmd) { + case VIDIOC_G_EXT_CTRLS32: + case VIDIOC_S_EXT_CTRLS32: + case VIDIOC_TRY_EXT_CTRLS32: + return get_v4l2_ext_controls32(parg, arg); } return 0; } @@ -1423,6 +1335,10 @@ int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) int v4l2_compat_put_user(void __user *arg, void *parg, unsigned int cmd) { switch (cmd) { + case VIDIOC_G_EXT_CTRLS32: + case VIDIOC_S_EXT_CTRLS32: + case VIDIOC_TRY_EXT_CTRLS32: + return put_v4l2_ext_controls32(parg, arg); } return 0; } @@ -1434,6 +1350,29 @@ int v4l2_compat_get_array_args(struct file *file, void *mbuf, int err = 0; switch (cmd) { + case VIDIOC_G_EXT_CTRLS32: + case VIDIOC_S_EXT_CTRLS32: + case VIDIOC_TRY_EXT_CTRLS32: { + struct v4l2_ext_controls *ecs64 = arg; + struct v4l2_ext_control *ec64 = mbuf; + struct v4l2_ext_control32 __user *ec32 = user_ptr; + int n; + + for (n = 0; n < ecs64->count; n++) { + if (copy_from_user(ec64, ec32, sizeof(*ec32))) + return -EFAULT; + + if (ctrl_is_pointer(file, ec64->id)) { + compat_uptr_t p; + if (get_user(p, &ec32->string)) + return -EFAULT; + ec64->string = compat_ptr(p); + } + ec32++; + ec64++; + } + break; + } default: if (copy_from_user(mbuf, user_ptr, array_size)) err = -EFAULT; @@ -1450,6 +1389,33 @@ int v4l2_compat_put_array_args(struct file *file, void __user *user_ptr, int err = 0; switch (cmd) { + case VIDIOC_G_EXT_CTRLS32: + case VIDIOC_S_EXT_CTRLS32: + case VIDIOC_TRY_EXT_CTRLS32: { + struct v4l2_ext_controls *ecs64 = arg; + struct v4l2_ext_control *ec64 = mbuf; + struct v4l2_ext_control32 __user *ec32 = user_ptr; + int n; + + for (n = 0; n < ecs64->count; n++) { + unsigned int size = sizeof(*ec32); + /* + * Do not modify the pointer when copying a pointer + * control. The contents of the pointer was changed, + * not the pointer itself. + * The structures are otherwise compatible. + */ + if (ctrl_is_pointer(file, ec64->id)) + size -= sizeof(ec32->value64); + + if (copy_to_user(ec32, ec64, size)) + return -EFAULT; + + ec32++; + ec64++; + } + break; + } default: if (copy_to_user(user_ptr, mbuf, array_size)) err = -EFAULT; @@ -1459,6 +1425,7 @@ int v4l2_compat_put_array_args(struct file *file, void __user *user_ptr, return err; } + /** * alloc_userspace() - Allocates a 64-bits userspace pointer compatible * for calling the native 64-bits version of an ioctl. @@ -1529,9 +1496,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar case VIDIOC_ENUMSTD32: ncmd = VIDIOC_ENUMSTD; break; case VIDIOC_ENUMINPUT32: ncmd = VIDIOC_ENUMINPUT; break; case VIDIOC_TRY_FMT32: ncmd = VIDIOC_TRY_FMT; break; - case VIDIOC_G_EXT_CTRLS32: ncmd = VIDIOC_G_EXT_CTRLS; break; - case VIDIOC_S_EXT_CTRLS32: ncmd = VIDIOC_S_EXT_CTRLS; break; - case VIDIOC_TRY_EXT_CTRLS32: ncmd = VIDIOC_TRY_EXT_CTRLS; break; #ifdef CONFIG_X86_64 case VIDIOC_DQEVENT32: ncmd = VIDIOC_DQEVENT; break; case VIDIOC_DQEVENT32_TIME32: ncmd = VIDIOC_DQEVENT_TIME32; break; @@ -1647,20 +1611,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar compatible_arg = 0; break; - case VIDIOC_G_EXT_CTRLS32: - case VIDIOC_S_EXT_CTRLS32: - case VIDIOC_TRY_EXT_CTRLS32: - err = bufsize_v4l2_ext_controls(p32, &aux_space); - if (!err) - err = alloc_userspace(sizeof(struct v4l2_ext_controls), - aux_space, &new_p64); - if (!err) { - aux_buf = new_p64 + sizeof(struct v4l2_ext_controls); - err = get_v4l2_ext_controls32(file, new_p64, p32, - aux_buf, aux_space); - } - compatible_arg = 0; - break; #ifdef CONFIG_X86_64 case VIDIOC_DQEVENT32: err = alloc_userspace(sizeof(struct v4l2_event), 0, &new_p64); @@ -1703,12 +1653,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar * the blocks to maximum allowed value. */ switch (cmd) { - case VIDIOC_G_EXT_CTRLS32: - case VIDIOC_S_EXT_CTRLS32: - case VIDIOC_TRY_EXT_CTRLS32: - if (put_v4l2_ext_controls32(file, new_p64, p32)) - err = -EFAULT; - break; case VIDIOC_S_EDID32: if (put_v4l2_edid32(new_p64, p32)) err = -EFAULT; From patchwork Fri Oct 30 16:55:25 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 11870325 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 43B4314B4 for ; Fri, 30 Oct 2020 16:56:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 069E12075E for ; Fri, 30 Oct 2020 16:56:15 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604076976; bh=+1twd80hX9Qmohw4lJ3sljvQ1r+aElub9LTIXsfcOFM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=uvo8ssny3hk1kjDu5sFnbZLX4DtTymg8CrRmDiBT3xLaJQTaTKDre4BiAaXbWZQhW mri3GTEiElwc41+d4RNBV3Gzk252DZQSZHFE4UUdAFurZQRDlgmU//aJbMBra63YO5 +k+LrEYIS/A4NFBP3/50OWig8er1T6Do3XCrXAZA= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727342AbgJ3Q4M (ORCPT ); Fri, 30 Oct 2020 12:56:12 -0400 Received: from mail.kernel.org ([198.145.29.99]:60820 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727239AbgJ3Qzu (ORCPT ); Fri, 30 Oct 2020 12:55:50 -0400 Received: from localhost.localdomain (HSI-KBW-46-223-126-90.hsi.kabel-badenwuerttemberg.de [46.223.126.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B9E2220756; Fri, 30 Oct 2020 16:55:45 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604076947; bh=+1twd80hX9Qmohw4lJ3sljvQ1r+aElub9LTIXsfcOFM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=W4Vyw/0cAZd2qjOoy62/q7eo3Lh6d9ArtIpkvDI4g6IcQzmpSLAPxdua98LSxVSU8 Di/SKGC1HOaY70V3VK/XY98YcrV6d2E+HWvJziqCsfKyT/Ezw2E23K/CHjr3BtMScj vBoftiM5MLhXs7o85Qo51rFvfdcl3zcIMv7gL030= From: Arnd Bergmann To: Hans Verkuil Cc: Arnd Bergmann , linux-media@vger.kernel.org, mchehab@kernel.org, hch@lst.de, linux-kernel@vger.kernel.org Subject: [PATCH v2 4/8] media: v4l2: move compat handling for v4l2_buffer Date: Fri, 30 Oct 2020 17:55:25 +0100 Message-Id: <20201030165529.1255175-5-arnd@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20201030165529.1255175-1-arnd@kernel.org> References: <20201030165529.1255175-1-arnd@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org From: Arnd Bergmann The ioctl commands based on v4l2_buffer have two sets of compat calls, one for native time32 structures, and one for compat structures on 64-bit architectures. Change the compat version to use the same approach as the other simpler one, for both versions of the structure. In an earlier version of the patch, I unified the v4l2_buffer_time32 and v4l2_buffer32_time32 compatibility handling into a single implementation, but that relied on having it all in one file, rather than having the in_compat_syscall() version in v4l2-compat-ioctl32.c. Signed-off-by: Arnd Bergmann --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 724 +++++++----------- 1 file changed, 270 insertions(+), 454 deletions(-) diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index fa94cdec7df5..dfc4632b7ba2 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -521,480 +521,250 @@ struct v4l2_buffer32_time32 { __s32 request_fd; }; -static int get_v4l2_plane32(struct v4l2_plane __user *p64, +static int get_v4l2_plane32(struct v4l2_plane *p64, struct v4l2_plane32 __user *p32, enum v4l2_memory memory) { - compat_ulong_t p; + struct v4l2_plane32 plane32; + typeof(p64->m) m = {}; - if (copy_in_user(p64, p32, 2 * sizeof(__u32)) || - copy_in_user(&p64->data_offset, &p32->data_offset, - sizeof(p64->data_offset))) + if (copy_from_user(&plane32, p32, sizeof(plane32))) return -EFAULT; switch (memory) { case V4L2_MEMORY_MMAP: case V4L2_MEMORY_OVERLAY: - if (copy_in_user(&p64->m.mem_offset, &p32->m.mem_offset, - sizeof(p32->m.mem_offset))) - return -EFAULT; + m.mem_offset = plane32.m.mem_offset; break; case V4L2_MEMORY_USERPTR: - if (get_user(p, &p32->m.userptr) || - put_user((unsigned long)compat_ptr(p), &p64->m.userptr)) - return -EFAULT; + m.userptr = (unsigned long)compat_ptr(plane32.m.userptr); break; case V4L2_MEMORY_DMABUF: - if (copy_in_user(&p64->m.fd, &p32->m.fd, sizeof(p32->m.fd))) - return -EFAULT; + m.fd = plane32.m.fd; break; } + memset(p64, 0, sizeof(*p64)); + *p64 = (struct v4l2_plane) { + .bytesused = plane32.bytesused, + .length = plane32.length, + .m = m, + .data_offset = plane32.data_offset, + }; + return 0; } -static int put_v4l2_plane32(struct v4l2_plane __user *p64, +static int put_v4l2_plane32(struct v4l2_plane *p64, struct v4l2_plane32 __user *p32, enum v4l2_memory memory) { - unsigned long p; + struct v4l2_plane32 plane32; - if (copy_in_user(p32, p64, 2 * sizeof(__u32)) || - copy_in_user(&p32->data_offset, &p64->data_offset, - sizeof(p64->data_offset))) - return -EFAULT; + memset(&plane32, 0, sizeof(plane32)); + plane32 = (struct v4l2_plane32) { + .bytesused = p64->bytesused, + .length = p64->length, + .data_offset = p64->data_offset, + }; switch (memory) { case V4L2_MEMORY_MMAP: case V4L2_MEMORY_OVERLAY: - if (copy_in_user(&p32->m.mem_offset, &p64->m.mem_offset, - sizeof(p64->m.mem_offset))) - return -EFAULT; + plane32.m.mem_offset = p64->m.mem_offset; break; case V4L2_MEMORY_USERPTR: - if (get_user(p, &p64->m.userptr) || - put_user((compat_ulong_t)ptr_to_compat((void __user *)p), - &p32->m.userptr)) - return -EFAULT; + plane32.m.userptr = (uintptr_t)(p64->m.userptr); break; case V4L2_MEMORY_DMABUF: - if (copy_in_user(&p32->m.fd, &p64->m.fd, sizeof(p64->m.fd))) - return -EFAULT; + plane32.m.fd = p64->m.fd; break; } - return 0; -} - -static int bufsize_v4l2_buffer(struct v4l2_buffer32 __user *p32, u32 *size) -{ - u32 type; - u32 length; - - if (!access_ok(p32, sizeof(*p32)) || - get_user(type, &p32->type) || - get_user(length, &p32->length)) + if (copy_to_user(p32, &plane32, sizeof(plane32))) return -EFAULT; - if (V4L2_TYPE_IS_MULTIPLANAR(type)) { - if (length > VIDEO_MAX_PLANES) - return -EINVAL; - - /* - * We don't really care if userspace decides to kill itself - * by passing a very big length value - */ - *size = length * sizeof(struct v4l2_plane); - } else { - *size = 0; - } return 0; } -static int bufsize_v4l2_buffer_time32(struct v4l2_buffer32_time32 __user *p32, u32 *size) +static int get_v4l2_buffer32(struct v4l2_buffer *vb, + struct v4l2_buffer32 __user *arg) { - u32 type; - u32 length; + struct v4l2_buffer32 vb32; - if (!access_ok(p32, sizeof(*p32)) || - get_user(type, &p32->type) || - get_user(length, &p32->length)) + if (copy_from_user(&vb32, arg, sizeof(vb32))) return -EFAULT; - if (V4L2_TYPE_IS_MULTIPLANAR(type)) { - if (length > VIDEO_MAX_PLANES) - return -EINVAL; + memset(vb, 0, sizeof(*vb)); + *vb = (struct v4l2_buffer) { + .index = vb32.index, + .type = vb32.type, + .bytesused = vb32.bytesused, + .flags = vb32.flags, + .field = vb32.field, + .timestamp.tv_sec = vb32.timestamp.tv_sec, + .timestamp.tv_usec = vb32.timestamp.tv_usec, + .timecode = vb32.timecode, + .sequence = vb32.sequence, + .memory = vb32.memory, + .m.offset = vb32.m.offset, + .length = vb32.length, + .request_fd = vb32.request_fd, + }; - /* - * We don't really care if userspace decides to kill itself - * by passing a very big length value - */ - *size = length * sizeof(struct v4l2_plane); - } else { - *size = 0; + switch (vb->memory) { + case V4L2_MEMORY_MMAP: + case V4L2_MEMORY_OVERLAY: + vb->m.offset = vb32.m.offset; + break; + case V4L2_MEMORY_USERPTR: + vb->m.userptr = (unsigned long)compat_ptr(vb32.m.userptr); + break; + case V4L2_MEMORY_DMABUF: + vb->m.fd = vb32.m.fd; + break; } - return 0; -} - -static int get_v4l2_buffer32(struct v4l2_buffer __user *p64, - struct v4l2_buffer32 __user *p32, - void __user *aux_buf, u32 aux_space) -{ - u32 type; - u32 length; - s32 request_fd; - enum v4l2_memory memory; - struct v4l2_plane32 __user *uplane32; - struct v4l2_plane __user *uplane; - compat_caddr_t p; - int ret; - - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p64->index, &p32->index) || - get_user(type, &p32->type) || - put_user(type, &p64->type) || - assign_in_user(&p64->flags, &p32->flags) || - get_user(memory, &p32->memory) || - put_user(memory, &p64->memory) || - get_user(length, &p32->length) || - put_user(length, &p64->length) || - get_user(request_fd, &p32->request_fd) || - put_user(request_fd, &p64->request_fd)) - return -EFAULT; - - if (V4L2_TYPE_IS_OUTPUT(type)) - if (assign_in_user(&p64->bytesused, &p32->bytesused) || - assign_in_user(&p64->field, &p32->field) || - assign_in_user(&p64->timestamp.tv_sec, - &p32->timestamp.tv_sec) || - assign_in_user(&p64->timestamp.tv_usec, - &p32->timestamp.tv_usec)) - return -EFAULT; - - if (V4L2_TYPE_IS_MULTIPLANAR(type)) { - u32 num_planes = length; - - if (num_planes == 0) { - /* - * num_planes == 0 is legal, e.g. when userspace doesn't - * need planes array on DQBUF - */ - return put_user(NULL, &p64->m.planes); - } - if (num_planes > VIDEO_MAX_PLANES) - return -EINVAL; - - if (get_user(p, &p32->m.planes)) - return -EFAULT; - - uplane32 = compat_ptr(p); - if (!access_ok(uplane32, - num_planes * sizeof(*uplane32))) - return -EFAULT; - - /* - * We don't really care if userspace decides to kill itself - * by passing a very big num_planes value - */ - if (aux_space < num_planes * sizeof(*uplane)) - return -EFAULT; - - uplane = aux_buf; - if (put_user_force(uplane, &p64->m.planes)) - return -EFAULT; - - while (num_planes--) { - ret = get_v4l2_plane32(uplane, uplane32, memory); - if (ret) - return ret; - uplane++; - uplane32++; - } - } else { - switch (memory) { - case V4L2_MEMORY_MMAP: - case V4L2_MEMORY_OVERLAY: - if (assign_in_user(&p64->m.offset, &p32->m.offset)) - return -EFAULT; - break; - case V4L2_MEMORY_USERPTR: { - compat_ulong_t userptr; - if (get_user(userptr, &p32->m.userptr) || - put_user((unsigned long)compat_ptr(userptr), - &p64->m.userptr)) - return -EFAULT; - break; - } - case V4L2_MEMORY_DMABUF: - if (assign_in_user(&p64->m.fd, &p32->m.fd)) - return -EFAULT; - break; - } - } + if (V4L2_TYPE_IS_MULTIPLANAR(vb->type)) + vb->m.planes = (void __force *) + compat_ptr(vb32.m.planes); return 0; } -static int get_v4l2_buffer32_time32(struct v4l2_buffer_time32 __user *p64, - struct v4l2_buffer32_time32 __user *p32, - void __user *aux_buf, u32 aux_space) +#ifdef CONFIG_COMPAT_32BIT_TIME +static int get_v4l2_buffer32_time32(struct v4l2_buffer *vb, + struct v4l2_buffer32_time32 __user *arg) { - u32 type; - u32 length; - s32 request_fd; - enum v4l2_memory memory; - struct v4l2_plane32 __user *uplane32; - struct v4l2_plane __user *uplane; - compat_caddr_t p; - int ret; + struct v4l2_buffer32_time32 vb32; - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p64->index, &p32->index) || - get_user(type, &p32->type) || - put_user(type, &p64->type) || - assign_in_user(&p64->flags, &p32->flags) || - get_user(memory, &p32->memory) || - put_user(memory, &p64->memory) || - get_user(length, &p32->length) || - put_user(length, &p64->length) || - get_user(request_fd, &p32->request_fd) || - put_user(request_fd, &p64->request_fd)) + if (copy_from_user(&vb32, arg, sizeof(vb32))) return -EFAULT; - if (V4L2_TYPE_IS_OUTPUT(type)) - if (assign_in_user(&p64->bytesused, &p32->bytesused) || - assign_in_user(&p64->field, &p32->field) || - assign_in_user(&p64->timestamp.tv_sec, - &p32->timestamp.tv_sec) || - assign_in_user(&p64->timestamp.tv_usec, - &p32->timestamp.tv_usec)) - return -EFAULT; - - if (V4L2_TYPE_IS_MULTIPLANAR(type)) { - u32 num_planes = length; - - if (num_planes == 0) { - /* - * num_planes == 0 is legal, e.g. when userspace doesn't - * need planes array on DQBUF - */ - return put_user(NULL, &p64->m.planes); - } - if (num_planes > VIDEO_MAX_PLANES) - return -EINVAL; - - if (get_user(p, &p32->m.planes)) - return -EFAULT; - - uplane32 = compat_ptr(p); - if (!access_ok(uplane32, - num_planes * sizeof(*uplane32))) - return -EFAULT; - - /* - * We don't really care if userspace decides to kill itself - * by passing a very big num_planes value - */ - if (aux_space < num_planes * sizeof(*uplane)) - return -EFAULT; - - uplane = aux_buf; - if (put_user_force(uplane, &p64->m.planes)) - return -EFAULT; - - while (num_planes--) { - ret = get_v4l2_plane32(uplane, uplane32, memory); - if (ret) - return ret; - uplane++; - uplane32++; - } - } else { - switch (memory) { - case V4L2_MEMORY_MMAP: - case V4L2_MEMORY_OVERLAY: - if (assign_in_user(&p64->m.offset, &p32->m.offset)) - return -EFAULT; - break; - case V4L2_MEMORY_USERPTR: { - compat_ulong_t userptr; - - if (get_user(userptr, &p32->m.userptr) || - put_user((unsigned long)compat_ptr(userptr), - &p64->m.userptr)) - return -EFAULT; - break; - } - case V4L2_MEMORY_DMABUF: - if (assign_in_user(&p64->m.fd, &p32->m.fd)) - return -EFAULT; - break; - } + *vb = (struct v4l2_buffer) { + .index = vb32.index, + .type = vb32.type, + .bytesused = vb32.bytesused, + .flags = vb32.flags, + .field = vb32.field, + .timestamp.tv_sec = vb32.timestamp.tv_sec, + .timestamp.tv_usec = vb32.timestamp.tv_usec, + .timecode = vb32.timecode, + .sequence = vb32.sequence, + .memory = vb32.memory, + .m.offset = vb32.m.offset, + .length = vb32.length, + .request_fd = vb32.request_fd, + }; + switch (vb->memory) { + case V4L2_MEMORY_MMAP: + case V4L2_MEMORY_OVERLAY: + vb->m.offset = vb32.m.offset; + break; + case V4L2_MEMORY_USERPTR: + vb->m.userptr = (unsigned long)compat_ptr(vb32.m.userptr); + break; + case V4L2_MEMORY_DMABUF: + vb->m.fd = vb32.m.fd; + break; } + if (V4L2_TYPE_IS_MULTIPLANAR(vb->type)) + vb->m.planes = (void __force *) + compat_ptr(vb32.m.planes); + return 0; } +#endif -static int put_v4l2_buffer32(struct v4l2_buffer __user *p64, - struct v4l2_buffer32 __user *p32) +static int put_v4l2_buffer32(struct v4l2_buffer *vb, + struct v4l2_buffer32 __user *arg) { - u32 type; - u32 length; - enum v4l2_memory memory; - struct v4l2_plane32 __user *uplane32; - struct v4l2_plane *uplane; - compat_caddr_t p; - int ret; + struct v4l2_buffer32 vb32;; + + memset (&vb32, 0, sizeof vb32); + vb32 = (struct v4l2_buffer32) { + .index = vb->index, + .type = vb->type, + .bytesused = vb->bytesused, + .flags = vb->flags, + .field = vb->field, + .timestamp.tv_sec = vb->timestamp.tv_sec, + .timestamp.tv_usec = vb->timestamp.tv_usec, + .timecode = vb->timecode, + .sequence = vb->sequence, + .memory = vb->memory, + .m.offset = vb->m.offset, + .length = vb->length, + .request_fd = vb->request_fd, + }; - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->index, &p64->index) || - get_user(type, &p64->type) || - put_user(type, &p32->type) || - assign_in_user(&p32->flags, &p64->flags) || - get_user(memory, &p64->memory) || - put_user(memory, &p32->memory)) - return -EFAULT; + switch (vb->memory) { + case V4L2_MEMORY_MMAP: + case V4L2_MEMORY_OVERLAY: + vb32.m.offset = vb->m.offset; + break; + case V4L2_MEMORY_USERPTR: + vb32.m.userptr = (uintptr_t)(vb->m.userptr); + break; + case V4L2_MEMORY_DMABUF: + vb32.m.fd = vb->m.fd; + break; + } - if (assign_in_user(&p32->bytesused, &p64->bytesused) || - assign_in_user(&p32->field, &p64->field) || - assign_in_user(&p32->timestamp.tv_sec, &p64->timestamp.tv_sec) || - assign_in_user(&p32->timestamp.tv_usec, &p64->timestamp.tv_usec) || - copy_in_user(&p32->timecode, &p64->timecode, sizeof(p64->timecode)) || - assign_in_user(&p32->sequence, &p64->sequence) || - assign_in_user(&p32->reserved2, &p64->reserved2) || - assign_in_user(&p32->request_fd, &p64->request_fd) || - get_user(length, &p64->length) || - put_user(length, &p32->length)) - return -EFAULT; + if (V4L2_TYPE_IS_MULTIPLANAR(vb->type)) + vb32.m.planes = (uintptr_t)vb->m.planes; - if (V4L2_TYPE_IS_MULTIPLANAR(type)) { - u32 num_planes = length; - - if (num_planes == 0) - return 0; - /* We need to define uplane without __user, even though - * it does point to data in userspace here. The reason is - * that v4l2-ioctl.c copies it from userspace to kernelspace, - * so its definition in videodev2.h doesn't have a - * __user markup. Defining uplane with __user causes - * smatch warnings, so instead declare it without __user - * and cast it as a userspace pointer to put_v4l2_plane32(). - */ - if (get_user(uplane, &p64->m.planes)) - return -EFAULT; - if (get_user(p, &p32->m.planes)) - return -EFAULT; - uplane32 = compat_ptr(p); - - while (num_planes--) { - ret = put_v4l2_plane32((void __user *)uplane, - uplane32, memory); - if (ret) - return ret; - ++uplane; - ++uplane32; - } - } else { - switch (memory) { - case V4L2_MEMORY_MMAP: - case V4L2_MEMORY_OVERLAY: - if (assign_in_user(&p32->m.offset, &p64->m.offset)) - return -EFAULT; - break; - case V4L2_MEMORY_USERPTR: - if (assign_in_user(&p32->m.userptr, &p64->m.userptr)) - return -EFAULT; - break; - case V4L2_MEMORY_DMABUF: - if (assign_in_user(&p32->m.fd, &p64->m.fd)) - return -EFAULT; - break; - } - } + if (copy_to_user(arg, &vb32, sizeof(vb32))) + return -EFAULT; return 0; } -static int put_v4l2_buffer32_time32(struct v4l2_buffer_time32 __user *p64, - struct v4l2_buffer32_time32 __user *p32) +#ifdef CONFIG_COMPAT_32BIT_TIME +static int put_v4l2_buffer32_time32(struct v4l2_buffer *vb, + struct v4l2_buffer32_time32 __user *arg) { - u32 type; - u32 length; - enum v4l2_memory memory; - struct v4l2_plane32 __user *uplane32; - struct v4l2_plane *uplane; - compat_caddr_t p; - int ret; + struct v4l2_buffer32_time32 vb32; + + memset (&vb32, 0, sizeof vb32); + vb32 = (struct v4l2_buffer32_time32) { + .index = vb->index, + .type = vb->type, + .bytesused = vb->bytesused, + .flags = vb->flags, + .field = vb->field, + .timestamp.tv_sec = vb->timestamp.tv_sec, + .timestamp.tv_usec = vb->timestamp.tv_usec, + .timecode = vb->timecode, + .sequence = vb->sequence, + .memory = vb->memory, + .m.offset = vb->m.offset, + .length = vb->length, + .request_fd = vb->request_fd, + }; + switch (vb->memory) { + case V4L2_MEMORY_MMAP: + case V4L2_MEMORY_OVERLAY: + vb32.m.offset = vb->m.offset; + break; + case V4L2_MEMORY_USERPTR: + vb32.m.userptr = (uintptr_t)(vb->m.userptr); + break; + case V4L2_MEMORY_DMABUF: + vb32.m.fd = vb->m.fd; + break; + } - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->index, &p64->index) || - get_user(type, &p64->type) || - put_user(type, &p32->type) || - assign_in_user(&p32->flags, &p64->flags) || - get_user(memory, &p64->memory) || - put_user(memory, &p32->memory)) - return -EFAULT; + if (V4L2_TYPE_IS_MULTIPLANAR(vb->type)) + vb32.m.planes = (uintptr_t)vb->m.planes; - if (assign_in_user(&p32->bytesused, &p64->bytesused) || - assign_in_user(&p32->field, &p64->field) || - assign_in_user(&p32->timestamp.tv_sec, &p64->timestamp.tv_sec) || - assign_in_user(&p32->timestamp.tv_usec, &p64->timestamp.tv_usec) || - copy_in_user(&p32->timecode, &p64->timecode, sizeof(p64->timecode)) || - assign_in_user(&p32->sequence, &p64->sequence) || - assign_in_user(&p32->reserved2, &p64->reserved2) || - assign_in_user(&p32->request_fd, &p64->request_fd) || - get_user(length, &p64->length) || - put_user(length, &p32->length)) + if (copy_to_user(arg, &vb32, sizeof(vb32))) return -EFAULT; - if (V4L2_TYPE_IS_MULTIPLANAR(type)) { - u32 num_planes = length; - - if (num_planes == 0) - return 0; - /* We need to define uplane without __user, even though - * it does point to data in userspace here. The reason is - * that v4l2-ioctl.c copies it from userspace to kernelspace, - * so its definition in videodev2.h doesn't have a - * __user markup. Defining uplane with __user causes - * smatch warnings, so instead declare it without __user - * and cast it as a userspace pointer to put_v4l2_plane32(). - */ - if (get_user(uplane, &p64->m.planes)) - return -EFAULT; - if (get_user(p, &p32->m.planes)) - return -EFAULT; - uplane32 = compat_ptr(p); - - while (num_planes--) { - ret = put_v4l2_plane32((void __user *)uplane, - uplane32, memory); - if (ret) - return ret; - ++uplane; - ++uplane32; - } - } else { - switch (memory) { - case V4L2_MEMORY_MMAP: - case V4L2_MEMORY_OVERLAY: - if (assign_in_user(&p32->m.offset, &p64->m.offset)) - return -EFAULT; - break; - case V4L2_MEMORY_USERPTR: - if (assign_in_user(&p32->m.userptr, &p64->m.userptr)) - return -EFAULT; - break; - case V4L2_MEMORY_DMABUF: - if (assign_in_user(&p32->m.fd, &p64->m.fd)) - return -EFAULT; - break; - } - } - return 0; } +#endif struct v4l2_framebuffer32 { __u32 capability; @@ -1311,12 +1081,30 @@ static int put_v4l2_edid32(struct v4l2_edid __user *p64, unsigned int v4l2_compat_translate_cmd(unsigned int cmd) { switch (cmd) { +#ifdef CONFIG_COMPAT_32BIT_TIME + case VIDIOC_QUERYBUF32_TIME32: + return VIDIOC_QUERYBUF; + case VIDIOC_QBUF32_TIME32: + return VIDIOC_QBUF; + case VIDIOC_DQBUF32_TIME32: + return VIDIOC_DQBUF; + case VIDIOC_PREPARE_BUF32_TIME32: + return VIDIOC_PREPARE_BUF; +#endif + case VIDIOC_QUERYBUF32: + return VIDIOC_QUERYBUF; + case VIDIOC_QBUF32: + return VIDIOC_QBUF; + case VIDIOC_DQBUF32: + return VIDIOC_DQBUF; case VIDIOC_G_EXT_CTRLS32: return VIDIOC_G_EXT_CTRLS; case VIDIOC_S_EXT_CTRLS32: return VIDIOC_S_EXT_CTRLS; case VIDIOC_TRY_EXT_CTRLS32: return VIDIOC_TRY_EXT_CTRLS; + case VIDIOC_PREPARE_BUF32: + return VIDIOC_PREPARE_BUF; } return cmd; } @@ -1324,6 +1112,19 @@ unsigned int v4l2_compat_translate_cmd(unsigned int cmd) int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) { switch (cmd) { +#ifdef CONFIG_COMPAT_32BIT_TIME + case VIDIOC_QUERYBUF32_TIME32: + case VIDIOC_QBUF32_TIME32: + case VIDIOC_DQBUF32_TIME32: + case VIDIOC_PREPARE_BUF32_TIME32: + return get_v4l2_buffer32_time32(parg, arg); +#endif + case VIDIOC_QUERYBUF32: + case VIDIOC_QBUF32: + case VIDIOC_DQBUF32: + case VIDIOC_PREPARE_BUF32: + return get_v4l2_buffer32(parg, arg); + case VIDIOC_G_EXT_CTRLS32: case VIDIOC_S_EXT_CTRLS32: case VIDIOC_TRY_EXT_CTRLS32: @@ -1335,6 +1136,19 @@ int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) int v4l2_compat_put_user(void __user *arg, void *parg, unsigned int cmd) { switch (cmd) { +#ifdef CONFIG_COMPAT_32BIT_TIME + case VIDIOC_QUERYBUF32_TIME32: + case VIDIOC_QBUF32_TIME32: + case VIDIOC_DQBUF32_TIME32: + case VIDIOC_PREPARE_BUF32_TIME32: + return put_v4l2_buffer32_time32(parg, arg); +#endif + case VIDIOC_QUERYBUF32: + case VIDIOC_QBUF32: + case VIDIOC_DQBUF32: + case VIDIOC_PREPARE_BUF32: + return put_v4l2_buffer32(parg, arg); + case VIDIOC_G_EXT_CTRLS32: case VIDIOC_S_EXT_CTRLS32: case VIDIOC_TRY_EXT_CTRLS32: @@ -1350,6 +1164,34 @@ int v4l2_compat_get_array_args(struct file *file, void *mbuf, int err = 0; switch (cmd) { + case VIDIOC_QUERYBUF32_TIME32: + case VIDIOC_QBUF32_TIME32: + case VIDIOC_DQBUF32_TIME32: + case VIDIOC_PREPARE_BUF32_TIME32: + case VIDIOC_QUERYBUF32: + case VIDIOC_QBUF32: + case VIDIOC_DQBUF32: + case VIDIOC_PREPARE_BUF32: { + struct v4l2_buffer *b64 = arg; + struct v4l2_plane *p64 = mbuf; + struct v4l2_plane32 __user *p32 = user_ptr; + + if (V4L2_TYPE_IS_MULTIPLANAR(b64->type)) { + u32 num_planes = b64->length; + + if (num_planes == 0) + return 0; + + while (num_planes--) { + err = get_v4l2_plane32(p64, p32, b64->memory); + if (err) + return err; + ++p64; + ++p32; + } + } + break; + } case VIDIOC_G_EXT_CTRLS32: case VIDIOC_S_EXT_CTRLS32: case VIDIOC_TRY_EXT_CTRLS32: { @@ -1389,6 +1231,34 @@ int v4l2_compat_put_array_args(struct file *file, void __user *user_ptr, int err = 0; switch (cmd) { + case VIDIOC_QUERYBUF32_TIME32: + case VIDIOC_QBUF32_TIME32: + case VIDIOC_DQBUF32_TIME32: + case VIDIOC_PREPARE_BUF32_TIME32: + case VIDIOC_QUERYBUF32: + case VIDIOC_QBUF32: + case VIDIOC_DQBUF32: + case VIDIOC_PREPARE_BUF32: { + struct v4l2_buffer *b64 = arg; + struct v4l2_plane *p64 = mbuf; + struct v4l2_plane32 __user *p32 = user_ptr; + + if (V4L2_TYPE_IS_MULTIPLANAR(b64->type)) { + u32 num_planes = b64->length; + + if (num_planes == 0) + return 0; + + while (num_planes--) { + err = put_v4l2_plane32(p64, p32, b64->memory); + if (err) + return err; + ++p64; + ++p32; + } + } + break; + } case VIDIOC_G_EXT_CTRLS32: case VIDIOC_S_EXT_CTRLS32: case VIDIOC_TRY_EXT_CTRLS32: { @@ -1485,14 +1355,8 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar switch (cmd) { case VIDIOC_G_FMT32: ncmd = VIDIOC_G_FMT; break; case VIDIOC_S_FMT32: ncmd = VIDIOC_S_FMT; break; - case VIDIOC_QUERYBUF32: ncmd = VIDIOC_QUERYBUF; break; - case VIDIOC_QUERYBUF32_TIME32: ncmd = VIDIOC_QUERYBUF_TIME32; break; case VIDIOC_G_FBUF32: ncmd = VIDIOC_G_FBUF; break; case VIDIOC_S_FBUF32: ncmd = VIDIOC_S_FBUF; break; - case VIDIOC_QBUF32: ncmd = VIDIOC_QBUF; break; - case VIDIOC_QBUF32_TIME32: ncmd = VIDIOC_QBUF_TIME32; break; - case VIDIOC_DQBUF32: ncmd = VIDIOC_DQBUF; break; - case VIDIOC_DQBUF32_TIME32: ncmd = VIDIOC_DQBUF_TIME32; break; case VIDIOC_ENUMSTD32: ncmd = VIDIOC_ENUMSTD; break; case VIDIOC_ENUMINPUT32: ncmd = VIDIOC_ENUMINPUT; break; case VIDIOC_TRY_FMT32: ncmd = VIDIOC_TRY_FMT; break; @@ -1501,8 +1365,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar case VIDIOC_DQEVENT32_TIME32: ncmd = VIDIOC_DQEVENT_TIME32; break; #endif case VIDIOC_CREATE_BUFS32: ncmd = VIDIOC_CREATE_BUFS; break; - case VIDIOC_PREPARE_BUF32: ncmd = VIDIOC_PREPARE_BUF; break; - case VIDIOC_PREPARE_BUF32_TIME32: ncmd = VIDIOC_PREPARE_BUF_TIME32; break; case VIDIOC_G_EDID32: ncmd = VIDIOC_G_EDID; break; case VIDIOC_S_EDID32: ncmd = VIDIOC_S_EDID; break; default: ncmd = cmd; break; @@ -1550,38 +1412,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar compatible_arg = 0; break; - case VIDIOC_PREPARE_BUF32: - case VIDIOC_QUERYBUF32: - case VIDIOC_QBUF32: - case VIDIOC_DQBUF32: - err = bufsize_v4l2_buffer(p32, &aux_space); - if (!err) - err = alloc_userspace(sizeof(struct v4l2_buffer), - aux_space, &new_p64); - if (!err) { - aux_buf = new_p64 + sizeof(struct v4l2_buffer); - err = get_v4l2_buffer32(new_p64, p32, - aux_buf, aux_space); - } - compatible_arg = 0; - break; - - case VIDIOC_PREPARE_BUF32_TIME32: - case VIDIOC_QUERYBUF32_TIME32: - case VIDIOC_QBUF32_TIME32: - case VIDIOC_DQBUF32_TIME32: - err = bufsize_v4l2_buffer_time32(p32, &aux_space); - if (!err) - err = alloc_userspace(sizeof(struct v4l2_buffer), - aux_space, &new_p64); - if (!err) { - aux_buf = new_p64 + sizeof(struct v4l2_buffer); - err = get_v4l2_buffer32_time32(new_p64, p32, - aux_buf, aux_space); - } - compatible_arg = 0; - break; - case VIDIOC_S_FBUF32: err = alloc_userspace(sizeof(struct v4l2_framebuffer), 0, &new_p64); @@ -1694,20 +1524,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar err = put_v4l2_create32(new_p64, p32); break; - case VIDIOC_PREPARE_BUF32: - case VIDIOC_QUERYBUF32: - case VIDIOC_QBUF32: - case VIDIOC_DQBUF32: - err = put_v4l2_buffer32(new_p64, p32); - break; - - case VIDIOC_PREPARE_BUF32_TIME32: - case VIDIOC_QUERYBUF32_TIME32: - case VIDIOC_QBUF32_TIME32: - case VIDIOC_DQBUF32_TIME32: - err = put_v4l2_buffer32_time32(new_p64, p32); - break; - case VIDIOC_ENUMSTD32: err = put_v4l2_standard32(new_p64, p32); break; From patchwork Fri Oct 30 16:55:26 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 11870317 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6292D139F for ; Fri, 30 Oct 2020 16:55:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 37BE020739 for ; Fri, 30 Oct 2020 16:55:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604076954; bh=dEREUX3pxpzvL1tLCjFym4TpPk2OqNcinSBxBhCK4bA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=E9VDvak346y79TvU1Tn5d/D2bF8eTpE4MD9VqGdF4hFtwOE2V0cmYZjNEXx/o4bhf tzElxUYpPBQ53R3KiZt1toB1g8Lte69OHs6ernyq22vc8/mkYcVSjt1WONoHsRHf1p g36Kgc/OtYo+XbxUWwi0eetXnU/rQu3E46h0Ncck= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727284AbgJ3Qzv (ORCPT ); Fri, 30 Oct 2020 12:55:51 -0400 Received: from mail.kernel.org ([198.145.29.99]:60862 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727264AbgJ3Qzu (ORCPT ); Fri, 30 Oct 2020 12:55:50 -0400 Received: from localhost.localdomain (HSI-KBW-46-223-126-90.hsi.kabel-badenwuerttemberg.de [46.223.126.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B58EF208B6; Fri, 30 Oct 2020 16:55:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604076949; bh=dEREUX3pxpzvL1tLCjFym4TpPk2OqNcinSBxBhCK4bA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=oqzz1gl6XTf/LNcF0UFfNeyH2C6JfjmU9rYaSM/bc8TKKSMDkfS4HFAtUkR3IcBZs fl12pC/IO9KjHKTl5ts81fOtcv8sGtnk+ApCbjhEPndF6oOx89Mfaq1/4XoOyzuWX0 FAaGnSKNtgNEcGdLh2xsif0e0jr+clPR4ZtWFlds= From: Arnd Bergmann To: Hans Verkuil Cc: Arnd Bergmann , linux-media@vger.kernel.org, mchehab@kernel.org, hch@lst.de, linux-kernel@vger.kernel.org Subject: [PATCH v2 5/8] media: v4l2: allocate v4l2_clip objects early Date: Fri, 30 Oct 2020 17:55:26 +0100 Message-Id: <20201030165529.1255175-6-arnd@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20201030165529.1255175-1-arnd@kernel.org> References: <20201030165529.1255175-1-arnd@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org From: Arnd Bergmann The v4l2_format based ioctls can have an indirect pointer to an array of v4l2_clip structures for overlay mode, depending on the 'type' member. There are only five drivers that use the overlay mode and copy the data through the __user pointer. Change the five drivers to use memcpy() instead, and copy the data in common code using the check_array_args() helpers. This allows for a subsequent patch that use the same mechanism for compat ioctl handlers. Note that there is another pointer for a 'bitmap' that is only used in the 'vivid' driver and nowhere else. There is no easy way to use the same trick without adding complexity to the common code, so this remains a __user pointer. Signed-off-by: Arnd Bergmann --- drivers/media/common/saa7146/saa7146_video.c | 6 ++--- drivers/media/pci/bt8xx/bttv-driver.c | 8 ++----- drivers/media/pci/saa7134/saa7134-video.c | 19 ++++++--------- .../media/test-drivers/vivid/vivid-vid-cap.c | 18 ++++++--------- .../media/test-drivers/vivid/vivid-vid-out.c | 18 ++++++--------- drivers/media/v4l2-core/v4l2-ioctl.c | 23 ++++++++++++++++++- include/uapi/linux/videodev2.h | 2 +- 7 files changed, 48 insertions(+), 46 deletions(-) diff --git a/drivers/media/common/saa7146/saa7146_video.c b/drivers/media/common/saa7146/saa7146_video.c index ccd15b4d4920..7b8795eca589 100644 --- a/drivers/media/common/saa7146/saa7146_video.c +++ b/drivers/media/common/saa7146/saa7146_video.c @@ -771,10 +771,8 @@ static int vidioc_s_fmt_vid_overlay(struct file *file, void *__fh, struct v4l2_f vv->ov.nclips = f->fmt.win.clipcount; if (vv->ov.nclips > 16) vv->ov.nclips = 16; - if (copy_from_user(vv->ov.clips, f->fmt.win.clips, - sizeof(struct v4l2_clip) * vv->ov.nclips)) { - return -EFAULT; - } + memcpy(vv->ov.clips, f->fmt.win.clips, + sizeof(struct v4l2_clip) * vv->ov.nclips); /* vv->ov.fh is used to indicate that we have valid overlay information, too */ vv->ov.fh = fh; diff --git a/drivers/media/pci/bt8xx/bttv-driver.c b/drivers/media/pci/bt8xx/bttv-driver.c index 8824dd0fb331..b2fab7d96207 100644 --- a/drivers/media/pci/bt8xx/bttv-driver.c +++ b/drivers/media/pci/bt8xx/bttv-driver.c @@ -2143,12 +2143,8 @@ static int setup_window_lock(struct bttv_fh *fh, struct bttv *btv, clips = kmalloc(size,GFP_KERNEL); if (NULL == clips) return -ENOMEM; - if (n > 0) { - if (copy_from_user(clips,win->clips,sizeof(struct v4l2_clip)*n)) { - kfree(clips); - return -EFAULT; - } - } + if (n > 0) + memcpy(clips, win->clips, sizeof(struct v4l2_clip)*n); /* clip against screen */ if (NULL != btv->fbuf.base) diff --git a/drivers/media/pci/saa7134/saa7134-video.c b/drivers/media/pci/saa7134/saa7134-video.c index 9a6a6b68f8e3..7f35f8672f7c 100644 --- a/drivers/media/pci/saa7134/saa7134-video.c +++ b/drivers/media/pci/saa7134/saa7134-video.c @@ -1265,9 +1265,7 @@ static int saa7134_g_fmt_vid_overlay(struct file *file, void *priv, struct v4l2_format *f) { struct saa7134_dev *dev = video_drvdata(file); - struct v4l2_clip __user *clips = f->fmt.win.clips; u32 clipcount = f->fmt.win.clipcount; - int err = 0; int i; if (saa7134_no_overlay > 0) { @@ -1275,20 +1273,18 @@ static int saa7134_g_fmt_vid_overlay(struct file *file, void *priv, return -EINVAL; } f->fmt.win = dev->win; - f->fmt.win.clips = clips; - if (clips == NULL) + if (!f->fmt.win.clips) clipcount = 0; if (dev->nclips < clipcount) clipcount = dev->nclips; f->fmt.win.clipcount = clipcount; - for (i = 0; !err && i < clipcount; i++) { - if (copy_to_user(&f->fmt.win.clips[i].c, &dev->clips[i].c, - sizeof(struct v4l2_rect))) - err = -EFAULT; + for (i = 0; i < clipcount; i++) { + memcpy(&f->fmt.win.clips[i].c, &dev->clips[i].c, + sizeof(struct v4l2_rect)); } - return err; + return 0; } static int saa7134_try_fmt_vid_cap(struct file *file, void *priv, @@ -1396,9 +1392,8 @@ static int saa7134_s_fmt_vid_overlay(struct file *file, void *priv, dev->win = f->fmt.win; dev->nclips = f->fmt.win.clipcount; - if (copy_from_user(dev->clips, f->fmt.win.clips, - sizeof(struct v4l2_clip) * dev->nclips)) - return -EFAULT; + memcpy(dev->clips, f->fmt.win.clips, + sizeof(struct v4l2_clip) * dev->nclips); if (priv == dev->overlay_owner) { spin_lock_irqsave(&dev->slock, flags); diff --git a/drivers/media/test-drivers/vivid/vivid-vid-cap.c b/drivers/media/test-drivers/vivid/vivid-vid-cap.c index eadf28ab1e39..b9caa4b26209 100644 --- a/drivers/media/test-drivers/vivid/vivid-vid-cap.c +++ b/drivers/media/test-drivers/vivid/vivid-vid-cap.c @@ -1107,11 +1107,9 @@ int vidioc_g_fmt_vid_overlay(struct file *file, void *priv, ((compose->width + 7) / 8) * compose->height)) return -EFAULT; } - if (clipcount && win->clips) { - if (copy_to_user(win->clips, dev->clips_cap, - clipcount * sizeof(dev->clips_cap[0]))) - return -EFAULT; - } + if (clipcount && win->clips) + memcpy(win->clips, dev->clips_cap, + clipcount * sizeof(dev->clips_cap[0])); return 0; } @@ -1141,9 +1139,8 @@ int vidioc_try_fmt_vid_overlay(struct file *file, void *priv, if (win->clipcount > MAX_CLIPS) win->clipcount = MAX_CLIPS; if (win->clipcount) { - if (copy_from_user(dev->try_clips_cap, win->clips, - win->clipcount * sizeof(dev->clips_cap[0]))) - return -EFAULT; + memcpy(dev->try_clips_cap, win->clips, + win->clipcount * sizeof(dev->clips_cap[0])); for (i = 0; i < win->clipcount; i++) { struct v4l2_rect *r = &dev->try_clips_cap[i].c; @@ -1166,9 +1163,8 @@ int vidioc_try_fmt_vid_overlay(struct file *file, void *priv, return -EINVAL; } } - if (copy_to_user(win->clips, dev->try_clips_cap, - win->clipcount * sizeof(dev->clips_cap[0]))) - return -EFAULT; + memcpy(win->clips, dev->try_clips_cap, + win->clipcount * sizeof(dev->clips_cap[0])); } return 0; } diff --git a/drivers/media/test-drivers/vivid/vivid-vid-out.c b/drivers/media/test-drivers/vivid/vivid-vid-out.c index ee3446e3217c..ac1e981e8342 100644 --- a/drivers/media/test-drivers/vivid/vivid-vid-out.c +++ b/drivers/media/test-drivers/vivid/vivid-vid-out.c @@ -857,11 +857,9 @@ int vidioc_g_fmt_vid_out_overlay(struct file *file, void *priv, ((dev->compose_out.width + 7) / 8) * dev->compose_out.height)) return -EFAULT; } - if (clipcount && win->clips) { - if (copy_to_user(win->clips, dev->clips_out, - clipcount * sizeof(dev->clips_out[0]))) - return -EFAULT; - } + if (clipcount && win->clips) + memcpy(win->clips, dev->clips_out, + clipcount * sizeof(dev->clips_out[0])); return 0; } @@ -891,9 +889,8 @@ int vidioc_try_fmt_vid_out_overlay(struct file *file, void *priv, if (win->clipcount > MAX_CLIPS) win->clipcount = MAX_CLIPS; if (win->clipcount) { - if (copy_from_user(dev->try_clips_out, win->clips, - win->clipcount * sizeof(dev->clips_out[0]))) - return -EFAULT; + memcpy(dev->try_clips_out, win->clips, + win->clipcount * sizeof(dev->clips_out[0])); for (i = 0; i < win->clipcount; i++) { struct v4l2_rect *r = &dev->try_clips_out[i].c; @@ -916,9 +913,8 @@ int vidioc_try_fmt_vid_out_overlay(struct file *file, void *priv, return -EINVAL; } } - if (copy_to_user(win->clips, dev->try_clips_out, - win->clipcount * sizeof(dev->clips_out[0]))) - return -EFAULT; + memcpy(win->clips, dev->try_clips_out, + win->clipcount * sizeof(dev->clips_out[0])); } return 0; } diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c index b8be61a09776..f0f6906a879d 100644 --- a/drivers/media/v4l2-core/v4l2-ioctl.c +++ b/drivers/media/v4l2-core/v4l2-ioctl.c @@ -1582,7 +1582,7 @@ static int v4l_g_fmt(const struct v4l2_ioctl_ops *ops, switch (p->type) { case V4L2_BUF_TYPE_VIDEO_OVERLAY: case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY: { - struct v4l2_clip __user *clips = p->fmt.win.clips; + struct v4l2_clip *clips = p->fmt.win.clips; u32 clipcount = p->fmt.win.clipcount; void __user *bitmap = p->fmt.win.bitmap; @@ -3084,6 +3084,27 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size, } break; } + case VIDIOC_G_FMT: + case VIDIOC_S_FMT: + case VIDIOC_TRY_FMT: { + struct v4l2_format *fmt = parg; + + if (fmt->type != V4L2_BUF_TYPE_VIDEO_OVERLAY && + fmt->type != V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY) + break; + if (fmt->fmt.win.clipcount > 2048) + return -EINVAL; + if (!fmt->fmt.win.clipcount) + break; + + *user_ptr = (void __user *)fmt->fmt.win.clips; + *kernel_ptr = (void **)&fmt->fmt.win.clips; + *array_size = sizeof(struct v4l2_clip) + * fmt->fmt.win.clipcount; + + ret = 1; + break; + } } return ret; diff --git a/include/uapi/linux/videodev2.h b/include/uapi/linux/videodev2.h index 534eaa4d39bc..b10f102bbf6f 100644 --- a/include/uapi/linux/videodev2.h +++ b/include/uapi/linux/videodev2.h @@ -1185,7 +1185,7 @@ struct v4l2_window { struct v4l2_rect w; __u32 field; /* enum v4l2_field */ __u32 chromakey; - struct v4l2_clip __user *clips; + struct v4l2_clip *clips; __u32 clipcount; void __user *bitmap; __u8 global_alpha; From patchwork Fri Oct 30 16:55:27 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 11870323 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B107314B4 for ; Fri, 30 Oct 2020 16:56:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 841F920797 for ; Fri, 30 Oct 2020 16:56:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604076970; bh=w4QL4bPf0IUyVYDArqRzdv2EC7S85jL+ke0Ksuo7b74=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=tPO9wY9bVr8C4wILMTlEeSlFWV4KYdT5mQD+3KoEYhPOLEgORcfkLiLUPXjP5muYI 7gfkGuywcyopo2cQNQX70PIYgwZaUYbFLyIoW0yJJjDkuTLCdH6rwWB9gfoxceQyzj N/UGEtFlKhVRF4kH95B5B7Px70UZ493RgBv6d9wM= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727303AbgJ3Qzx (ORCPT ); Fri, 30 Oct 2020 12:55:53 -0400 Received: from mail.kernel.org ([198.145.29.99]:60912 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727279AbgJ3Qzx (ORCPT ); Fri, 30 Oct 2020 12:55:53 -0400 Received: from localhost.localdomain (HSI-KBW-46-223-126-90.hsi.kabel-badenwuerttemberg.de [46.223.126.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 86CF02151B; Fri, 30 Oct 2020 16:55:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604076950; bh=w4QL4bPf0IUyVYDArqRzdv2EC7S85jL+ke0Ksuo7b74=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mxehbCR4Z+ZMwJ4+TqBxZztJUspWVDGMi9NwKMIiNOg3oxzp47n3FAgXTMrTIs7zI EN1HmS6DXZKBo7wiqHen5zGplrERac5zAZoUUDO3/xpwefAiGHPjzK0rOZWkjie+0q CbS0JH/NKo3NosbX4z1x59kWeer4kbw0k6CMttgE= From: Arnd Bergmann To: Hans Verkuil Cc: Arnd Bergmann , linux-media@vger.kernel.org, mchehab@kernel.org, hch@lst.de, linux-kernel@vger.kernel.org Subject: [PATCH v2 6/8] media: v4l2: convert v4l2_format compat ioctls Date: Fri, 30 Oct 2020 17:55:27 +0100 Message-Id: <20201030165529.1255175-7-arnd@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20201030165529.1255175-1-arnd@kernel.org> References: <20201030165529.1255175-1-arnd@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org From: Arnd Bergmann Now that the 'clips' array is accessed by common code in the native ioctl handler, the same can be done for the compat version, greatly simplifying the compat code for these four ioctl commands. Signed-off-by: Arnd Bergmann --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 346 +++++++----------- 1 file changed, 139 insertions(+), 207 deletions(-) diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index dfc4632b7ba2..f774a17c9271 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -150,77 +150,54 @@ struct v4l2_window32 { __u8 global_alpha; }; -static int get_v4l2_window32(struct v4l2_window __user *p64, - struct v4l2_window32 __user *p32, - void __user *aux_buf, u32 aux_space) +static int get_v4l2_window32(struct v4l2_window *p64, + struct v4l2_window32 __user *p32) { - struct v4l2_clip32 __user *uclips; - struct v4l2_clip __user *kclips; - compat_caddr_t p; - u32 clipcount; + struct v4l2_window32 w32; - if (!access_ok(p32, sizeof(*p32)) || - copy_in_user(&p64->w, &p32->w, sizeof(p32->w)) || - assign_in_user(&p64->field, &p32->field) || - assign_in_user(&p64->chromakey, &p32->chromakey) || - assign_in_user(&p64->global_alpha, &p32->global_alpha) || - get_user(clipcount, &p32->clipcount) || - put_user(clipcount, &p64->clipcount)) + if (copy_from_user(&w32, p32, sizeof(w32))) return -EFAULT; - if (clipcount > 2048) - return -EINVAL; - if (!clipcount) - return put_user(NULL, &p64->clips); - if (get_user(p, &p32->clips)) - return -EFAULT; - uclips = compat_ptr(p); - if (aux_space < clipcount * sizeof(*kclips)) - return -EFAULT; - kclips = aux_buf; - if (put_user(kclips, &p64->clips)) - return -EFAULT; + *p64 = (struct v4l2_window) { + .w = w32.w, + .field = w32.field, + .chromakey = w32.chromakey, + .clips = (void __force *)compat_ptr(w32.clips), + .clipcount = w32.clipcount, + .bitmap = compat_ptr(w32.bitmap), + .global_alpha = w32.global_alpha, + }; + + if (p64->clipcount > 2048) + return -EINVAL; + if (!p64->clipcount) + p64->clips = NULL; - while (clipcount--) { - if (copy_in_user(&kclips->c, &uclips->c, sizeof(uclips->c))) - return -EFAULT; - if (put_user(clipcount ? kclips + 1 : NULL, &kclips->next)) - return -EFAULT; - uclips++; - kclips++; - } return 0; } -static int put_v4l2_window32(struct v4l2_window __user *p64, +static int put_v4l2_window32(struct v4l2_window *p64, struct v4l2_window32 __user *p32) { - struct v4l2_clip __user *kclips; - struct v4l2_clip32 __user *uclips; - compat_caddr_t p; - u32 clipcount; - - if (copy_in_user(&p32->w, &p64->w, sizeof(p64->w)) || - assign_in_user(&p32->field, &p64->field) || - assign_in_user(&p32->chromakey, &p64->chromakey) || - assign_in_user(&p32->global_alpha, &p64->global_alpha) || - get_user(clipcount, &p64->clipcount) || - put_user(clipcount, &p32->clipcount)) - return -EFAULT; - if (!clipcount) - return 0; + struct v4l2_window32 w32; + + memset(&w32, 0, sizeof(w32)); + w32 = (struct v4l2_window32) { + .w = p64->w, + .field = p64->field, + .chromakey = p64->chromakey, + .clips = (uintptr_t)p64->clips, + .clipcount = p64->clipcount, + .bitmap = ptr_to_compat(p64->bitmap), + .global_alpha = p64->global_alpha, + }; - if (get_user(kclips, &p64->clips)) - return -EFAULT; - if (get_user(p, &p32->clips)) + /* copy everything except the clips pointer */ + if (copy_to_user(p32, &w32, offsetof(struct v4l2_window32, clips)) || + copy_to_user(&p32->clipcount, &w32.clipcount, + sizeof(w32) - offsetof(struct v4l2_window32, clipcount))) return -EFAULT; - uclips = compat_ptr(p); - while (clipcount--) { - if (copy_in_user(&uclips->c, &kclips->c, sizeof(uclips->c))) - return -EFAULT; - uclips++; - kclips++; - } + return 0; } @@ -257,169 +234,99 @@ struct v4l2_create_buffers32 { __u32 reserved[7]; }; -static int __bufsize_v4l2_format(struct v4l2_format32 __user *p32, u32 *size) -{ - u32 type; - - if (get_user(type, &p32->type)) - return -EFAULT; - - switch (type) { - case V4L2_BUF_TYPE_VIDEO_OVERLAY: - case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY: { - u32 clipcount; - - if (get_user(clipcount, &p32->fmt.win.clipcount)) - return -EFAULT; - if (clipcount > 2048) - return -EINVAL; - *size = clipcount * sizeof(struct v4l2_clip); - return 0; - } - default: - *size = 0; - return 0; - } -} - -static int bufsize_v4l2_format(struct v4l2_format32 __user *p32, u32 *size) -{ - if (!access_ok(p32, sizeof(*p32))) - return -EFAULT; - return __bufsize_v4l2_format(p32, size); -} - -static int __get_v4l2_format32(struct v4l2_format __user *p64, - struct v4l2_format32 __user *p32, - void __user *aux_buf, u32 aux_space) +static int get_v4l2_format32(struct v4l2_format *p64, + struct v4l2_format32 __user *p32) { - u32 type; - - if (get_user(type, &p32->type) || put_user(type, &p64->type)) + if (get_user(p64->type, &p32->type)) return -EFAULT; - switch (type) { + switch (p64->type) { case V4L2_BUF_TYPE_VIDEO_CAPTURE: case V4L2_BUF_TYPE_VIDEO_OUTPUT: - return copy_in_user(&p64->fmt.pix, &p32->fmt.pix, - sizeof(p64->fmt.pix)) ? -EFAULT : 0; + return copy_from_user(&p64->fmt.pix, &p32->fmt.pix, + sizeof(p64->fmt.pix)) ? -EFAULT : 0; case V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE: case V4L2_BUF_TYPE_VIDEO_OUTPUT_MPLANE: - return copy_in_user(&p64->fmt.pix_mp, &p32->fmt.pix_mp, - sizeof(p64->fmt.pix_mp)) ? -EFAULT : 0; + return copy_from_user(&p64->fmt.pix_mp, &p32->fmt.pix_mp, + sizeof(p64->fmt.pix_mp)) ? -EFAULT : 0; case V4L2_BUF_TYPE_VIDEO_OVERLAY: case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY: - return get_v4l2_window32(&p64->fmt.win, &p32->fmt.win, - aux_buf, aux_space); + return get_v4l2_window32(&p64->fmt.win, &p32->fmt.win); case V4L2_BUF_TYPE_VBI_CAPTURE: case V4L2_BUF_TYPE_VBI_OUTPUT: - return copy_in_user(&p64->fmt.vbi, &p32->fmt.vbi, - sizeof(p64->fmt.vbi)) ? -EFAULT : 0; + return copy_from_user(&p64->fmt.vbi, &p32->fmt.vbi, + sizeof(p64->fmt.vbi)) ? -EFAULT : 0; case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE: case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT: - return copy_in_user(&p64->fmt.sliced, &p32->fmt.sliced, - sizeof(p64->fmt.sliced)) ? -EFAULT : 0; + return copy_from_user(&p64->fmt.sliced, &p32->fmt.sliced, + sizeof(p64->fmt.sliced)) ? -EFAULT : 0; case V4L2_BUF_TYPE_SDR_CAPTURE: case V4L2_BUF_TYPE_SDR_OUTPUT: - return copy_in_user(&p64->fmt.sdr, &p32->fmt.sdr, - sizeof(p64->fmt.sdr)) ? -EFAULT : 0; + return copy_from_user(&p64->fmt.sdr, &p32->fmt.sdr, + sizeof(p64->fmt.sdr)) ? -EFAULT : 0; case V4L2_BUF_TYPE_META_CAPTURE: case V4L2_BUF_TYPE_META_OUTPUT: - return copy_in_user(&p64->fmt.meta, &p32->fmt.meta, - sizeof(p64->fmt.meta)) ? -EFAULT : 0; + return copy_from_user(&p64->fmt.meta, &p32->fmt.meta, + sizeof(p64->fmt.meta)) ? -EFAULT : 0; default: return -EINVAL; } } -static int get_v4l2_format32(struct v4l2_format __user *p64, - struct v4l2_format32 __user *p32, - void __user *aux_buf, u32 aux_space) -{ - if (!access_ok(p32, sizeof(*p32))) - return -EFAULT; - return __get_v4l2_format32(p64, p32, aux_buf, aux_space); -} - -static int bufsize_v4l2_create(struct v4l2_create_buffers32 __user *p32, - u32 *size) -{ - if (!access_ok(p32, sizeof(*p32))) - return -EFAULT; - return __bufsize_v4l2_format(&p32->format, size); -} - -static int get_v4l2_create32(struct v4l2_create_buffers __user *p64, - struct v4l2_create_buffers32 __user *p32, - void __user *aux_buf, u32 aux_space) +static int get_v4l2_create32(struct v4l2_create_buffers *p64, + struct v4l2_create_buffers32 __user *p32) { - if (!access_ok(p32, sizeof(*p32)) || - copy_in_user(p64, p32, - offsetof(struct v4l2_create_buffers32, format))) + if (copy_from_user(p64, p32, + offsetof(struct v4l2_create_buffers32, format))) return -EFAULT; - return __get_v4l2_format32(&p64->format, &p32->format, - aux_buf, aux_space); + return get_v4l2_format32(&p64->format, &p32->format); } -static int __put_v4l2_format32(struct v4l2_format __user *p64, - struct v4l2_format32 __user *p32) +static int put_v4l2_format32(struct v4l2_format *p64, + struct v4l2_format32 __user *p32) { - u32 type; - - if (get_user(type, &p64->type)) - return -EFAULT; - - switch (type) { + switch (p64->type) { case V4L2_BUF_TYPE_VIDEO_CAPTURE: case V4L2_BUF_TYPE_VIDEO_OUTPUT: - return copy_in_user(&p32->fmt.pix, &p64->fmt.pix, + return copy_to_user(&p32->fmt.pix, &p64->fmt.pix, sizeof(p64->fmt.pix)) ? -EFAULT : 0; case V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE: case V4L2_BUF_TYPE_VIDEO_OUTPUT_MPLANE: - return copy_in_user(&p32->fmt.pix_mp, &p64->fmt.pix_mp, + return copy_to_user(&p32->fmt.pix_mp, &p64->fmt.pix_mp, sizeof(p64->fmt.pix_mp)) ? -EFAULT : 0; case V4L2_BUF_TYPE_VIDEO_OVERLAY: case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY: return put_v4l2_window32(&p64->fmt.win, &p32->fmt.win); case V4L2_BUF_TYPE_VBI_CAPTURE: case V4L2_BUF_TYPE_VBI_OUTPUT: - return copy_in_user(&p32->fmt.vbi, &p64->fmt.vbi, + return copy_to_user(&p32->fmt.vbi, &p64->fmt.vbi, sizeof(p64->fmt.vbi)) ? -EFAULT : 0; case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE: case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT: - return copy_in_user(&p32->fmt.sliced, &p64->fmt.sliced, + return copy_to_user(&p32->fmt.sliced, &p64->fmt.sliced, sizeof(p64->fmt.sliced)) ? -EFAULT : 0; case V4L2_BUF_TYPE_SDR_CAPTURE: case V4L2_BUF_TYPE_SDR_OUTPUT: - return copy_in_user(&p32->fmt.sdr, &p64->fmt.sdr, + return copy_to_user(&p32->fmt.sdr, &p64->fmt.sdr, sizeof(p64->fmt.sdr)) ? -EFAULT : 0; case V4L2_BUF_TYPE_META_CAPTURE: case V4L2_BUF_TYPE_META_OUTPUT: - return copy_in_user(&p32->fmt.meta, &p64->fmt.meta, + return copy_to_user(&p32->fmt.meta, &p64->fmt.meta, sizeof(p64->fmt.meta)) ? -EFAULT : 0; default: return -EINVAL; } } -static int put_v4l2_format32(struct v4l2_format __user *p64, - struct v4l2_format32 __user *p32) -{ - if (!access_ok(p32, sizeof(*p32))) - return -EFAULT; - return __put_v4l2_format32(p64, p32); -} - -static int put_v4l2_create32(struct v4l2_create_buffers __user *p64, +static int put_v4l2_create32(struct v4l2_create_buffers *p64, struct v4l2_create_buffers32 __user *p32) { - if (!access_ok(p32, sizeof(*p32)) || - copy_in_user(p32, p64, + if (copy_to_user(p32, p64, offsetof(struct v4l2_create_buffers32, format)) || - assign_in_user(&p32->capabilities, &p64->capabilities) || - copy_in_user(p32->reserved, p64->reserved, sizeof(p64->reserved))) + put_user(p64->capabilities, &p32->capabilities) || + copy_to_user(p32->reserved, p64->reserved, sizeof(p64->reserved))) return -EFAULT; - return __put_v4l2_format32(&p64->format, &p32->format); + return put_v4l2_format32(&p64->format, &p32->format); } struct v4l2_standard32 { @@ -1081,6 +988,12 @@ static int put_v4l2_edid32(struct v4l2_edid __user *p64, unsigned int v4l2_compat_translate_cmd(unsigned int cmd) { switch (cmd) { + case VIDIOC_G_FMT32: + return VIDIOC_G_FMT; + case VIDIOC_S_FMT32: + return VIDIOC_S_FMT; + case VIDIOC_TRY_FMT32: + return VIDIOC_TRY_FMT; #ifdef CONFIG_COMPAT_32BIT_TIME case VIDIOC_QUERYBUF32_TIME32: return VIDIOC_QUERYBUF; @@ -1097,6 +1010,8 @@ unsigned int v4l2_compat_translate_cmd(unsigned int cmd) return VIDIOC_QBUF; case VIDIOC_DQBUF32: return VIDIOC_DQBUF; + case VIDIOC_CREATE_BUFS32: + return VIDIOC_CREATE_BUFS; case VIDIOC_G_EXT_CTRLS32: return VIDIOC_G_EXT_CTRLS; case VIDIOC_S_EXT_CTRLS32: @@ -1112,6 +1027,10 @@ unsigned int v4l2_compat_translate_cmd(unsigned int cmd) int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) { switch (cmd) { + case VIDIOC_G_FMT32: + case VIDIOC_S_FMT32: + case VIDIOC_TRY_FMT32: + return get_v4l2_format32(parg, arg); #ifdef CONFIG_COMPAT_32BIT_TIME case VIDIOC_QUERYBUF32_TIME32: case VIDIOC_QBUF32_TIME32: @@ -1129,6 +1048,9 @@ int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) case VIDIOC_S_EXT_CTRLS32: case VIDIOC_TRY_EXT_CTRLS32: return get_v4l2_ext_controls32(parg, arg); + + case VIDIOC_CREATE_BUFS32: + return get_v4l2_create32(parg, arg); } return 0; } @@ -1136,6 +1058,10 @@ int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) int v4l2_compat_put_user(void __user *arg, void *parg, unsigned int cmd) { switch (cmd) { + case VIDIOC_G_FMT32: + case VIDIOC_S_FMT32: + case VIDIOC_TRY_FMT32: + return put_v4l2_format32(parg, arg); #ifdef CONFIG_COMPAT_32BIT_TIME case VIDIOC_QUERYBUF32_TIME32: case VIDIOC_QBUF32_TIME32: @@ -1153,6 +1079,9 @@ int v4l2_compat_put_user(void __user *arg, void *parg, unsigned int cmd) case VIDIOC_S_EXT_CTRLS32: case VIDIOC_TRY_EXT_CTRLS32: return put_v4l2_ext_controls32(parg, arg); + + case VIDIOC_CREATE_BUFS32: + return put_v4l2_create32(parg, arg); } return 0; } @@ -1164,6 +1093,29 @@ int v4l2_compat_get_array_args(struct file *file, void *mbuf, int err = 0; switch (cmd) { + case VIDIOC_G_FMT32: + case VIDIOC_S_FMT32: + case VIDIOC_TRY_FMT32: { + struct v4l2_format *f64 = arg; + struct v4l2_clip *c64 = mbuf; + struct v4l2_clip32 __user *c32 = user_ptr; + u32 clipcount = f64->fmt.win.clipcount; + + if ((f64->type != V4L2_BUF_TYPE_VIDEO_OVERLAY && + f64->type != V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY) || + clipcount == 0) + return 0; + if (clipcount > 2048) + return -EINVAL; + while (clipcount--) { + if (copy_from_user(c64, c32, sizeof(c64->c))) + return -EFAULT; + c64->next = NULL; + c64++; + c32++; + } + break; + } case VIDIOC_QUERYBUF32_TIME32: case VIDIOC_QBUF32_TIME32: case VIDIOC_DQBUF32_TIME32: @@ -1231,6 +1183,28 @@ int v4l2_compat_put_array_args(struct file *file, void __user *user_ptr, int err = 0; switch (cmd) { + case VIDIOC_G_FMT32: + case VIDIOC_S_FMT32: + case VIDIOC_TRY_FMT32: { + struct v4l2_format *f64 = arg; + struct v4l2_clip *c64 = mbuf; + struct v4l2_clip32 __user *c32 = user_ptr; + u32 clipcount = f64->fmt.win.clipcount; + + if ((f64->type != V4L2_BUF_TYPE_VIDEO_OVERLAY && + f64->type != V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY) || + clipcount == 0) + return 0; + if (clipcount > 2048) + return -EINVAL; + while (clipcount--) { + if (copy_to_user(c32, c64, sizeof(c64->c))) + return -EFAULT; + c64++; + c32++; + } + break; + } case VIDIOC_QUERYBUF32_TIME32: case VIDIOC_QBUF32_TIME32: case VIDIOC_DQBUF32_TIME32: @@ -1353,18 +1327,14 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar * 1. When struct size is different, converts the command. */ switch (cmd) { - case VIDIOC_G_FMT32: ncmd = VIDIOC_G_FMT; break; - case VIDIOC_S_FMT32: ncmd = VIDIOC_S_FMT; break; case VIDIOC_G_FBUF32: ncmd = VIDIOC_G_FBUF; break; case VIDIOC_S_FBUF32: ncmd = VIDIOC_S_FBUF; break; case VIDIOC_ENUMSTD32: ncmd = VIDIOC_ENUMSTD; break; case VIDIOC_ENUMINPUT32: ncmd = VIDIOC_ENUMINPUT; break; - case VIDIOC_TRY_FMT32: ncmd = VIDIOC_TRY_FMT; break; #ifdef CONFIG_X86_64 case VIDIOC_DQEVENT32: ncmd = VIDIOC_DQEVENT; break; case VIDIOC_DQEVENT32_TIME32: ncmd = VIDIOC_DQEVENT_TIME32; break; #endif - case VIDIOC_CREATE_BUFS32: ncmd = VIDIOC_CREATE_BUFS; break; case VIDIOC_G_EDID32: ncmd = VIDIOC_G_EDID; break; case VIDIOC_S_EDID32: ncmd = VIDIOC_S_EDID; break; default: ncmd = cmd; break; @@ -1384,34 +1354,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar compatible_arg = 0; break; - case VIDIOC_G_FMT32: - case VIDIOC_S_FMT32: - case VIDIOC_TRY_FMT32: - err = bufsize_v4l2_format(p32, &aux_space); - if (!err) - err = alloc_userspace(sizeof(struct v4l2_format), - aux_space, &new_p64); - if (!err) { - aux_buf = new_p64 + sizeof(struct v4l2_format); - err = get_v4l2_format32(new_p64, p32, - aux_buf, aux_space); - } - compatible_arg = 0; - break; - - case VIDIOC_CREATE_BUFS32: - err = bufsize_v4l2_create(p32, &aux_space); - if (!err) - err = alloc_userspace(sizeof(struct v4l2_create_buffers), - aux_space, &new_p64); - if (!err) { - aux_buf = new_p64 + sizeof(struct v4l2_create_buffers); - err = get_v4l2_create32(new_p64, p32, - aux_buf, aux_space); - } - compatible_arg = 0; - break; - case VIDIOC_S_FBUF32: err = alloc_userspace(sizeof(struct v4l2_framebuffer), 0, &new_p64); @@ -1514,16 +1456,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar err = put_v4l2_edid32(new_p64, p32); break; - case VIDIOC_G_FMT32: - case VIDIOC_S_FMT32: - case VIDIOC_TRY_FMT32: - err = put_v4l2_format32(new_p64, p32); - break; - - case VIDIOC_CREATE_BUFS32: - err = put_v4l2_create32(new_p64, p32); - break; - case VIDIOC_ENUMSTD32: err = put_v4l2_standard32(new_p64, p32); break; From patchwork Fri Oct 30 16:55:28 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 11870321 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EF58514B4 for ; Fri, 30 Oct 2020 16:56:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C5F8D221FA for ; Fri, 30 Oct 2020 16:56:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604076968; bh=sGX/DvWU03vrodksdVt7VFXxoDe64Y56fpUDhUbUnOA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=OuXYUs4kPDtTbqY2ThGFI73QBqgIllqsGAYTODDX5o+6yX9tF8LhEQe0dJwo70iQs ydPLdsfZxU8lU26FY/my4scxXUfQwEaRfnC1P0jLGDFE0g7yuV7n8tK53W/1c5C2EK MsC34fsWjjenLccjtOFn8FVyZGM3m8FBbMpvxgyA= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727318AbgJ3Qz4 (ORCPT ); Fri, 30 Oct 2020 12:55:56 -0400 Received: from mail.kernel.org ([198.145.29.99]:60944 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727298AbgJ3Qzy (ORCPT ); Fri, 30 Oct 2020 12:55:54 -0400 Received: from localhost.localdomain (HSI-KBW-46-223-126-90.hsi.kabel-badenwuerttemberg.de [46.223.126.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 59E2A20A8B; Fri, 30 Oct 2020 16:55:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604076952; bh=sGX/DvWU03vrodksdVt7VFXxoDe64Y56fpUDhUbUnOA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OJJhKm3uAuum+L6I1VW6ro+8m/2lpMALqm7z23o1t5Q14lnaouyLd/m68ZFBxmzKR p7xEoE+GOTEkvAxB2VZxeE6RlLyzFVhiaovl1gT3GXOd3HUUbqGxDJqBoxvLGMyjch zURy6Xo9vMQBV3VmprikviqE2S7HCSr77LXYBXAI= From: Arnd Bergmann To: Hans Verkuil Cc: Arnd Bergmann , linux-media@vger.kernel.org, mchehab@kernel.org, hch@lst.de, linux-kernel@vger.kernel.org Subject: [PATCH v2 7/8] media: v4l2: remaining compat handlers Date: Fri, 30 Oct 2020 17:55:28 +0100 Message-Id: <20201030165529.1255175-8-arnd@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20201030165529.1255175-1-arnd@kernel.org> References: <20201030165529.1255175-1-arnd@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org From: Arnd Bergmann There are eight remaining ioctl commands handled by copying incompatible data structures in v4l2_compat_ioctl32(), all of them fairly simple. Change them to instead go through the native ioctl infrastructure and only special-case the data copy. Signed-off-by: Arnd Bergmann --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 283 +++++++----------- 1 file changed, 109 insertions(+), 174 deletions(-) diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index f774a17c9271..f54f49bebea7 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -338,27 +338,23 @@ struct v4l2_standard32 { __u32 reserved[4]; }; -static int get_v4l2_standard32(struct v4l2_standard __user *p64, +static int get_v4l2_standard32(struct v4l2_standard *p64, struct v4l2_standard32 __user *p32) { /* other fields are not set by the user, nor used by the driver */ - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p64->index, &p32->index)) - return -EFAULT; - return 0; + return get_user(p64->index, &p32->index); } -static int put_v4l2_standard32(struct v4l2_standard __user *p64, +static int put_v4l2_standard32(struct v4l2_standard *p64, struct v4l2_standard32 __user *p32) { - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->index, &p64->index) || - assign_in_user(&p32->id, &p64->id) || - copy_in_user(p32->name, p64->name, sizeof(p32->name)) || - copy_in_user(&p32->frameperiod, &p64->frameperiod, + if (put_user(p64->index, &p32->index) || + put_user(p64->id, &p32->id) || + copy_to_user(p32->name, p64->name, sizeof(p32->name)) || + copy_to_user(&p32->frameperiod, &p64->frameperiod, sizeof(p32->frameperiod)) || - assign_in_user(&p32->framelines, &p64->framelines) || - copy_in_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) + put_user(p64->framelines, &p32->framelines) || + copy_to_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) return -EFAULT; return 0; } @@ -689,33 +685,30 @@ struct v4l2_framebuffer32 { } fmt; }; -static int get_v4l2_framebuffer32(struct v4l2_framebuffer __user *p64, +static int get_v4l2_framebuffer32(struct v4l2_framebuffer *p64, struct v4l2_framebuffer32 __user *p32) { compat_caddr_t tmp; - if (!access_ok(p32, sizeof(*p32)) || - get_user(tmp, &p32->base) || - put_user_force(compat_ptr(tmp), &p64->base) || - assign_in_user(&p64->capability, &p32->capability) || - assign_in_user(&p64->flags, &p32->flags) || - copy_in_user(&p64->fmt, &p32->fmt, sizeof(p64->fmt))) + if (get_user(tmp, &p32->base) || + get_user(p64->capability, &p32->capability) || + get_user(p64->flags, &p32->flags) || + copy_from_user(&p64->fmt, &p32->fmt, sizeof(p64->fmt))) return -EFAULT; + p64->base = (void __force *)compat_ptr(tmp); + return 0; } -static int put_v4l2_framebuffer32(struct v4l2_framebuffer __user *p64, +static int put_v4l2_framebuffer32(struct v4l2_framebuffer *p64, struct v4l2_framebuffer32 __user *p32) { - void *base; - - if (!access_ok(p32, sizeof(*p32)) || - get_user(base, &p64->base) || - put_user(ptr_to_compat((void __user *)base), &p32->base) || - assign_in_user(&p32->capability, &p64->capability) || - assign_in_user(&p32->flags, &p64->flags) || - copy_in_user(&p32->fmt, &p64->fmt, sizeof(p64->fmt))) + if (put_user((uintptr_t)p64->base, &p32->base) || + put_user(p64->capability, &p32->capability) || + put_user(p64->flags, &p32->flags) || + copy_to_user(&p32->fmt, &p64->fmt, sizeof(p64->fmt))) return -EFAULT; + return 0; } @@ -735,18 +728,18 @@ struct v4l2_input32 { * The 64-bit v4l2_input struct has extra padding at the end of the struct. * Otherwise it is identical to the 32-bit version. */ -static inline int get_v4l2_input32(struct v4l2_input __user *p64, +static inline int get_v4l2_input32(struct v4l2_input *p64, struct v4l2_input32 __user *p32) { - if (copy_in_user(p64, p32, sizeof(*p32))) + if (copy_from_user(p64, p32, sizeof(*p32))) return -EFAULT; return 0; } -static inline int put_v4l2_input32(struct v4l2_input __user *p64, +static inline int put_v4l2_input32(struct v4l2_input *p64, struct v4l2_input32 __user *p32) { - if (copy_in_user(p32, p64, sizeof(*p32))) + if (copy_to_user(p32, p64, sizeof(*p32))) return -EFAULT; return 0; } @@ -880,38 +873,38 @@ struct v4l2_event32_time32 { __u32 reserved[8]; }; -static int put_v4l2_event32(struct v4l2_event __user *p64, +static int put_v4l2_event32(struct v4l2_event *p64, struct v4l2_event32 __user *p32) { - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->type, &p64->type) || - copy_in_user(&p32->u, &p64->u, sizeof(p64->u)) || - assign_in_user(&p32->pending, &p64->pending) || - assign_in_user(&p32->sequence, &p64->sequence) || - assign_in_user(&p32->timestamp.tv_sec, &p64->timestamp.tv_sec) || - assign_in_user(&p32->timestamp.tv_nsec, &p64->timestamp.tv_nsec) || - assign_in_user(&p32->id, &p64->id) || - copy_in_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) + if (put_user(p64->type, &p32->type) || + copy_to_user(&p32->u, &p64->u, sizeof(p64->u)) || + put_user(p64->pending, &p32->pending) || + put_user(p64->sequence, &p32->sequence) || + put_user(p64->timestamp.tv_sec, &p32->timestamp.tv_sec) || + put_user(p64->timestamp.tv_nsec, &p32->timestamp.tv_nsec) || + put_user(p64->id, &p32->id) || + copy_to_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) return -EFAULT; return 0; } -static int put_v4l2_event32_time32(struct v4l2_event_time32 __user *p64, +#ifdef CONFIG_COMPAT_32BIT_TIME +static int put_v4l2_event32_time32(struct v4l2_event *p64, struct v4l2_event32_time32 __user *p32) { - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->type, &p64->type) || - copy_in_user(&p32->u, &p64->u, sizeof(p64->u)) || - assign_in_user(&p32->pending, &p64->pending) || - assign_in_user(&p32->sequence, &p64->sequence) || - assign_in_user(&p32->timestamp.tv_sec, &p64->timestamp.tv_sec) || - assign_in_user(&p32->timestamp.tv_nsec, &p64->timestamp.tv_nsec) || - assign_in_user(&p32->id, &p64->id) || - copy_in_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) + if (put_user(p64->type, &p32->type) || + copy_to_user(&p32->u, &p64->u, sizeof(p64->u)) || + put_user(p64->pending, &p32->pending) || + put_user(p64->sequence, &p32->sequence) || + put_user(p64->timestamp.tv_sec, &p32->timestamp.tv_sec) || + put_user(p64->timestamp.tv_nsec, &p32->timestamp.tv_nsec) || + put_user(p64->id, &p32->id) || + copy_to_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) return -EFAULT; return 0; } #endif +#endif struct v4l2_edid32 { __u32 pad; @@ -921,34 +914,23 @@ struct v4l2_edid32 { compat_caddr_t edid; }; -static int get_v4l2_edid32(struct v4l2_edid __user *p64, +static int get_v4l2_edid32(struct v4l2_edid *p64, struct v4l2_edid32 __user *p32) { - compat_uptr_t tmp; - - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p64->pad, &p32->pad) || - assign_in_user(&p64->start_block, &p32->start_block) || - assign_in_user_cast(&p64->blocks, &p32->blocks) || - get_user(tmp, &p32->edid) || - put_user_force(compat_ptr(tmp), &p64->edid) || - copy_in_user(p64->reserved, p32->reserved, sizeof(p64->reserved))) + compat_uptr_t edid; + + if (copy_from_user(p64, p32, offsetof(struct v4l2_edid32, edid)) || + get_user(edid, &p32->edid)) return -EFAULT; + + p64->edid = (void __force *)compat_ptr(edid); return 0; } -static int put_v4l2_edid32(struct v4l2_edid __user *p64, +static int put_v4l2_edid32(struct v4l2_edid *p64, struct v4l2_edid32 __user *p32) { - void *edid; - - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->pad, &p64->pad) || - assign_in_user(&p32->start_block, &p64->start_block) || - assign_in_user(&p32->blocks, &p64->blocks) || - get_user(edid, &p64->edid) || - put_user(ptr_to_compat((void __user *)edid), &p32->edid) || - copy_in_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) + if (copy_to_user(p32, p64, offsetof(struct v4l2_edid32, edid))) return -EFAULT; return 0; } @@ -994,6 +976,10 @@ unsigned int v4l2_compat_translate_cmd(unsigned int cmd) return VIDIOC_S_FMT; case VIDIOC_TRY_FMT32: return VIDIOC_TRY_FMT; + case VIDIOC_G_FBUF32: + return VIDIOC_G_FBUF; + case VIDIOC_S_FBUF32: + return VIDIOC_S_FBUF; #ifdef CONFIG_COMPAT_32BIT_TIME case VIDIOC_QUERYBUF32_TIME32: return VIDIOC_QUERYBUF; @@ -1020,6 +1006,22 @@ unsigned int v4l2_compat_translate_cmd(unsigned int cmd) return VIDIOC_TRY_EXT_CTRLS; case VIDIOC_PREPARE_BUF32: return VIDIOC_PREPARE_BUF; + case VIDIOC_ENUMSTD32: + return VIDIOC_ENUMSTD; + case VIDIOC_ENUMINPUT32: + return VIDIOC_ENUMINPUT; + case VIDIOC_G_EDID32: + return VIDIOC_G_EDID; + case VIDIOC_S_EDID32: + return VIDIOC_S_EDID; +#ifdef CONFIG_X86_64 + case VIDIOC_DQEVENT32: + return VIDIOC_DQEVENT; +#ifdef CONFIG_COMPAT_32BIT_TIME + case VIDIOC_DQEVENT32_TIME32: + return VIDIOC_DQEVENT; +#endif +#endif } return cmd; } @@ -1031,6 +1033,9 @@ int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) case VIDIOC_S_FMT32: case VIDIOC_TRY_FMT32: return get_v4l2_format32(parg, arg); + + case VIDIOC_S_FBUF32: + return get_v4l2_framebuffer32(parg, arg); #ifdef CONFIG_COMPAT_32BIT_TIME case VIDIOC_QUERYBUF32_TIME32: case VIDIOC_QBUF32_TIME32: @@ -1051,6 +1056,16 @@ int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) case VIDIOC_CREATE_BUFS32: return get_v4l2_create32(parg, arg); + + case VIDIOC_ENUMSTD32: + return get_v4l2_standard32(parg, arg); + + case VIDIOC_ENUMINPUT32: + return get_v4l2_input32(parg, arg); + + case VIDIOC_G_EDID32: + case VIDIOC_S_EDID32: + return get_v4l2_edid32(parg, arg); } return 0; } @@ -1062,6 +1077,9 @@ int v4l2_compat_put_user(void __user *arg, void *parg, unsigned int cmd) case VIDIOC_S_FMT32: case VIDIOC_TRY_FMT32: return put_v4l2_format32(parg, arg); + + case VIDIOC_G_FBUF32: + return put_v4l2_framebuffer32(parg, arg); #ifdef CONFIG_COMPAT_32BIT_TIME case VIDIOC_QUERYBUF32_TIME32: case VIDIOC_QBUF32_TIME32: @@ -1082,6 +1100,24 @@ int v4l2_compat_put_user(void __user *arg, void *parg, unsigned int cmd) case VIDIOC_CREATE_BUFS32: return put_v4l2_create32(parg, arg); + + case VIDIOC_ENUMSTD32: + return put_v4l2_standard32(parg, arg); + + case VIDIOC_ENUMINPUT32: + return put_v4l2_input32(parg, arg); + + case VIDIOC_G_EDID32: + case VIDIOC_S_EDID32: + return put_v4l2_edid32(parg, arg); +#ifdef CONFIG_X86_64 + case VIDIOC_DQEVENT32: + return put_v4l2_event32(parg, arg); +#ifdef CONFIG_COMPAT_32BIT_TIME + case VIDIOC_DQEVENT32_TIME32: + return put_v4l2_event32_time32(parg, arg); +#endif +#endif } return 0; } @@ -1327,16 +1363,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar * 1. When struct size is different, converts the command. */ switch (cmd) { - case VIDIOC_G_FBUF32: ncmd = VIDIOC_G_FBUF; break; - case VIDIOC_S_FBUF32: ncmd = VIDIOC_S_FBUF; break; - case VIDIOC_ENUMSTD32: ncmd = VIDIOC_ENUMSTD; break; - case VIDIOC_ENUMINPUT32: ncmd = VIDIOC_ENUMINPUT; break; -#ifdef CONFIG_X86_64 - case VIDIOC_DQEVENT32: ncmd = VIDIOC_DQEVENT; break; - case VIDIOC_DQEVENT32_TIME32: ncmd = VIDIOC_DQEVENT_TIME32; break; -#endif - case VIDIOC_G_EDID32: ncmd = VIDIOC_G_EDID; break; - case VIDIOC_S_EDID32: ncmd = VIDIOC_S_EDID; break; default: ncmd = cmd; break; } @@ -1346,53 +1372,6 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar * argument into it. */ switch (cmd) { - case VIDIOC_G_EDID32: - case VIDIOC_S_EDID32: - err = alloc_userspace(sizeof(struct v4l2_edid), 0, &new_p64); - if (!err) - err = get_v4l2_edid32(new_p64, p32); - compatible_arg = 0; - break; - - case VIDIOC_S_FBUF32: - err = alloc_userspace(sizeof(struct v4l2_framebuffer), 0, - &new_p64); - if (!err) - err = get_v4l2_framebuffer32(new_p64, p32); - compatible_arg = 0; - break; - - case VIDIOC_G_FBUF32: - err = alloc_userspace(sizeof(struct v4l2_framebuffer), 0, - &new_p64); - compatible_arg = 0; - break; - - case VIDIOC_ENUMSTD32: - err = alloc_userspace(sizeof(struct v4l2_standard), 0, - &new_p64); - if (!err) - err = get_v4l2_standard32(new_p64, p32); - compatible_arg = 0; - break; - - case VIDIOC_ENUMINPUT32: - err = alloc_userspace(sizeof(struct v4l2_input), 0, &new_p64); - if (!err) - err = get_v4l2_input32(new_p64, p32); - compatible_arg = 0; - break; - -#ifdef CONFIG_X86_64 - case VIDIOC_DQEVENT32: - err = alloc_userspace(sizeof(struct v4l2_event), 0, &new_p64); - compatible_arg = 0; - break; - case VIDIOC_DQEVENT32_TIME32: - err = alloc_userspace(sizeof(struct v4l2_event_time32), 0, &new_p64); - compatible_arg = 0; - break; -#endif } if (err) return err; @@ -1414,55 +1393,11 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar if (err == -ENOTTY) return err; - /* - * 4. Special case: even after an error we need to put the - * results back for some ioctls. - * - * In the case of EXT_CTRLS, the error_idx will contain information - * on which control failed. - * - * In the case of S_EDID, the driver can return E2BIG and set - * the blocks to maximum allowed value. - */ - switch (cmd) { - case VIDIOC_S_EDID32: - if (put_v4l2_edid32(new_p64, p32)) - err = -EFAULT; - break; - } - if (err) - return err; - /* * 5. Copy the data returned at the 64 bits userspace pointer to * the original 32 bits structure. */ switch (cmd) { - case VIDIOC_G_FBUF32: - err = put_v4l2_framebuffer32(new_p64, p32); - break; - -#ifdef CONFIG_X86_64 - case VIDIOC_DQEVENT32: - err = put_v4l2_event32(new_p64, p32); - break; - - case VIDIOC_DQEVENT32_TIME32: - err = put_v4l2_event32_time32(new_p64, p32); - break; -#endif - - case VIDIOC_G_EDID32: - err = put_v4l2_edid32(new_p64, p32); - break; - - case VIDIOC_ENUMSTD32: - err = put_v4l2_standard32(new_p64, p32); - break; - - case VIDIOC_ENUMINPUT32: - err = put_v4l2_input32(new_p64, p32); - break; } return err; } From patchwork Fri Oct 30 16:55:29 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 11870319 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B32D0139F for ; Fri, 30 Oct 2020 16:56:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 8627420739 for ; Fri, 30 Oct 2020 16:56:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604076968; bh=nD81YqJ3MtrM/BCkwrNITM6ew3jXY2PFsMLpEZfzE5M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=018xNgmLjjjckOUQcExN/zzplUM5GAs9m07J9+PZ9kLgGcMauqNDrU7pMkg/Mglho KLJPEAdFiKeWqU7F6/GBzT55I57eltDhJQ+nKe5O8qnIeYKurJNUP93DHKoMhq9azu faYfHgw7LQu00TQqIeYRCUIpZSPKTFjfR6Iy68Fo= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727327AbgJ3Qz5 (ORCPT ); Fri, 30 Oct 2020 12:55:57 -0400 Received: from mail.kernel.org ([198.145.29.99]:32776 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727014AbgJ3Qzz (ORCPT ); Fri, 30 Oct 2020 12:55:55 -0400 Received: from localhost.localdomain (HSI-KBW-46-223-126-90.hsi.kabel-badenwuerttemberg.de [46.223.126.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 25F7122268; Fri, 30 Oct 2020 16:55:52 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1604076954; bh=nD81YqJ3MtrM/BCkwrNITM6ew3jXY2PFsMLpEZfzE5M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=zxz5LHC9rzc/gWUoh0qVZdBPrHnsyiANZM2jgaFdtvAxDc8JhwiieMS5hTBJZG5w/ yZlNc8HI3S2sABFJ7CuytfdBZr94WUTPtEyclPTnwcyEVeqSHMUYR5LPv04xRcoPVd pokL4QSMolGNE8lKONGKlRQtvLvpsP2zWfrRMClk= From: Arnd Bergmann To: Hans Verkuil Cc: Arnd Bergmann , linux-media@vger.kernel.org, mchehab@kernel.org, hch@lst.de, linux-kernel@vger.kernel.org Subject: [PATCH v2 8/8] media: v4l2: remove remaining compat_ioctl Date: Fri, 30 Oct 2020 17:55:29 +0100 Message-Id: <20201030165529.1255175-9-arnd@kernel.org> X-Mailer: git-send-email 2.27.0 In-Reply-To: <20201030165529.1255175-1-arnd@kernel.org> References: <20201030165529.1255175-1-arnd@kernel.org> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org From: Arnd Bergmann There are no remaining conversions in v4l2_compat_ioctl32(), so all the infrastructure for it can be removed, with the only remaining bit being the compat_ioctl32() callback into drivers that implement their own incompatible data structures. Signed-off-by: Arnd Bergmann --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 197 +----------------- 1 file changed, 2 insertions(+), 195 deletions(-) diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index f54f49bebea7..dfab9f662490 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -23,103 +23,6 @@ #include #include -/** - * assign_in_user() - Copy from one __user var to another one - * - * @to: __user var where data will be stored - * @from: __user var where data will be retrieved. - * - * As this code very often needs to allocate userspace memory, it is easier - * to have a macro that will do both get_user() and put_user() at once. - * - * This function complements the macros defined at asm-generic/uaccess.h. - * It uses the same argument order as copy_in_user() - */ -#define assign_in_user(to, from) \ -({ \ - typeof(*from) __assign_tmp; \ - \ - get_user(__assign_tmp, from) || put_user(__assign_tmp, to); \ -}) - -/** - * get_user_cast() - Stores at a kernelspace local var the contents from a - * pointer with userspace data that is not tagged with __user. - * - * @__x: var where data will be stored - * @__ptr: var where data will be retrieved. - * - * Sometimes we need to declare a pointer without __user because it - * comes from a pointer struct field that will be retrieved from userspace - * by the 64-bit native ioctl handler. This function ensures that the - * @__ptr will be cast to __user before calling get_user() in order to - * avoid warnings with static code analyzers like smatch. - */ -#define get_user_cast(__x, __ptr) \ -({ \ - get_user(__x, (typeof(*__ptr) __user *)(__ptr)); \ -}) - -/** - * put_user_force() - Stores the contents of a kernelspace local var - * into a userspace pointer, removing any __user cast. - * - * @__x: var where data will be stored - * @__ptr: var where data will be retrieved. - * - * Sometimes we need to remove the __user attribute from some data, - * by passing the __force macro. This function ensures that the - * @__ptr will be cast with __force before calling put_user(), in order to - * avoid warnings with static code analyzers like smatch. - */ -#define put_user_force(__x, __ptr) \ -({ \ - put_user((typeof(*__x) __force *)(__x), __ptr); \ -}) - -/** - * assign_in_user_cast() - Copy from one __user var to another one - * - * @to: __user var where data will be stored - * @from: var where data will be retrieved that needs to be cast to __user. - * - * As this code very often needs to allocate userspace memory, it is easier - * to have a macro that will do both get_user_cast() and put_user() at once. - * - * This function should be used instead of assign_in_user() when the @from - * variable was not declared as __user. See get_user_cast() for more details. - * - * This function complements the macros defined at asm-generic/uaccess.h. - * It uses the same argument order as copy_in_user() - */ -#define assign_in_user_cast(to, from) \ -({ \ - typeof(*from) __assign_tmp; \ - \ - get_user_cast(__assign_tmp, from) || put_user(__assign_tmp, to);\ -}) - -/** - * native_ioctl - Ancillary function that calls the native 64 bits ioctl - * handler. - * - * @file: pointer to &struct file with the file handler - * @cmd: ioctl to be called - * @arg: arguments passed from/to the ioctl handler - * - * This function calls the native ioctl handler at v4l2-dev, e. g. v4l2_ioctl() - */ -static long native_ioctl(struct file *file, unsigned int cmd, unsigned long arg) -{ - long ret = -ENOIOCTLCMD; - - if (file->f_op->unlocked_ioctl) - ret = file->f_op->unlocked_ioctl(file, cmd, arg); - - return ret; -} - - /* * Per-ioctl data copy handlers. * @@ -1305,103 +1208,6 @@ int v4l2_compat_put_array_args(struct file *file, void __user *user_ptr, return err; } - -/** - * alloc_userspace() - Allocates a 64-bits userspace pointer compatible - * for calling the native 64-bits version of an ioctl. - * - * @size: size of the structure itself to be allocated. - * @aux_space: extra size needed to store "extra" data, e.g. space for - * other __user data that is pointed to fields inside the - * structure. - * @new_p64: pointer to a pointer to be filled with the allocated struct. - * - * Return: - * - * if it can't allocate memory, either -ENOMEM or -EFAULT will be returned. - * Zero otherwise. - */ -static int alloc_userspace(unsigned int size, u32 aux_space, - void __user **new_p64) -{ - *new_p64 = compat_alloc_user_space(size + aux_space); - if (!*new_p64) - return -ENOMEM; - if (clear_user(*new_p64, size)) - return -EFAULT; - return 0; -} - -/** - * do_video_ioctl() - Ancillary function with handles a compat32 ioctl call - * - * @file: pointer to &struct file with the file handler - * @cmd: ioctl to be called - * @arg: arguments passed from/to the ioctl handler - * - * This function is called when a 32 bits application calls a V4L2 ioctl - * and the Kernel is compiled with 64 bits. - * - * This function is called by v4l2_compat_ioctl32() when the function is - * not private to some specific driver. - * - * It converts a 32-bits struct into a 64 bits one, calls the native 64-bits - * ioctl handler and fills back the 32-bits struct with the results of the - * native call. - */ -static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long arg) -{ - void __user *p32 = compat_ptr(arg); - void __user *new_p64 = NULL; - void __user *aux_buf; - u32 aux_space; - int compatible_arg = 1; - long err = 0; - unsigned int ncmd; - - /* - * 1. When struct size is different, converts the command. - */ - switch (cmd) { - default: ncmd = cmd; break; - } - - /* - * 2. Allocates a 64-bits userspace pointer to store the - * values of the ioctl and copy data from the 32-bits __user - * argument into it. - */ - switch (cmd) { - } - if (err) - return err; - - /* - * 3. Calls the native 64-bits ioctl handler. - * - * For the functions where a conversion was not needed, - * compatible_arg is true, and it will call it with the arguments - * provided by userspace and stored at @p32 var. - * - * Otherwise, it will pass the newly allocated @new_p64 argument. - */ - if (compatible_arg) - err = native_ioctl(file, ncmd, (unsigned long)p32); - else - err = native_ioctl(file, ncmd, (unsigned long)new_p64); - - if (err == -ENOTTY) - return err; - - /* - * 5. Copy the data returned at the 64 bits userspace pointer to - * the original 32 bits structure. - */ - switch (cmd) { - } - return err; -} - /** * v4l2_compat_ioctl32() - Handles a compat32 ioctl call * @@ -1425,7 +1231,8 @@ long v4l2_compat_ioctl32(struct file *file, unsigned int cmd, unsigned long arg) return ret; if (_IOC_TYPE(cmd) == 'V' && _IOC_NR(cmd) < BASE_VIDIOC_PRIVATE) - ret = do_video_ioctl(file, cmd, arg); + ret = file->f_op->unlocked_ioctl(file, cmd, + (unsigned long)compat_ptr(arg)); else if (vdev->fops->compat_ioctl32) ret = vdev->fops->compat_ioctl32(file, cmd, arg);