Received: by 10.213.65.68 with SMTP id h4csp870682imn; Wed, 4 Apr 2018 08:37:16 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/StYDOLR/McoFI+i7gm9mg1/Qp87y/thL3ArUOgK5WX16PDtZv5x8MV2GzwDtyaaypiSxM X-Received: by 10.99.121.134 with SMTP id u128mr12177345pgc.360.1522856236736; Wed, 04 Apr 2018 08:37:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1522856236; cv=none; d=google.com; s=arc-20160816; b=vYXCrO5pV7+nOJUinkf5CY9zwQKzSInyY++covwPDGN/Veep5XxTi0Xi0eUD29ws6h e3tjtf0qhUaBdZG2BFmNbTcDFo8exvqtAAMD7DIGJQW4BjPVcmJ4Mc7hW/31bAE9b7eM cukMK7+b/rUSSoJKoMSZQ6QO40Td9Y+Vncmj56lLLlX2HOKk8Vp1t4NiQuNYvxygFcJZ XlRktprBPE1rYl9Sf/17OLj91rV46paCKZIbjjjqjUhM0ixxdI7IaNSF0KVhk8Dn2CdO PLKv5ywpKJz6DyHp6IVmOdqGHoag9JMomGd1BGF6zkHjSflYztfOEzsmc4nlhFVBV7SM iZxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:in-reply-to:date:from:cc:to:subject :arc-authentication-results; bh=aLRxZYz2dWfGodTfwTjwybIoCoS4fegJz5n7P3/pY4w=; b=kOXG+A7W3G+kZ0/ZjE3G7Xje/N7J5YbCQsi12ZempkNOZqvy4ptf8Jz+UcpYgCxQ17 udqYHitYxy2fEgUOmm8xgE4GFc/Zthzxq/0juvv1LKedW6iV7ncC1xaNHqPtMBkYmrB4 J7BoWSToEnt/JzFtaVAG43kAB42q9bBADKcT9SaMMKj5Zk7oDarfplL+n18VUan8Q6Ad s0lgm9n5XeLAz7o9R32QCiZ+hgDbPx/rit6uKUm6gA9aqgqZVUXtzzw3qIdSDBJApsHe RREQSMrCAq1AP/skgh12etf+CJUorIshKXm/Z6Q963OXi2MB0mbE91dZjSZGzoHa8dHM KJNg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h3si3427662pfn.158.2018.04.04.08.37.02; Wed, 04 Apr 2018 08:37:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752322AbeDDPdS (ORCPT + 99 others); Wed, 4 Apr 2018 11:33:18 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:43970 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752219AbeDDPdH (ORCPT ); Wed, 4 Apr 2018 11:33:07 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 2B927AD8; Wed, 4 Apr 2018 15:33:06 +0000 (UTC) Subject: Patch "media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer" has been added to the 3.18-stable tree To: mchehab@s-opensource.com, alexander.levin@microsoft.com, gregkh@linuxfoundation.org, hans.verkuil@cisco.com, linux-kernel@vger.kernel.org, linux-media@vger.kernel.org, mchehab@infradead.org, sakari.ailus@linux.intel.com Cc: , From: Date: Wed, 04 Apr 2018 17:32:48 +0200 In-Reply-To: <63df92f6981785c5e31c1d8e796e827344cc75f3.1522260310.git.mchehab@s-opensource.com> Message-ID: <152285596820209@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit X-stable: commit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This is a note to let you know that I've just added the patch titled media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer to the 3.18-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: media-v4l2-compat-ioctl32.c-fix-ctrl_is_pointer.patch and it can be found in the queue-3.18 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. From foo@baz Wed Apr 4 17:30:18 CEST 2018 From: Mauro Carvalho Chehab Date: Wed, 28 Mar 2018 15:12:27 -0300 Subject: media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer To: Linux Media Mailing List , stable@vger.kernel.org Cc: Hans Verkuil , Mauro Carvalho Chehab , Linux Kernel Mailing List , Mauro Carvalho Chehab , Sasha Levin Message-ID: <63df92f6981785c5e31c1d8e796e827344cc75f3.1522260310.git.mchehab@s-opensource.com> From: Hans Verkuil commit b8c601e8af2d08f733d74defa8465303391bb930 upstream. ctrl_is_pointer just hardcoded two known string controls, but that caused problems when using e.g. custom controls that use a pointer for the payload. Reimplement this function: it now finds the v4l2_ctrl (if the driver uses the control framework) or it calls vidioc_query_ext_ctrl (if the driver implements that directly). In both cases it can now check if the control is a pointer control or not. Signed-off-by: Hans Verkuil Acked-by: Sakari Ailus Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 59 +++++++++++++++++--------- 1 file changed, 39 insertions(+), 20 deletions(-) --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -18,6 +18,8 @@ #include #include #include +#include +#include #include static long native_ioctl(struct file *file, unsigned int cmd, unsigned long arg) @@ -575,24 +577,39 @@ struct v4l2_ext_control32 { }; } __attribute__ ((packed)); -/* The following function really belong in v4l2-common, but that causes - a circular dependency between modules. We need to think about this, but - for now this will do. */ - -/* Return non-zero if this control is a pointer type. Currently only - type STRING is a pointer type. */ -static inline int ctrl_is_pointer(u32 id) -{ - switch (id) { - case V4L2_CID_RDS_TX_PS_NAME: - case V4L2_CID_RDS_TX_RADIO_TEXT: - return 1; - default: - return 0; +/* Return true if this control is a pointer type. */ +static inline bool ctrl_is_pointer(struct file *file, u32 id) +{ + struct video_device *vdev = video_devdata(file); + struct v4l2_fh *fh = NULL; + struct v4l2_ctrl_handler *hdl = NULL; + struct v4l2_query_ext_ctrl qec = { id }; + const struct v4l2_ioctl_ops *ops = vdev->ioctl_ops; + + if (test_bit(V4L2_FL_USES_V4L2_FH, &vdev->flags)) + fh = file->private_data; + + if (fh && fh->ctrl_handler) + hdl = fh->ctrl_handler; + else if (vdev->ctrl_handler) + hdl = vdev->ctrl_handler; + + if (hdl) { + struct v4l2_ctrl *ctrl = v4l2_ctrl_find(hdl, id); + + return ctrl && ctrl->is_ptr; } + + if (!ops->vidioc_query_ext_ctrl) + return false; + + return !ops->vidioc_query_ext_ctrl(file, fh, &qec) && + (qec.flags & V4L2_CTRL_FLAG_HAS_PAYLOAD); } -static int get_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext_controls32 __user *up) +static int get_v4l2_ext_controls32(struct file *file, + struct v4l2_ext_controls *kp, + struct v4l2_ext_controls32 __user *up) { struct v4l2_ext_control32 __user *ucontrols; struct v4l2_ext_control __user *kcontrols; @@ -624,7 +641,7 @@ static int get_v4l2_ext_controls32(struc return -EFAULT; if (get_user(id, &kcontrols->id)) return -EFAULT; - if (ctrl_is_pointer(id)) { + if (ctrl_is_pointer(file, id)) { void __user *s; if (get_user(p, &ucontrols->string)) @@ -639,7 +656,9 @@ static int get_v4l2_ext_controls32(struc return 0; } -static int put_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext_controls32 __user *up) +static int put_v4l2_ext_controls32(struct file *file, + struct v4l2_ext_controls *kp, + struct v4l2_ext_controls32 __user *up) { struct v4l2_ext_control32 __user *ucontrols; struct v4l2_ext_control __user *kcontrols = @@ -671,7 +690,7 @@ static int put_v4l2_ext_controls32(struc /* Do not modify the pointer when copying a pointer control. The contents of the pointer was changed, not the pointer itself. */ - if (ctrl_is_pointer(id)) + if (ctrl_is_pointer(file, id)) size -= sizeof(ucontrols->value64); if (copy_in_user(ucontrols, kcontrols, size)) return -EFAULT; @@ -884,7 +903,7 @@ static long do_video_ioctl(struct file * case VIDIOC_G_EXT_CTRLS: case VIDIOC_S_EXT_CTRLS: case VIDIOC_TRY_EXT_CTRLS: - err = get_v4l2_ext_controls32(&karg.v2ecs, up); + err = get_v4l2_ext_controls32(file, &karg.v2ecs, up); compatible_arg = 0; break; case VIDIOC_DQEVENT: @@ -911,7 +930,7 @@ static long do_video_ioctl(struct file * case VIDIOC_G_EXT_CTRLS: case VIDIOC_S_EXT_CTRLS: case VIDIOC_TRY_EXT_CTRLS: - if (put_v4l2_ext_controls32(&karg.v2ecs, up)) + if (put_v4l2_ext_controls32(file, &karg.v2ecs, up)) err = -EFAULT; break; } Patches currently in stable-queue which might be from mchehab@s-opensource.com are queue-3.18/media-v4l2-compat-ioctl32.c-copy-m.userptr-in-put_v4l2_plane32.patch queue-3.18/media-v4l2-compat-ioctl32.c-avoid-sizeof-type.patch queue-3.18/media-v4l2-compat-ioctl32.c-drop-pr_info-for-unknown-buffer-type.patch queue-3.18/media-v4l2-compat-ioctl32-use-compat_u64-for-video-standard.patch queue-3.18/media-v4l2-compat-ioctl32.c-add-missing-vidioc_prepare_buf.patch queue-3.18/vb2-v4l2_buf_flag_done-is-set-after-dqbuf.patch queue-3.18/media-v4l2-compat-ioctl32.c-refactor-compat-ioctl32-logic.patch queue-3.18/media-v4l2-ctrls-fix-sparse-warning.patch queue-3.18/media-v4l2-compat-ioctl32.c-fix-ctrl_is_pointer.patch queue-3.18/media-v4l2-compat-ioctl32.c-move-helper-functions-to-__get-put_v4l2_format32.patch queue-3.18/media-media-v4l2-ctrls-volatiles-should-not-generate-ch_value.patch queue-3.18/media-v4l2-compat-ioctl32.c-don-t-copy-back-the-result-for-certain-errors.patch queue-3.18/media-v4l2-compat-ioctl32.c-make-ctrl_is_pointer-work-for-subdevs.patch queue-3.18/media-v4l2-compat-ioctl32.c-fix-the-indentation.patch queue-3.18/media-v4l2-compat-ioctl32-copy-v4l2_window-global_alpha.patch queue-3.18/media-v4l2-ioctl.c-don-t-copy-back-the-result-for-enotty.patch queue-3.18/media-v4l2-compat-ioctl32.c-copy-clip-list-in-put_v4l2_window32.patch queue-3.18/media-v4l2-compat-ioctl32-initialize-a-reserved-field.patch