Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp121033ybg; Mon, 8 Jun 2020 18:11:50 -0700 (PDT) X-Google-Smtp-Source: ABdhPJytnZiZRufpR12EMrKf1gYn72UrHd2fkdowrucsY+u9GaEXaSdSf2c7CBaUUJvoKJs/zcOd X-Received: by 2002:aa7:cd12:: with SMTP id b18mr24975237edw.195.1591665110060; Mon, 08 Jun 2020 18:11:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1591665110; cv=none; d=google.com; s=arc-20160816; b=AT4GMpzJH6oFLeEnevDlMI1XDs7BTvR8XAG+hf432Ja2SYvw8p362yfEyJ+rIFWg6Y x4ZVXcSmX+IilQigB6Lm9lyYLs5wWQVIbG6Gkr0tgke0sYpx5yV6QDLpJgo0a90QjX77 TpUkWy13qAaAvfUXLQrmRrB1PlC4FUyyL0qlW+CPflZvwXy5bE+iMC2PH6dzoZ0VOh5T G8g/MVBOxVJGwMOOkgm8f6UZTfk7CNl3OpmAtdBAdAN0nuQT/uiFD66Sw21/LE0MYqDo 66jnzgmb3hPIWm5UzYSsURm17zW438HrEep3kjyOnXUNTRLJRHNq8FOnP5skcTHi1WSQ iIyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=7DBXVAw0vUv1gMjEwmrb8uWZ8PEzdZQZuxcyLhK0EnQ=; b=A3lnOHRhGWQ2Hg82Y5+xOtacpwnznSdoBTPJBsr/m1ONNwCN3+QMJAgSU9n7Rl2rxs ey3Hk4/o0iYcKUsMYaPyoniet7hVYDL8xzkhtOdrUiT+ia4KZqKuI4GO8mX6pIFOI9tB k5gczIn6l0qGO0egLd2EyoeT+68DlSg+hzIRisqGPC9otu6j9AOND2kpv2kAkcSjB96I 8/lpGmC7SW9PvGRI5iF1G16OsWmfLcCvOLQAYlPQ72vLQ/SX+IPl2DDq0ubgKY2KjLQZ K426MPwWywiuz01PqY6834fc5G92yRI5u6+Wrf01eiVyUzXB1ZTbzGAXyKjxpbYedD7r JvVA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="0KKKP/Ef"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j28si9595867edy.293.2020.06.08.18.11.27; Mon, 08 Jun 2020 18:11:50 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="0KKKP/Ef"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2387449AbgFIBJg (ORCPT + 99 others); Mon, 8 Jun 2020 21:09:36 -0400 Received: from mail.kernel.org ([198.145.29.99]:49504 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726981AbgFHXG0 (ORCPT ); Mon, 8 Jun 2020 19:06:26 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B2C772076C; Mon, 8 Jun 2020 23:06:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1591657585; bh=PURkuQjDd4uIDSMLujFEZ60c931LKLsJlFRXqNsQ6kw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0KKKP/EfVcoougZuQJA6+xLrYjf9GhGybSTAfw/FbskRW7izHTD+iZHnvodJKy3BE VpN1ehWSzE6DbOH2K73Bcnu7xs5/c+Ttg5fVBblh7DXVLqwCgfItDOZq9xDt2/8SKs x/RgPQTgpXkzMEojPyXDtn/t5bXRHroNYdaktLRs= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Hans Verkuil , Mauro Carvalho Chehab , Sasha Levin , linux-media@vger.kernel.org Subject: [PATCH AUTOSEL 5.7 014/274] media: v4l2-ctrls: v4l2_ctrl_g/s_ctrl*(): don't continue when WARN_ON Date: Mon, 8 Jun 2020 19:01:47 -0400 Message-Id: <20200608230607.3361041-14-sashal@kernel.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200608230607.3361041-1-sashal@kernel.org> References: <20200608230607.3361041-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Hans Verkuil [ Upstream commit 7c3bae3f430af6b4fcbdb7272e191e266fd94b45 ] If the v4l2_ctrl_g_ctrl*() or __v4l2_ctrl_s_ctrl*() functions are called for the wrong control type then they call WARN_ON since that is a driver error. But they still continue, potentially overwriting data. Change this to return an error (s_ctrl) or 0 (g_ctrl), just to be safe. Signed-off-by: Hans Verkuil Signed-off-by: Mauro Carvalho Chehab Signed-off-by: Sasha Levin --- drivers/media/v4l2-core/v4l2-ctrls.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/drivers/media/v4l2-core/v4l2-ctrls.c b/drivers/media/v4l2-core/v4l2-ctrls.c index 93d33d1db4e8..452edd06d67d 100644 --- a/drivers/media/v4l2-core/v4l2-ctrls.c +++ b/drivers/media/v4l2-core/v4l2-ctrls.c @@ -3794,7 +3794,8 @@ s32 v4l2_ctrl_g_ctrl(struct v4l2_ctrl *ctrl) struct v4l2_ext_control c; /* It's a driver bug if this happens. */ - WARN_ON(!ctrl->is_int); + if (WARN_ON(!ctrl->is_int)) + return 0; c.value = 0; get_ctrl(ctrl, &c); return c.value; @@ -3806,7 +3807,8 @@ s64 v4l2_ctrl_g_ctrl_int64(struct v4l2_ctrl *ctrl) struct v4l2_ext_control c; /* It's a driver bug if this happens. */ - WARN_ON(ctrl->is_ptr || ctrl->type != V4L2_CTRL_TYPE_INTEGER64); + if (WARN_ON(ctrl->is_ptr || ctrl->type != V4L2_CTRL_TYPE_INTEGER64)) + return 0; c.value64 = 0; get_ctrl(ctrl, &c); return c.value64; @@ -4215,7 +4217,8 @@ int __v4l2_ctrl_s_ctrl(struct v4l2_ctrl *ctrl, s32 val) lockdep_assert_held(ctrl->handler->lock); /* It's a driver bug if this happens. */ - WARN_ON(!ctrl->is_int); + if (WARN_ON(!ctrl->is_int)) + return -EINVAL; ctrl->val = val; return set_ctrl(NULL, ctrl, 0); } @@ -4226,7 +4229,8 @@ int __v4l2_ctrl_s_ctrl_int64(struct v4l2_ctrl *ctrl, s64 val) lockdep_assert_held(ctrl->handler->lock); /* It's a driver bug if this happens. */ - WARN_ON(ctrl->is_ptr || ctrl->type != V4L2_CTRL_TYPE_INTEGER64); + if (WARN_ON(ctrl->is_ptr || ctrl->type != V4L2_CTRL_TYPE_INTEGER64)) + return -EINVAL; *ctrl->p_new.p_s64 = val; return set_ctrl(NULL, ctrl, 0); } @@ -4237,7 +4241,8 @@ int __v4l2_ctrl_s_ctrl_string(struct v4l2_ctrl *ctrl, const char *s) lockdep_assert_held(ctrl->handler->lock); /* It's a driver bug if this happens. */ - WARN_ON(ctrl->type != V4L2_CTRL_TYPE_STRING); + if (WARN_ON(ctrl->type != V4L2_CTRL_TYPE_STRING)) + return -EINVAL; strscpy(ctrl->p_new.p_char, s, ctrl->maximum + 1); return set_ctrl(NULL, ctrl, 0); } @@ -4249,7 +4254,8 @@ int __v4l2_ctrl_s_ctrl_area(struct v4l2_ctrl *ctrl, lockdep_assert_held(ctrl->handler->lock); /* It's a driver bug if this happens. */ - WARN_ON(ctrl->type != V4L2_CTRL_TYPE_AREA); + if (WARN_ON(ctrl->type != V4L2_CTRL_TYPE_AREA)) + return -EINVAL; *ctrl->p_new.p_area = *area; return set_ctrl(NULL, ctrl, 0); } -- 2.25.1