Received: by 2002:a25:683:0:0:0:0:0 with SMTP id 125csp121033ybg;
        Mon, 8 Jun 2020 18:11:50 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJytnZiZRufpR12EMrKf1gYn72UrHd2fkdowrucsY+u9GaEXaSdSf2c7CBaUUJvoKJs/zcOd
X-Received: by 2002:aa7:cd12:: with SMTP id b18mr24975237edw.195.1591665110060;
        Mon, 08 Jun 2020 18:11:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1591665110; cv=none;
        d=google.com; s=arc-20160816;
        b=AT4GMpzJH6oFLeEnevDlMI1XDs7BTvR8XAG+hf432Ja2SYvw8p362yfEyJ+rIFWg6Y
         x4ZVXcSmX+IilQigB6Lm9lyYLs5wWQVIbG6Gkr0tgke0sYpx5yV6QDLpJgo0a90QjX77
         TpUkWy13qAaAvfUXLQrmRrB1PlC4FUyyL0qlW+CPflZvwXy5bE+iMC2PH6dzoZ0VOh5T
         G8g/MVBOxVJGwMOOkgm8f6UZTfk7CNl3OpmAtdBAdAN0nuQT/uiFD66Sw21/LE0MYqDo
         66jnzgmb3hPIWm5UzYSsURm17zW438HrEep3kjyOnXUNTRLJRHNq8FOnP5skcTHi1WSQ
         iIyg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=7DBXVAw0vUv1gMjEwmrb8uWZ8PEzdZQZuxcyLhK0EnQ=;
        b=A3lnOHRhGWQ2Hg82Y5+xOtacpwnznSdoBTPJBsr/m1ONNwCN3+QMJAgSU9n7Rl2rxs
         ey3Hk4/o0iYcKUsMYaPyoniet7hVYDL8xzkhtOdrUiT+ia4KZqKuI4GO8mX6pIFOI9tB
         k5gczIn6l0qGO0egLd2EyoeT+68DlSg+hzIRisqGPC9otu6j9AOND2kpv2kAkcSjB96I
         8/lpGmC7SW9PvGRI5iF1G16OsWmfLcCvOLQAYlPQ72vLQ/SX+IPl2DDq0ubgKY2KjLQZ
         K426MPwWywiuz01PqY6834fc5G92yRI5u6+Wrf01eiVyUzXB1ZTbzGAXyKjxpbYedD7r
         JvVA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="0KKKP/Ef";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id j28si9595867edy.293.2020.06.08.18.11.27;
        Mon, 08 Jun 2020 18:11:50 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="0KKKP/Ef";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2387449AbgFIBJg (ORCPT <rfc822;lunatang2017@gmail.com>
        + 99 others); Mon, 8 Jun 2020 21:09:36 -0400
Received: from mail.kernel.org ([198.145.29.99]:49504 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726981AbgFHXG0 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 8 Jun 2020 19:06:26 -0400
Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id B2C772076C;
        Mon,  8 Jun 2020 23:06:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1591657585;
        bh=PURkuQjDd4uIDSMLujFEZ60c931LKLsJlFRXqNsQ6kw=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=0KKKP/EfVcoougZuQJA6+xLrYjf9GhGybSTAfw/FbskRW7izHTD+iZHnvodJKy3BE
         VpN1ehWSzE6DbOH2K73Bcnu7xs5/c+Ttg5fVBblh7DXVLqwCgfItDOZq9xDt2/8SKs
         x/RgPQTgpXkzMEojPyXDtn/t5bXRHroNYdaktLRs=
From:   Sasha Levin <sashal@kernel.org>
To:     linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc:     Hans Verkuil <hverkuil-cisco@xs4all.nl>,
        Mauro Carvalho Chehab <mchehab+huawei@kernel.org>,
        Sasha Levin <sashal@kernel.org>, linux-media@vger.kernel.org
Subject: [PATCH AUTOSEL 5.7 014/274] media: v4l2-ctrls: v4l2_ctrl_g/s_ctrl*(): don't continue when WARN_ON
Date:   Mon,  8 Jun 2020 19:01:47 -0400
Message-Id: <20200608230607.3361041-14-sashal@kernel.org>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20200608230607.3361041-1-sashal@kernel.org>
References: <20200608230607.3361041-1-sashal@kernel.org>
MIME-Version: 1.0
X-stable: review
X-Patchwork-Hint: Ignore
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Hans Verkuil <hverkuil-cisco@xs4all.nl>

[ Upstream commit 7c3bae3f430af6b4fcbdb7272e191e266fd94b45 ]

If the v4l2_ctrl_g_ctrl*() or __v4l2_ctrl_s_ctrl*() functions
are called for the wrong control type then they call WARN_ON
since that is a driver error. But they still continue, potentially
overwriting data. Change this to return an error (s_ctrl) or 0
(g_ctrl), just to be safe.

Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 drivers/media/v4l2-core/v4l2-ctrls.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/drivers/media/v4l2-core/v4l2-ctrls.c b/drivers/media/v4l2-core/v4l2-ctrls.c
index 93d33d1db4e8..452edd06d67d 100644
--- a/drivers/media/v4l2-core/v4l2-ctrls.c
+++ b/drivers/media/v4l2-core/v4l2-ctrls.c
@@ -3794,7 +3794,8 @@ s32 v4l2_ctrl_g_ctrl(struct v4l2_ctrl *ctrl)
 	struct v4l2_ext_control c;
 
 	/* It's a driver bug if this happens. */
-	WARN_ON(!ctrl->is_int);
+	if (WARN_ON(!ctrl->is_int))
+		return 0;
 	c.value = 0;
 	get_ctrl(ctrl, &c);
 	return c.value;
@@ -3806,7 +3807,8 @@ s64 v4l2_ctrl_g_ctrl_int64(struct v4l2_ctrl *ctrl)
 	struct v4l2_ext_control c;
 
 	/* It's a driver bug if this happens. */
-	WARN_ON(ctrl->is_ptr || ctrl->type != V4L2_CTRL_TYPE_INTEGER64);
+	if (WARN_ON(ctrl->is_ptr || ctrl->type != V4L2_CTRL_TYPE_INTEGER64))
+		return 0;
 	c.value64 = 0;
 	get_ctrl(ctrl, &c);
 	return c.value64;
@@ -4215,7 +4217,8 @@ int __v4l2_ctrl_s_ctrl(struct v4l2_ctrl *ctrl, s32 val)
 	lockdep_assert_held(ctrl->handler->lock);
 
 	/* It's a driver bug if this happens. */
-	WARN_ON(!ctrl->is_int);
+	if (WARN_ON(!ctrl->is_int))
+		return -EINVAL;
 	ctrl->val = val;
 	return set_ctrl(NULL, ctrl, 0);
 }
@@ -4226,7 +4229,8 @@ int __v4l2_ctrl_s_ctrl_int64(struct v4l2_ctrl *ctrl, s64 val)
 	lockdep_assert_held(ctrl->handler->lock);
 
 	/* It's a driver bug if this happens. */
-	WARN_ON(ctrl->is_ptr || ctrl->type != V4L2_CTRL_TYPE_INTEGER64);
+	if (WARN_ON(ctrl->is_ptr || ctrl->type != V4L2_CTRL_TYPE_INTEGER64))
+		return -EINVAL;
 	*ctrl->p_new.p_s64 = val;
 	return set_ctrl(NULL, ctrl, 0);
 }
@@ -4237,7 +4241,8 @@ int __v4l2_ctrl_s_ctrl_string(struct v4l2_ctrl *ctrl, const char *s)
 	lockdep_assert_held(ctrl->handler->lock);
 
 	/* It's a driver bug if this happens. */
-	WARN_ON(ctrl->type != V4L2_CTRL_TYPE_STRING);
+	if (WARN_ON(ctrl->type != V4L2_CTRL_TYPE_STRING))
+		return -EINVAL;
 	strscpy(ctrl->p_new.p_char, s, ctrl->maximum + 1);
 	return set_ctrl(NULL, ctrl, 0);
 }
@@ -4249,7 +4254,8 @@ int __v4l2_ctrl_s_ctrl_area(struct v4l2_ctrl *ctrl,
 	lockdep_assert_held(ctrl->handler->lock);
 
 	/* It's a driver bug if this happens. */
-	WARN_ON(ctrl->type != V4L2_CTRL_TYPE_AREA);
+	if (WARN_ON(ctrl->type != V4L2_CTRL_TYPE_AREA))
+		return -EINVAL;
 	*ctrl->p_new.p_area = *area;
 	return set_ctrl(NULL, ctrl, 0);
 }
-- 
2.25.1