diff options
Diffstat (limited to 'drivers/media/v4l2-core/v4l2-compat-ioctl32.c')
| -rw-r--r-- | drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 1793 |
1 files changed, 626 insertions, 1167 deletions
diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index a99e82ec9ab6..0ca75f6784c5 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -23,103 +23,6 @@ #include <media/v4l2-ctrls.h> #include <media/v4l2-ioctl.h> -/** - * assign_in_user() - Copy from one __user var to another one - * - * @to: __user var where data will be stored - * @from: __user var where data will be retrieved. - * - * As this code very often needs to allocate userspace memory, it is easier - * to have a macro that will do both get_user() and put_user() at once. - * - * This function complements the macros defined at asm-generic/uaccess.h. - * It uses the same argument order as copy_in_user() - */ -#define assign_in_user(to, from) \ -({ \ - typeof(*from) __assign_tmp; \ - \ - get_user(__assign_tmp, from) || put_user(__assign_tmp, to); \ -}) - -/** - * get_user_cast() - Stores at a kernelspace local var the contents from a - * pointer with userspace data that is not tagged with __user. - * - * @__x: var where data will be stored - * @__ptr: var where data will be retrieved. - * - * Sometimes we need to declare a pointer without __user because it - * comes from a pointer struct field that will be retrieved from userspace - * by the 64-bit native ioctl handler. This function ensures that the - * @__ptr will be cast to __user before calling get_user() in order to - * avoid warnings with static code analyzers like smatch. - */ -#define get_user_cast(__x, __ptr) \ -({ \ - get_user(__x, (typeof(*__ptr) __user *)(__ptr)); \ -}) - -/** - * put_user_force() - Stores the contents of a kernelspace local var - * into a userspace pointer, removing any __user cast. - * - * @__x: var where data will be stored - * @__ptr: var where data will be retrieved. - * - * Sometimes we need to remove the __user attribute from some data, - * by passing the __force macro. This function ensures that the - * @__ptr will be cast with __force before calling put_user(), in order to - * avoid warnings with static code analyzers like smatch. - */ -#define put_user_force(__x, __ptr) \ -({ \ - put_user((typeof(*__x) __force *)(__x), __ptr); \ -}) - -/** - * assign_in_user_cast() - Copy from one __user var to another one - * - * @to: __user var where data will be stored - * @from: var where data will be retrieved that needs to be cast to __user. - * - * As this code very often needs to allocate userspace memory, it is easier - * to have a macro that will do both get_user_cast() and put_user() at once. - * - * This function should be used instead of assign_in_user() when the @from - * variable was not declared as __user. See get_user_cast() for more details. - * - * This function complements the macros defined at asm-generic/uaccess.h. - * It uses the same argument order as copy_in_user() - */ -#define assign_in_user_cast(to, from) \ -({ \ - typeof(*from) __assign_tmp; \ - \ - get_user_cast(__assign_tmp, from) || put_user(__assign_tmp, to);\ -}) - -/** - * native_ioctl - Ancillary function that calls the native 64 bits ioctl - * handler. - * - * @file: pointer to &struct file with the file handler - * @cmd: ioctl to be called - * @arg: arguments passed from/to the ioctl handler - * - * This function calls the native ioctl handler at v4l2-dev, e. g. v4l2_ioctl() - */ -static long native_ioctl(struct file *file, unsigned int cmd, unsigned long arg) -{ - long ret = -ENOIOCTLCMD; - - if (file->f_op->unlocked_ioctl) - ret = file->f_op->unlocked_ioctl(file, cmd, arg); - - return ret; -} - - /* * Per-ioctl data copy handlers. * @@ -150,77 +53,54 @@ struct v4l2_window32 { __u8 global_alpha; }; -static int get_v4l2_window32(struct v4l2_window __user *p64, - struct v4l2_window32 __user *p32, - void __user *aux_buf, u32 aux_space) +static int get_v4l2_window32(struct v4l2_window *p64, + struct v4l2_window32 __user *p32) { - struct v4l2_clip32 __user *uclips; - struct v4l2_clip __user *kclips; - compat_caddr_t p; - u32 clipcount; - - if (!access_ok(p32, sizeof(*p32)) || - copy_in_user(&p64->w, &p32->w, sizeof(p32->w)) || - assign_in_user(&p64->field, &p32->field) || - assign_in_user(&p64->chromakey, &p32->chromakey) || - assign_in_user(&p64->global_alpha, &p32->global_alpha) || - get_user(clipcount, &p32->clipcount) || - put_user(clipcount, &p64->clipcount)) - return -EFAULT; - if (clipcount > 2048) - return -EINVAL; - if (!clipcount) - return put_user(NULL, &p64->clips); + struct v4l2_window32 w32; - if (get_user(p, &p32->clips)) - return -EFAULT; - uclips = compat_ptr(p); - if (aux_space < clipcount * sizeof(*kclips)) - return -EFAULT; - kclips = aux_buf; - if (put_user(kclips, &p64->clips)) + if (copy_from_user(&w32, p32, sizeof(w32))) return -EFAULT; - while (clipcount--) { - if (copy_in_user(&kclips->c, &uclips->c, sizeof(uclips->c))) - return -EFAULT; - if (put_user(clipcount ? kclips + 1 : NULL, &kclips->next)) - return -EFAULT; - uclips++; - kclips++; - } + *p64 = (struct v4l2_window) { + .w = w32.w, + .field = w32.field, + .chromakey = w32.chromakey, + .clips = (void __force *)compat_ptr(w32.clips), + .clipcount = w32.clipcount, + .bitmap = compat_ptr(w32.bitmap), + .global_alpha = w32.global_alpha, + }; + + if (p64->clipcount > 2048) + return -EINVAL; + if (!p64->clipcount) + p64->clips = NULL; + return 0; } -static int put_v4l2_window32(struct v4l2_window __user *p64, +static int put_v4l2_window32(struct v4l2_window *p64, struct v4l2_window32 __user *p32) { - struct v4l2_clip __user *kclips; - struct v4l2_clip32 __user *uclips; - compat_caddr_t p; - u32 clipcount; - - if (copy_in_user(&p32->w, &p64->w, sizeof(p64->w)) || - assign_in_user(&p32->field, &p64->field) || - assign_in_user(&p32->chromakey, &p64->chromakey) || - assign_in_user(&p32->global_alpha, &p64->global_alpha) || - get_user(clipcount, &p64->clipcount) || - put_user(clipcount, &p32->clipcount)) - return -EFAULT; - if (!clipcount) - return 0; + struct v4l2_window32 w32; + + memset(&w32, 0, sizeof(w32)); + w32 = (struct v4l2_window32) { + .w = p64->w, + .field = p64->field, + .chromakey = p64->chromakey, + .clips = (uintptr_t)p64->clips, + .clipcount = p64->clipcount, + .bitmap = ptr_to_compat(p64->bitmap), + .global_alpha = p64->global_alpha, + }; - if (get_user(kclips, &p64->clips)) + /* copy everything except the clips pointer */ + if (copy_to_user(p32, &w32, offsetof(struct v4l2_window32, clips)) || + copy_to_user(&p32->clipcount, &w32.clipcount, + sizeof(w32) - offsetof(struct v4l2_window32, clipcount))) return -EFAULT; - if (get_user(p, &p32->clips)) - return -EFAULT; - uclips = compat_ptr(p); - while (clipcount--) { - if (copy_in_user(&uclips->c, &kclips->c, sizeof(uclips->c))) - return -EFAULT; - uclips++; - kclips++; - } + return 0; } @@ -257,169 +137,99 @@ struct v4l2_create_buffers32 { __u32 reserved[7]; }; -static int __bufsize_v4l2_format(struct v4l2_format32 __user *p32, u32 *size) -{ - u32 type; - - if (get_user(type, &p32->type)) - return -EFAULT; - - switch (type) { - case V4L2_BUF_TYPE_VIDEO_OVERLAY: - case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY: { - u32 clipcount; - - if (get_user(clipcount, &p32->fmt.win.clipcount)) - return -EFAULT; - if (clipcount > 2048) - return -EINVAL; - *size = clipcount * sizeof(struct v4l2_clip); - return 0; - } - default: - *size = 0; - return 0; - } -} - -static int bufsize_v4l2_format(struct v4l2_format32 __user *p32, u32 *size) -{ - if (!access_ok(p32, sizeof(*p32))) - return -EFAULT; - return __bufsize_v4l2_format(p32, size); -} - -static int __get_v4l2_format32(struct v4l2_format __user *p64, - struct v4l2_format32 __user *p32, - void __user *aux_buf, u32 aux_space) +static int get_v4l2_format32(struct v4l2_format *p64, + struct v4l2_format32 __user *p32) { - u32 type; - - if (get_user(type, &p32->type) || put_user(type, &p64->type)) + if (get_user(p64->type, &p32->type)) return -EFAULT; - switch (type) { + switch (p64->type) { case V4L2_BUF_TYPE_VIDEO_CAPTURE: case V4L2_BUF_TYPE_VIDEO_OUTPUT: - return copy_in_user(&p64->fmt.pix, &p32->fmt.pix, - sizeof(p64->fmt.pix)) ? -EFAULT : 0; + return copy_from_user(&p64->fmt.pix, &p32->fmt.pix, + sizeof(p64->fmt.pix)) ? -EFAULT : 0; case V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE: case V4L2_BUF_TYPE_VIDEO_OUTPUT_MPLANE: - return copy_in_user(&p64->fmt.pix_mp, &p32->fmt.pix_mp, - sizeof(p64->fmt.pix_mp)) ? -EFAULT : 0; + return copy_from_user(&p64->fmt.pix_mp, &p32->fmt.pix_mp, + sizeof(p64->fmt.pix_mp)) ? -EFAULT : 0; case V4L2_BUF_TYPE_VIDEO_OVERLAY: case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY: - return get_v4l2_window32(&p64->fmt.win, &p32->fmt.win, - aux_buf, aux_space); + return get_v4l2_window32(&p64->fmt.win, &p32->fmt.win); case V4L2_BUF_TYPE_VBI_CAPTURE: case V4L2_BUF_TYPE_VBI_OUTPUT: - return copy_in_user(&p64->fmt.vbi, &p32->fmt.vbi, - sizeof(p64->fmt.vbi)) ? -EFAULT : 0; + return copy_from_user(&p64->fmt.vbi, &p32->fmt.vbi, + sizeof(p64->fmt.vbi)) ? -EFAULT : 0; case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE: case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT: - return copy_in_user(&p64->fmt.sliced, &p32->fmt.sliced, - sizeof(p64->fmt.sliced)) ? -EFAULT : 0; + return copy_from_user(&p64->fmt.sliced, &p32->fmt.sliced, + sizeof(p64->fmt.sliced)) ? -EFAULT : 0; case V4L2_BUF_TYPE_SDR_CAPTURE: case V4L2_BUF_TYPE_SDR_OUTPUT: - return copy_in_user(&p64->fmt.sdr, &p32->fmt.sdr, - sizeof(p64->fmt.sdr)) ? -EFAULT : 0; + return copy_from_user(&p64->fmt.sdr, &p32->fmt.sdr, + sizeof(p64->fmt.sdr)) ? -EFAULT : 0; case V4L2_BUF_TYPE_META_CAPTURE: case V4L2_BUF_TYPE_META_OUTPUT: - return copy_in_user(&p64->fmt.meta, &p32->fmt.meta, - sizeof(p64->fmt.meta)) ? -EFAULT : 0; + return copy_from_user(&p64->fmt.meta, &p32->fmt.meta, + sizeof(p64->fmt.meta)) ? -EFAULT : 0; default: return -EINVAL; } } -static int get_v4l2_format32(struct v4l2_format __user *p64, - struct v4l2_format32 __user *p32, - void __user *aux_buf, u32 aux_space) -{ - if (!access_ok(p32, sizeof(*p32))) - return -EFAULT; - return __get_v4l2_format32(p64, p32, aux_buf, aux_space); -} - -static int bufsize_v4l2_create(struct v4l2_create_buffers32 __user *p32, - u32 *size) -{ - if (!access_ok(p32, sizeof(*p32))) - return -EFAULT; - return __bufsize_v4l2_format(&p32->format, size); -} - -static int get_v4l2_create32(struct v4l2_create_buffers __user *p64, - struct v4l2_create_buffers32 __user *p32, - void __user *aux_buf, u32 aux_space) +static int get_v4l2_create32(struct v4l2_create_buffers *p64, + struct v4l2_create_buffers32 __user *p32) { - if (!access_ok(p32, sizeof(*p32)) || - copy_in_user(p64, p32, - offsetof(struct v4l2_create_buffers32, format))) + if (copy_from_user(p64, p32, + offsetof(struct v4l2_create_buffers32, format))) return -EFAULT; - return __get_v4l2_format32(&p64->format, &p32->format, - aux_buf, aux_space); + return get_v4l2_format32(&p64->format, &p32->format); } -static int __put_v4l2_format32(struct v4l2_format __user *p64, - struct v4l2_format32 __user *p32) +static int put_v4l2_format32(struct v4l2_format *p64, + struct v4l2_format32 __user *p32) { - u32 type; - - if (get_user(type, &p64->type)) - return -EFAULT; - - switch (type) { + switch (p64->type) { case V4L2_BUF_TYPE_VIDEO_CAPTURE: case V4L2_BUF_TYPE_VIDEO_OUTPUT: - return copy_in_user(&p32->fmt.pix, &p64->fmt.pix, + return copy_to_user(&p32->fmt.pix, &p64->fmt.pix, sizeof(p64->fmt.pix)) ? -EFAULT : 0; case V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE: case V4L2_BUF_TYPE_VIDEO_OUTPUT_MPLANE: - return copy_in_user(&p32->fmt.pix_mp, &p64->fmt.pix_mp, + return copy_to_user(&p32->fmt.pix_mp, &p64->fmt.pix_mp, sizeof(p64->fmt.pix_mp)) ? -EFAULT : 0; case V4L2_BUF_TYPE_VIDEO_OVERLAY: case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY: return put_v4l2_window32(&p64->fmt.win, &p32->fmt.win); case V4L2_BUF_TYPE_VBI_CAPTURE: case V4L2_BUF_TYPE_VBI_OUTPUT: - return copy_in_user(&p32->fmt.vbi, &p64->fmt.vbi, + return copy_to_user(&p32->fmt.vbi, &p64->fmt.vbi, sizeof(p64->fmt.vbi)) ? -EFAULT : 0; case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE: case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT: - return copy_in_user(&p32->fmt.sliced, &p64->fmt.sliced, + return copy_to_user(&p32->fmt.sliced, &p64->fmt.sliced, sizeof(p64->fmt.sliced)) ? -EFAULT : 0; case V4L2_BUF_TYPE_SDR_CAPTURE: case V4L2_BUF_TYPE_SDR_OUTPUT: - return copy_in_user(&p32->fmt.sdr, &p64->fmt.sdr, + return copy_to_user(&p32->fmt.sdr, &p64->fmt.sdr, sizeof(p64->fmt.sdr)) ? -EFAULT : 0; case V4L2_BUF_TYPE_META_CAPTURE: case V4L2_BUF_TYPE_META_OUTPUT: - return copy_in_user(&p32->fmt.meta, &p64->fmt.meta, + return copy_to_user(&p32->fmt.meta, &p64->fmt.meta, sizeof(p64->fmt.meta)) ? -EFAULT : 0; default: return -EINVAL; } } -static int put_v4l2_format32(struct v4l2_format __user *p64, - struct v4l2_format32 __user *p32) -{ - if (!access_ok(p32, sizeof(*p32))) - return -EFAULT; - return __put_v4l2_format32(p64, p32); -} - -static int put_v4l2_create32(struct v4l2_create_buffers __user *p64, +static int put_v4l2_create32(struct v4l2_create_buffers *p64, struct v4l2_create_buffers32 __user *p32) { - if (!access_ok(p32, sizeof(*p32)) || - copy_in_user(p32, p64, + if (copy_to_user(p32, p64, offsetof(struct v4l2_create_buffers32, format)) || - assign_in_user(&p32->capabilities, &p64->capabilities) || - copy_in_user(p32->reserved, p64->reserved, sizeof(p64->reserved))) + put_user(p64->capabilities, &p32->capabilities) || + copy_to_user(p32->reserved, p64->reserved, sizeof(p64->reserved))) return -EFAULT; - return __put_v4l2_format32(&p64->format, &p32->format); + return put_v4l2_format32(&p64->format, &p32->format); } struct v4l2_standard32 { @@ -431,27 +241,23 @@ struct v4l2_standard32 { __u32 reserved[4]; }; -static int get_v4l2_standard32(struct v4l2_standard __user *p64, +static int get_v4l2_standard32(struct v4l2_standard *p64, struct v4l2_standard32 __user *p32) { /* other fields are not set by the user, nor used by the driver */ - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p64->index, &p32->index)) - return -EFAULT; - return 0; + return get_user(p64->index, &p32->index); } -static int put_v4l2_standard32(struct v4l2_standard __user *p64, +static int put_v4l2_standard32(struct v4l2_standard *p64, struct v4l2_standard32 __user *p32) { - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->index, &p64->index) || - assign_in_user(&p32->id, &p64->id) || - copy_in_user(p32->name, p64->name, sizeof(p32->name)) || - copy_in_user(&p32->frameperiod, &p64->frameperiod, + if (put_user(p64->index, &p32->index) || + put_user(p64->id, &p32->id) || + copy_to_user(p32->name, p64->name, sizeof(p32->name)) || + copy_to_user(&p32->frameperiod, &p64->frameperiod, sizeof(p32->frameperiod)) || - assign_in_user(&p32->framelines, &p64->framelines) || - copy_in_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) + put_user(p64->framelines, &p32->framelines) || + copy_to_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) return -EFAULT; return 0; } @@ -498,6 +304,7 @@ struct v4l2_buffer32 { __s32 request_fd; }; +#ifdef CONFIG_COMPAT_32BIT_TIME struct v4l2_buffer32_time32 { __u32 index; __u32 type; /* enum v4l2_buf_type */ @@ -520,481 +327,252 @@ struct v4l2_buffer32_time32 { __u32 reserved2; __s32 request_fd; }; +#endif -static int get_v4l2_plane32(struct v4l2_plane __user *p64, +static int get_v4l2_plane32(struct v4l2_plane *p64, struct v4l2_plane32 __user *p32, enum v4l2_memory memory) { - compat_ulong_t p; + struct v4l2_plane32 plane32; + typeof(p64->m) m = {}; - if (copy_in_user(p64, p32, 2 * sizeof(__u32)) || - copy_in_user(&p64->data_offset, &p32->data_offset, - sizeof(p64->data_offset))) + if (copy_from_user(&plane32, p32, sizeof(plane32))) return -EFAULT; switch (memory) { case V4L2_MEMORY_MMAP: case V4L2_MEMORY_OVERLAY: - if (copy_in_user(&p64->m.mem_offset, &p32->m.mem_offset, - sizeof(p32->m.mem_offset))) - return -EFAULT; + m.mem_offset = plane32.m.mem_offset; break; case V4L2_MEMORY_USERPTR: - if (get_user(p, &p32->m.userptr) || - put_user((unsigned long)compat_ptr(p), &p64->m.userptr)) - return -EFAULT; + m.userptr = (unsigned long)compat_ptr(plane32.m.userptr); break; case V4L2_MEMORY_DMABUF: - if (copy_in_user(&p64->m.fd, &p32->m.fd, sizeof(p32->m.fd))) - return -EFAULT; + m.fd = plane32.m.fd; break; } + memset(p64, 0, sizeof(*p64)); + *p64 = (struct v4l2_plane) { + .bytesused = plane32.bytesused, + .length = plane32.length, + .m = m, + .data_offset = plane32.data_offset, + }; + return 0; } -static int put_v4l2_plane32(struct v4l2_plane __user *p64, +static int put_v4l2_plane32(struct v4l2_plane *p64, struct v4l2_plane32 __user *p32, enum v4l2_memory memory) { - unsigned long p; + struct v4l2_plane32 plane32; - if (copy_in_user(p32, p64, 2 * sizeof(__u32)) || - copy_in_user(&p32->data_offset, &p64->data_offset, - sizeof(p64->data_offset))) - return -EFAULT; + memset(&plane32, 0, sizeof(plane32)); + plane32 = (struct v4l2_plane32) { + .bytesused = p64->bytesused, + .length = p64->length, + .data_offset = p64->data_offset, + }; switch (memory) { case V4L2_MEMORY_MMAP: case V4L2_MEMORY_OVERLAY: - if (copy_in_user(&p32->m.mem_offset, &p64->m.mem_offset, - sizeof(p64->m.mem_offset))) - return -EFAULT; + plane32.m.mem_offset = p64->m.mem_offset; break; case V4L2_MEMORY_USERPTR: - if (get_user(p, &p64->m.userptr) || - put_user((compat_ulong_t)ptr_to_compat((void __user *)p), - &p32->m.userptr)) - return -EFAULT; + plane32.m.userptr = (uintptr_t)(p64->m.userptr); break; case V4L2_MEMORY_DMABUF: - if (copy_in_user(&p32->m.fd, &p64->m.fd, sizeof(p64->m.fd))) - return -EFAULT; + plane32.m.fd = p64->m.fd; break; } - return 0; -} - -static int bufsize_v4l2_buffer(struct v4l2_buffer32 __user *p32, u32 *size) -{ - u32 type; - u32 length; - - if (!access_ok(p32, sizeof(*p32)) || - get_user(type, &p32->type) || - get_user(length, &p32->length)) + if (copy_to_user(p32, &plane32, sizeof(plane32))) return -EFAULT; - if (V4L2_TYPE_IS_MULTIPLANAR(type)) { - if (length > VIDEO_MAX_PLANES) - return -EINVAL; - - /* - * We don't really care if userspace decides to kill itself - * by passing a very big length value - */ - *size = length * sizeof(struct v4l2_plane); - } else { - *size = 0; - } return 0; } -static int bufsize_v4l2_buffer_time32(struct v4l2_buffer32_time32 __user *p32, u32 *size) +static int get_v4l2_buffer32(struct v4l2_buffer *vb, + struct v4l2_buffer32 __user *arg) { - u32 type; - u32 length; + struct v4l2_buffer32 vb32; - if (!access_ok(p32, sizeof(*p32)) || - get_user(type, &p32->type) || - get_user(length, &p32->length)) + if (copy_from_user(&vb32, arg, sizeof(vb32))) return -EFAULT; - if (V4L2_TYPE_IS_MULTIPLANAR(type)) { - if (length > VIDEO_MAX_PLANES) - return -EINVAL; + memset(vb, 0, sizeof(*vb)); + *vb = (struct v4l2_buffer) { + .index = vb32.index, + .type = vb32.type, + .bytesused = vb32.bytesused, + .flags = vb32.flags, + .field = vb32.field, + .timestamp.tv_sec = vb32.timestamp.tv_sec, + .timestamp.tv_usec = vb32.timestamp.tv_usec, + .timecode = vb32.timecode, + .sequence = vb32.sequence, + .memory = vb32.memory, + .m.offset = vb32.m.offset, + .length = vb32.length, + .request_fd = vb32.request_fd, + }; - /* - * We don't really care if userspace decides to kill itself - * by passing a very big length value - */ - *size = length * sizeof(struct v4l2_plane); - } else { - *size = 0; + switch (vb->memory) { + case V4L2_MEMORY_MMAP: + case V4L2_MEMORY_OVERLAY: + vb->m.offset = vb32.m.offset; + break; + case V4L2_MEMORY_USERPTR: + vb->m.userptr = (unsigned long)compat_ptr(vb32.m.userptr); + break; + case V4L2_MEMORY_DMABUF: + vb->m.fd = vb32.m.fd; + break; } - return 0; -} - -static int get_v4l2_buffer32(struct v4l2_buffer __user *p64, - struct v4l2_buffer32 __user *p32, - void __user *aux_buf, u32 aux_space) -{ - u32 type; - u32 length; - s32 request_fd; - enum v4l2_memory memory; - struct v4l2_plane32 __user *uplane32; - struct v4l2_plane __user *uplane; - compat_caddr_t p; - int ret; - - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p64->index, &p32->index) || - get_user(type, &p32->type) || - put_user(type, &p64->type) || - assign_in_user(&p64->flags, &p32->flags) || - get_user(memory, &p32->memory) || - put_user(memory, &p64->memory) || - get_user(length, &p32->length) || - put_user(length, &p64->length) || - get_user(request_fd, &p32->request_fd) || - put_user(request_fd, &p64->request_fd)) - return -EFAULT; - - if (V4L2_TYPE_IS_OUTPUT(type)) - if (assign_in_user(&p64->bytesused, &p32->bytesused) || - assign_in_user(&p64->field, &p32->field) || - assign_in_user(&p64->timestamp.tv_sec, - &p32->timestamp.tv_sec) || - assign_in_user(&p64->timestamp.tv_usec, - &p32->timestamp.tv_usec)) - return -EFAULT; - - if (V4L2_TYPE_IS_MULTIPLANAR(type)) { - u32 num_planes = length; - if (num_planes == 0) { - /* - * num_planes == 0 is legal, e.g. when userspace doesn't - * need planes array on DQBUF - */ - return put_user(NULL, &p64->m.planes); - } - if (num_planes > VIDEO_MAX_PLANES) - return -EINVAL; - - if (get_user(p, &p32->m.planes)) - return -EFAULT; - - uplane32 = compat_ptr(p); - if (!access_ok(uplane32, - num_planes * sizeof(*uplane32))) - return -EFAULT; - - /* - * We don't really care if userspace decides to kill itself - * by passing a very big num_planes value - */ - if (aux_space < num_planes * sizeof(*uplane)) - return -EFAULT; - - uplane = aux_buf; - if (put_user_force(uplane, &p64->m.planes)) - return -EFAULT; - - while (num_planes--) { - ret = get_v4l2_plane32(uplane, uplane32, memory); - if (ret) - return ret; - uplane++; - uplane32++; - } - } else { - switch (memory) { - case V4L2_MEMORY_MMAP: - case V4L2_MEMORY_OVERLAY: - if (assign_in_user(&p64->m.offset, &p32->m.offset)) - return -EFAULT; - break; - case V4L2_MEMORY_USERPTR: { - compat_ulong_t userptr; - - if (get_user(userptr, &p32->m.userptr) || - put_user((unsigned long)compat_ptr(userptr), - &p64->m.userptr)) - return -EFAULT; - break; - } - case V4L2_MEMORY_DMABUF: - if (assign_in_user(&p64->m.fd, &p32->m.fd)) - return -EFAULT; - break; - } - } + if (V4L2_TYPE_IS_MULTIPLANAR(vb->type)) + vb->m.planes = (void __force *) + compat_ptr(vb32.m.planes); return 0; } -static int get_v4l2_buffer32_time32(struct v4l2_buffer_time32 __user *p64, - struct v4l2_buffer32_time32 __user *p32, - void __user *aux_buf, u32 aux_space) +#ifdef CONFIG_COMPAT_32BIT_TIME +static int get_v4l2_buffer32_time32(struct v4l2_buffer *vb, + struct v4l2_buffer32_time32 __user *arg) { - u32 type; - u32 length; - s32 request_fd; - enum v4l2_memory memory; - struct v4l2_plane32 __user *uplane32; - struct v4l2_plane __user *uplane; - compat_caddr_t p; - int ret; - - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p64->index, &p32->index) || - get_user(type, &p32->type) || - put_user(type, &p64->type) || - assign_in_user(&p64->flags, &p32->flags) || - get_user(memory, &p32->memory) || - put_user(memory, &p64->memory) || - get_user(length, &p32->length) || - put_user(length, &p64->length) || - get_user(request_fd, &p32->request_fd) || - put_user(request_fd, &p64->request_fd)) - return -EFAULT; + struct v4l2_buffer32_time32 vb32; - if (V4L2_TYPE_IS_OUTPUT(type)) - if (assign_in_user(&p64->bytesused, &p32->bytesused) || - assign_in_user(&p64->field, &p32->field) || - assign_in_user(&p64->timestamp.tv_sec, - &p32->timestamp.tv_sec) || - assign_in_user(&p64->timestamp.tv_usec, - &p32->timestamp.tv_usec)) - return -EFAULT; - - if (V4L2_TYPE_IS_MULTIPLANAR(type)) { - u32 num_planes = length; - - if (num_planes == 0) { - /* - * num_planes == 0 is legal, e.g. when userspace doesn't - * need planes array on DQBUF - */ - return put_user(NULL, &p64->m.planes); - } - if (num_planes > VIDEO_MAX_PLANES) - return -EINVAL; - - if (get_user(p, &p32->m.planes)) - return -EFAULT; - - uplane32 = compat_ptr(p); - if (!access_ok(uplane32, - num_planes * sizeof(*uplane32))) - return -EFAULT; - - /* - * We don't really care if userspace decides to kill itself - * by passing a very big num_planes value - */ - if (aux_space < num_planes * sizeof(*uplane)) - return -EFAULT; - - uplane = aux_buf; - if (put_user_force(uplane, &p64->m.planes)) - return -EFAULT; - - while (num_planes--) { - ret = get_v4l2_plane32(uplane, uplane32, memory); - if (ret) - return ret; - uplane++; - uplane32++; - } - } else { - switch (memory) { - case V4L2_MEMORY_MMAP: - case V4L2_MEMORY_OVERLAY: - if (assign_in_user(&p64->m.offset, &p32->m.offset)) - return -EFAULT; - break; - case V4L2_MEMORY_USERPTR: { - compat_ulong_t userptr; + if (copy_from_user(&vb32, arg, sizeof(vb32))) + return -EFAULT; - if (get_user(userptr, &p32->m.userptr) || - put_user((unsigned long)compat_ptr(userptr), - &p64->m.userptr)) - return -EFAULT; - break; - } - case V4L2_MEMORY_DMABUF: - if (assign_in_user(&p64->m.fd, &p32->m.fd)) - return -EFAULT; - break; - } + *vb = (struct v4l2_buffer) { + .index = vb32.index, + .type = vb32.type, + .bytesused = vb32.bytesused, + .flags = vb32.flags, + .field = vb32.field, + .timestamp.tv_sec = vb32.timestamp.tv_sec, + .timestamp.tv_usec = vb32.timestamp.tv_usec, + .timecode = vb32.timecode, + .sequence = vb32.sequence, + .memory = vb32.memory, + .m.offset = vb32.m.offset, + .length = vb32.length, + .request_fd = vb32.request_fd, + }; + switch (vb->memory) { + case V4L2_MEMORY_MMAP: + case V4L2_MEMORY_OVERLAY: + vb->m.offset = vb32.m.offset; + break; + case V4L2_MEMORY_USERPTR: + vb->m.userptr = (unsigned long)compat_ptr(vb32.m.userptr); + break; + case V4L2_MEMORY_DMABUF: + vb->m.fd = vb32.m.fd; + break; } + if (V4L2_TYPE_IS_MULTIPLANAR(vb->type)) + vb->m.planes = (void __force *) + compat_ptr(vb32.m.planes); + return 0; } +#endif -static int put_v4l2_buffer32(struct v4l2_buffer __user *p64, - struct v4l2_buffer32 __user *p32) +static int put_v4l2_buffer32(struct v4l2_buffer *vb, + struct v4l2_buffer32 __user *arg) { - u32 type; - u32 length; - enum v4l2_memory memory; - struct v4l2_plane32 __user *uplane32; - struct v4l2_plane *uplane; - compat_caddr_t p; - int ret; - - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->index, &p64->index) || - get_user(type, &p64->type) || - put_user(type, &p32->type) || - assign_in_user(&p32->flags, &p64->flags) || - get_user(memory, &p64->memory) || - put_user(memory, &p32->memory)) - return -EFAULT; + struct v4l2_buffer32 vb32; + + memset(&vb32, 0, sizeof(vb32)); + vb32 = (struct v4l2_buffer32) { + .index = vb->index, + .type = vb->type, + .bytesused = vb->bytesused, + .flags = vb->flags, + .field = vb->field, + .timestamp.tv_sec = vb->timestamp.tv_sec, + .timestamp.tv_usec = vb->timestamp.tv_usec, + .timecode = vb->timecode, + .sequence = vb->sequence, + .memory = vb->memory, + .m.offset = vb->m.offset, + .length = vb->length, + .request_fd = vb->request_fd, + }; - if (assign_in_user(&p32->bytesused, &p64->bytesused) || - assign_in_user(&p32->field, &p64->field) || - assign_in_user(&p32->timestamp.tv_sec, &p64->timestamp.tv_sec) || - assign_in_user(&p32->timestamp.tv_usec, &p64->timestamp.tv_usec) || - copy_in_user(&p32->timecode, &p64->timecode, sizeof(p64->timecode)) || - assign_in_user(&p32->sequence, &p64->sequence) || - assign_in_user(&p32->reserved2, &p64->reserved2) || - assign_in_user(&p32->request_fd, &p64->request_fd) || - get_user(length, &p64->length) || - put_user(length, &p32->length)) - return -EFAULT; + switch (vb->memory) { + case V4L2_MEMORY_MMAP: + case V4L2_MEMORY_OVERLAY: + vb32.m.offset = vb->m.offset; + break; + case V4L2_MEMORY_USERPTR: + vb32.m.userptr = (uintptr_t)(vb->m.userptr); + break; + case V4L2_MEMORY_DMABUF: + vb32.m.fd = vb->m.fd; + break; + } - if (V4L2_TYPE_IS_MULTIPLANAR(type)) { - u32 num_planes = length; + if (V4L2_TYPE_IS_MULTIPLANAR(vb->type)) + vb32.m.planes = (uintptr_t)vb->m.planes; - if (num_planes == 0) - return 0; - /* We need to define uplane without __user, even though - * it does point to data in userspace here. The reason is - * that v4l2-ioctl.c copies it from userspace to kernelspace, - * so its definition in videodev2.h doesn't have a - * __user markup. Defining uplane with __user causes - * smatch warnings, so instead declare it without __user - * and cast it as a userspace pointer to put_v4l2_plane32(). - */ - if (get_user(uplane, &p64->m.planes)) - return -EFAULT; - if (get_user(p, &p32->m.planes)) - return -EFAULT; - uplane32 = compat_ptr(p); - - while (num_planes--) { - ret = put_v4l2_plane32((void __user *)uplane, - uplane32, memory); - if (ret) - return ret; - ++uplane; - ++uplane32; - } - } else { - switch (memory) { - case V4L2_MEMORY_MMAP: - case V4L2_MEMORY_OVERLAY: - if (assign_in_user(&p32->m.offset, &p64->m.offset)) - return -EFAULT; - break; - case V4L2_MEMORY_USERPTR: - if (assign_in_user(&p32->m.userptr, &p64->m.userptr)) - return -EFAULT; - break; - case V4L2_MEMORY_DMABUF: - if (assign_in_user(&p32->m.fd, &p64->m.fd)) - return -EFAULT; - break; - } - } + if (copy_to_user(arg, &vb32, sizeof(vb32))) + return -EFAULT; return 0; } -static int put_v4l2_buffer32_time32(struct v4l2_buffer_time32 __user *p64, - struct v4l2_buffer32_time32 __user *p32) +#ifdef CONFIG_COMPAT_32BIT_TIME +static int put_v4l2_buffer32_time32(struct v4l2_buffer *vb, + struct v4l2_buffer32_time32 __user *arg) { - u32 type; - u32 length; - enum v4l2_memory memory; - struct v4l2_plane32 __user *uplane32; - struct v4l2_plane *uplane; - compat_caddr_t p; - int ret; - - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->index, &p64->index) || - get_user(type, &p64->type) || - put_user(type, &p32->type) || - assign_in_user(&p32->flags, &p64->flags) || - get_user(memory, &p64->memory) || - put_user(memory, &p32->memory)) - return -EFAULT; - - if (assign_in_user(&p32->bytesused, &p64->bytesused) || - assign_in_user(&p32->field, &p64->field) || - assign_in_user(&p32->timestamp.tv_sec, &p64->timestamp.tv_sec) || - assign_in_user(&p32->timestamp.tv_usec, &p64->timestamp.tv_usec) || - copy_in_user(&p32->timecode, &p64->timecode, sizeof(p64->timecode)) || - assign_in_user(&p32->sequence, &p64->sequence) || - assign_in_user(&p32->reserved2, &p64->reserved2) || - assign_in_user(&p32->request_fd, &p64->request_fd) || - get_user(length, &p64->length) || - put_user(length, &p32->length)) - return -EFAULT; + struct v4l2_buffer32_time32 vb32; + + memset(&vb32, 0, sizeof(vb32)); + vb32 = (struct v4l2_buffer32_time32) { + .index = vb->index, + .type = vb->type, + .bytesused = vb->bytesused, + .flags = vb->flags, + .field = vb->field, + .timestamp.tv_sec = vb->timestamp.tv_sec, + .timestamp.tv_usec = vb->timestamp.tv_usec, + .timecode = vb->timecode, + .sequence = vb->sequence, + .memory = vb->memory, + .m.offset = vb->m.offset, + .length = vb->length, + .request_fd = vb->request_fd, + }; + switch (vb->memory) { + case V4L2_MEMORY_MMAP: + case V4L2_MEMORY_OVERLAY: + vb32.m.offset = vb->m.offset; + break; + case V4L2_MEMORY_USERPTR: + vb32.m.userptr = (uintptr_t)(vb->m.userptr); + break; + case V4L2_MEMORY_DMABUF: + vb32.m.fd = vb->m.fd; + break; + } - if (V4L2_TYPE_IS_MULTIPLANAR(type)) { - u32 num_planes = length; + if (V4L2_TYPE_IS_MULTIPLANAR(vb->type)) + vb32.m.planes = (uintptr_t)vb->m.planes; - if (num_planes == 0) - return 0; - /* We need to define uplane without __user, even though - * it does point to data in userspace here. The reason is - * that v4l2-ioctl.c copies it from userspace to kernelspace, - * so its definition in videodev2.h doesn't have a - * __user markup. Defining uplane with __user causes - * smatch warnings, so instead declare it without __user - * and cast it as a userspace pointer to put_v4l2_plane32(). - */ - if (get_user(uplane, &p64->m.planes)) - return -EFAULT; - if (get_user(p, &p32->m.planes)) - return -EFAULT; - uplane32 = compat_ptr(p); - - while (num_planes--) { - ret = put_v4l2_plane32((void __user *)uplane, - uplane32, memory); - if (ret) - return ret; - ++uplane; - ++uplane32; - } - } else { - switch (memory) { - case V4L2_MEMORY_MMAP: - case V4L2_MEMORY_OVERLAY: - if (assign_in_user(&p32->m.offset, &p64->m.offset)) - return -EFAULT; - break; - case V4L2_MEMORY_USERPTR: - if (assign_in_user(&p32->m.userptr, &p64->m.userptr)) - return -EFAULT; - break; - case V4L2_MEMORY_DMABUF: - if (assign_in_user(&p32->m.fd, &p64->m.fd)) - return -EFAULT; - break; - } - } + if (copy_to_user(arg, &vb32, sizeof(vb32))) + return -EFAULT; return 0; } +#endif struct v4l2_framebuffer32 { __u32 capability; @@ -1012,33 +590,30 @@ struct v4l2_framebuffer32 { } fmt; }; -static int get_v4l2_framebuffer32(struct v4l2_framebuffer __user *p64, +static int get_v4l2_framebuffer32(struct v4l2_framebuffer *p64, struct v4l2_framebuffer32 __user *p32) { compat_caddr_t tmp; - if (!access_ok(p32, sizeof(*p32)) || - get_user(tmp, &p32->base) || - put_user_force(compat_ptr(tmp), &p64->base) || - assign_in_user(&p64->capability, &p32->capability) || - assign_in_user(&p64->flags, &p32->flags) || - copy_in_user(&p64->fmt, &p32->fmt, sizeof(p64->fmt))) + if (get_user(tmp, &p32->base) || + get_user(p64->capability, &p32->capability) || + get_user(p64->flags, &p32->flags) || + copy_from_user(&p64->fmt, &p32->fmt, sizeof(p64->fmt))) return -EFAULT; + p64->base = (void __force *)compat_ptr(tmp); + return 0; } -static int put_v4l2_framebuffer32(struct v4l2_framebuffer __user *p64, +static int put_v4l2_framebuffer32(struct v4l2_framebuffer *p64, struct v4l2_framebuffer32 __user *p32) { - void *base; - - if (!access_ok(p32, sizeof(*p32)) || - get_user(base, &p64->base) || - put_user(ptr_to_compat((void __user *)base), &p32->base) || - assign_in_user(&p32->capability, &p64->capability) || - assign_in_user(&p32->flags, &p64->flags) || - copy_in_user(&p32->fmt, &p64->fmt, sizeof(p64->fmt))) + if (put_user((uintptr_t)p64->base, &p32->base) || + put_user(p64->capability, &p32->capability) || + put_user(p64->flags, &p32->flags) || + copy_to_user(&p32->fmt, &p64->fmt, sizeof(p64->fmt))) return -EFAULT; + return 0; } @@ -1058,18 +633,18 @@ struct v4l2_input32 { * The 64-bit v4l2_input struct has extra padding at the end of the struct. * Otherwise it is identical to the 32-bit version. */ -static inline int get_v4l2_input32(struct v4l2_input __user *p64, +static inline int get_v4l2_input32(struct v4l2_input *p64, struct v4l2_input32 __user *p32) { - if (copy_in_user(p64, p32, sizeof(*p32))) + if (copy_from_user(p64, p32, sizeof(*p32))) return -EFAULT; return 0; } -static inline int put_v4l2_input32(struct v4l2_input __user *p64, +static inline int put_v4l2_input32(struct v4l2_input *p64, struct v4l2_input32 __user *p32) { - if (copy_in_user(p32, p64, sizeof(*p32))) + if (copy_to_user(p32, p64, sizeof(*p32))) return -EFAULT; return 0; } @@ -1124,142 +699,44 @@ static inline bool ctrl_is_pointer(struct file *file, u32 id) (qec.flags & V4L2_CTRL_FLAG_HAS_PAYLOAD); } -static int bufsize_v4l2_ext_controls(struct v4l2_ext_controls32 __user *p32, - u32 *size) -{ - u32 count; - - if (!access_ok(p32, sizeof(*p32)) || - get_user(count, &p32->count)) - return -EFAULT; - if (count > V4L2_CID_MAX_CTRLS) - return -EINVAL; - *size = count * sizeof(struct v4l2_ext_control); - return 0; -} - -static int get_v4l2_ext_controls32(struct file *file, - struct v4l2_ext_controls __user *p64, - struct v4l2_ext_controls32 __user *p32, - void __user *aux_buf, u32 aux_space) +static int get_v4l2_ext_controls32(struct v4l2_ext_controls *p64, + struct v4l2_ext_controls32 __user *p32) { - struct v4l2_ext_control32 __user *ucontrols; - struct v4l2_ext_control __user *kcontrols; - u32 count; - u32 n; - compat_caddr_t p; - - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p64->which, &p32->which) || - get_user(count, &p32->count) || - put_user(count, &p64->count) || - assign_in_user(&p64->error_idx, &p32->error_idx) || - assign_in_user(&p64->request_fd, &p32->request_fd) || - copy_in_user(p64->reserved, p32->reserved, sizeof(p64->reserved))) - return -EFAULT; + struct v4l2_ext_controls32 ec32; - if (count == 0) - return put_user(NULL, &p64->controls); - if (count > V4L2_CID_MAX_CTRLS) - return -EINVAL; - if (get_user(p, &p32->controls)) - return -EFAULT; - ucontrols = compat_ptr(p); - if (!access_ok(ucontrols, count * sizeof(*ucontrols))) + if (copy_from_user(&ec32, p32, sizeof(ec32))) return -EFAULT; - if (aux_space < count * sizeof(*kcontrols)) - return -EFAULT; - kcontrols = aux_buf; - if (put_user_force(kcontrols, &p64->controls)) - return -EFAULT; - - for (n = 0; n < count; n++) { - u32 id; - - if (copy_in_user(kcontrols, ucontrols, sizeof(*ucontrols))) - return -EFAULT; - if (get_user(id, &kcontrols->id)) - return -EFAULT; - - if (ctrl_is_pointer(file, id)) { - void __user *s; + *p64 = (struct v4l2_ext_controls) { + .which = ec32.which, + .count = ec32.count, + .error_idx = ec32.error_idx, + .request_fd = ec32.request_fd, + .reserved[0] = ec32.reserved[0], + .controls = (void __force *)compat_ptr(ec32.controls), + }; - if (get_user(p, &ucontrols->string)) - return -EFAULT; - s = compat_ptr(p); - if (put_user(s, &kcontrols->string)) - return -EFAULT; - } - ucontrols++; - kcontrols++; - } return 0; } -static int put_v4l2_ext_controls32(struct file *file, - struct v4l2_ext_controls __user *p64, +static int put_v4l2_ext_controls32(struct v4l2_ext_controls *p64, struct v4l2_ext_controls32 __user *p32) { - struct v4l2_ext_control32 __user *ucontrols; - struct v4l2_ext_control *kcontrols; - u32 count; - u32 n; - compat_caddr_t p; - - /* - * We need to define kcontrols without __user, even though it does - * point to data in userspace here. The reason is that v4l2-ioctl.c - * copies it from userspace to kernelspace, so its definition in - * videodev2.h doesn't have a __user markup. Defining kcontrols - * with __user causes smatch warnings, so instead declare it - * without __user and cast it as a userspace pointer where needed. - */ - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->which, &p64->which) || - get_user(count, &p64->count) || - put_user(count, &p32->count) || - assign_in_user(&p32->error_idx, &p64->error_idx) || - assign_in_user(&p32->request_fd, &p64->request_fd) || - copy_in_user(p32->reserved, p64->reserved, sizeof(p32->reserved)) || - get_user(kcontrols, &p64->controls)) - return -EFAULT; + struct v4l2_ext_controls32 ec32; + + memset(&ec32, 0, sizeof(ec32)); + ec32 = (struct v4l2_ext_controls32) { + .which = p64->which, + .count = p64->count, + .error_idx = p64->error_idx, + .request_fd = p64->request_fd, + .reserved[0] = p64->reserved[0], + .controls = (uintptr_t)p64->controls, + }; - if (!count || count > (U32_MAX/sizeof(*ucontrols))) - return 0; - if (get_user(p, &p32->controls)) - return -EFAULT; - ucontrols = compat_ptr(p); - if (!access_ok(ucontrols, count * sizeof(*ucontrols))) + if (copy_to_user(p32, &ec32, sizeof(ec32))) return -EFAULT; - for (n = 0; n < count; n++) { - unsigned int size = sizeof(*ucontrols); - u32 id; - - if (get_user_cast(id, &kcontrols->id) || - put_user(id, &ucontrols->id) || - assign_in_user_cast(&ucontrols->size, &kcontrols->size) || - copy_in_user(&ucontrols->reserved2, - (void __user *)&kcontrols->reserved2, - sizeof(ucontrols->reserved2))) - return -EFAULT; - - /* - * Do not modify the pointer when copying a pointer control. - * The contents of the pointer was changed, not the pointer - * itself. - */ - if (ctrl_is_pointer(file, id)) - size -= sizeof(ucontrols->value64); - - if (copy_in_user(ucontrols, - (void __user *)kcontrols, size)) - return -EFAULT; - - ucontrols++; - kcontrols++; - } return 0; } @@ -1288,6 +765,7 @@ struct v4l2_event32 { __u32 reserved[8]; }; +#ifdef CONFIG_COMPAT_32BIT_TIME struct v4l2_event32_time32 { __u32 type; union { @@ -1300,39 +778,40 @@ struct v4l2_event32_time32 { __u32 id; __u32 reserved[8]; }; +#endif -static int put_v4l2_event32(struct v4l2_event __user *p64, +static int put_v4l2_event32(struct v4l2_event *p64, struct v4l2_event32 __user *p32) { - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->type, &p64->type) || - copy_in_user(&p32->u, &p64->u, sizeof(p64->u)) || - assign_in_user(&p32->pending, &p64->pending) || - assign_in_user(&p32->sequence, &p64->sequence) || - assign_in_user(&p32->timestamp.tv_sec, &p64->timestamp.tv_sec) || - assign_in_user(&p32->timestamp.tv_nsec, &p64->timestamp.tv_nsec) || - assign_in_user(&p32->id, &p64->id) || - copy_in_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) + if (put_user(p64->type, &p32->type) || + copy_to_user(&p32->u, &p64->u, sizeof(p64->u)) || + put_user(p64->pending, &p32->pending) || + put_user(p64->sequence, &p32->sequence) || + put_user(p64->timestamp.tv_sec, &p32->timestamp.tv_sec) || + put_user(p64->timestamp.tv_nsec, &p32->timestamp.tv_nsec) || + put_user(p64->id, &p32->id) || + copy_to_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) return -EFAULT; return 0; } -static int put_v4l2_event32_time32(struct v4l2_event_time32 __user *p64, +#ifdef CONFIG_COMPAT_32BIT_TIME +static int put_v4l2_event32_time32(struct v4l2_event *p64, struct v4l2_event32_time32 __user *p32) { - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->type, &p64->type) || - copy_in_user(&p32->u, &p64->u, sizeof(p64->u)) || - assign_in_user(&p32->pending, &p64->pending) || - assign_in_user(&p32->sequence, &p64->sequence) || - assign_in_user(&p32->timestamp.tv_sec, &p64->timestamp.tv_sec) || - assign_in_user(&p32->timestamp.tv_nsec, &p64->timestamp.tv_nsec) || - assign_in_user(&p32->id, &p64->id) || - copy_in_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) + if (put_user(p64->type, &p32->type) || + copy_to_user(&p32->u, &p64->u, sizeof(p64->u)) || + put_user(p64->pending, &p32->pending) || + put_user(p64->sequence, &p32->sequence) || + put_user(p64->timestamp.tv_sec, &p32->timestamp.tv_sec) || + put_user(p64->timestamp.tv_nsec, &p32->timestamp.tv_nsec) || + put_user(p64->id, &p32->id) || + copy_to_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) return -EFAULT; return 0; } #endif +#endif struct v4l2_edid32 { __u32 pad; @@ -1342,34 +821,23 @@ struct v4l2_edid32 { compat_caddr_t edid; }; -static int get_v4l2_edid32(struct v4l2_edid __user *p64, +static int get_v4l2_edid32(struct v4l2_edid *p64, struct v4l2_edid32 __user *p32) { - compat_uptr_t tmp; - - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p64->pad, &p32->pad) || - assign_in_user(&p64->start_block, &p32->start_block) || - assign_in_user_cast(&p64->blocks, &p32->blocks) || - get_user(tmp, &p32->edid) || - put_user_force(compat_ptr(tmp), &p64->edid) || - copy_in_user(p64->reserved, p32->reserved, sizeof(p64->reserved))) + compat_uptr_t edid; + + if (copy_from_user(p64, p32, offsetof(struct v4l2_edid32, edid)) || + get_user(edid, &p32->edid)) return -EFAULT; + + p64->edid = (void __force *)compat_ptr(edid); return 0; } -static int put_v4l2_edid32(struct v4l2_edid __user *p64, +static int put_v4l2_edid32(struct v4l2_edid *p64, struct v4l2_edid32 __user *p32) { - void *edid; - - if (!access_ok(p32, sizeof(*p32)) || - assign_in_user(&p32->pad, &p64->pad) || - assign_in_user(&p32->start_block, &p64->start_block) || - assign_in_user(&p32->blocks, &p64->blocks) || - get_user(edid, &p64->edid) || - put_user(ptr_to_compat((void __user *)edid), &p32->edid) || - copy_in_user(p32->reserved, p64->reserved, sizeof(p32->reserved))) + if (copy_to_user(p32, p64, offsetof(struct v4l2_edid32, edid))) return -EFAULT; return 0; } @@ -1385,13 +853,10 @@ static int put_v4l2_edid32(struct v4l2_edid __user *p64, #define VIDIOC_G_FMT32 _IOWR('V', 4, struct v4l2_format32) #define VIDIOC_S_FMT32 _IOWR('V', 5, struct v4l2_format32) #define VIDIOC_QUERYBUF32 _IOWR('V', 9, struct v4l2_buffer32) -#define VIDIOC_QUERYBUF32_TIME32 _IOWR('V', 9, struct v4l2_buffer32_time32) #define VIDIOC_G_FBUF32 _IOR ('V', 10, struct v4l2_framebuffer32) #define VIDIOC_S_FBUF32 _IOW ('V', 11, struct v4l2_framebuffer32) #define VIDIOC_QBUF32 _IOWR('V', 15, struct v4l2_buffer32) -#define VIDIOC_QBUF32_TIME32 _IOWR('V', 15, struct v4l2_buffer32_time32) #define VIDIOC_DQBUF32 _IOWR('V', 17, struct v4l2_buffer32) -#define VIDIOC_DQBUF32_TIME32 _IOWR('V', 17, struct v4l2_buffer32_time32) #define VIDIOC_ENUMSTD32 _IOWR('V', 25, struct v4l2_standard32) #define VIDIOC_ENUMINPUT32 _IOWR('V', 26, struct v4l2_input32) #define VIDIOC_G_EDID32 _IOWR('V', 40, struct v4l2_edid32) @@ -1401,366 +866,359 @@ static int put_v4l2_edid32(struct v4l2_edid __user *p64, #define VIDIOC_S_EXT_CTRLS32 _IOWR('V', 72, struct v4l2_ext_controls32) #define VIDIOC_TRY_EXT_CTRLS32 _IOWR('V', 73, struct v4l2_ext_controls32) #define VIDIOC_DQEVENT32 _IOR ('V', 89, struct v4l2_event32) -#define VIDIOC_DQEVENT32_TIME32 _IOR ('V', 89, struct v4l2_event32_time32) #define VIDIOC_CREATE_BUFS32 _IOWR('V', 92, struct v4l2_create_buffers32) #define VIDIOC_PREPARE_BUF32 _IOWR('V', 93, struct v4l2_buffer32) -#define VIDIOC_PREPARE_BUF32_TIME32 _IOWR('V', 93, struct v4l2_buffer32_time32) -#define VIDIOC_OVERLAY32 _IOW ('V', 14, s32) -#define VIDIOC_STREAMON32 _IOW ('V', 18, s32) -#define VIDIOC_STREAMOFF32 _IOW ('V', 19, s32) -#define VIDIOC_G_INPUT32 _IOR ('V', 38, s32) -#define VIDIOC_S_INPUT32 _IOWR('V', 39, s32) -#define VIDIOC_G_OUTPUT32 _IOR ('V', 46, s32) -#define VIDIOC_S_OUTPUT32 _IOWR('V', 47, s32) - -/** - * alloc_userspace() - Allocates a 64-bits userspace pointer compatible - * for calling the native 64-bits version of an ioctl. - * - * @size: size of the structure itself to be allocated. - * @aux_space: extra size needed to store "extra" data, e.g. space for - * other __user data that is pointed to fields inside the - * structure. - * @new_p64: pointer to a pointer to be filled with the allocated struct. - * - * Return: - * - * if it can't allocate memory, either -ENOMEM or -EFAULT will be returned. - * Zero otherwise. - */ -static int alloc_userspace(unsigned int size, u32 aux_space, - void __user **new_p64) -{ - *new_p64 = compat_alloc_user_space(size + aux_space); - if (!*new_p64) - return -ENOMEM; - if (clear_user(*new_p64, size)) - return -EFAULT; - return 0; -} +#ifdef CONFIG_COMPAT_32BIT_TIME +#define VIDIOC_QUERYBUF32_TIME32 _IOWR('V', 9, struct v4l2_buffer32_time32) +#define VIDIOC_QBUF32_TIME32 _IOWR('V', 15, struct v4l2_buffer32_time32) +#define VIDIOC_DQBUF32_TIME32 _IOWR('V', 17, struct v4l2_buffer32_time32) +#ifdef CONFIG_X86_64 +#define VIDIOC_DQEVENT32_TIME32 _IOR ('V', 89, struct v4l2_event32_time32) +#endif +#define VIDIOC_PREPARE_BUF32_TIME32 _IOWR('V', 93, struct v4l2_buffer32_time32) +#endif -/** - * do_video_ioctl() - Ancillary function with handles a compat32 ioctl call - * - * @file: pointer to &struct file with the file handler - * @cmd: ioctl to be called - * @arg: arguments passed from/to the ioctl handler - * - * This function is called when a 32 bits application calls a V4L2 ioctl - * and the Kernel is compiled with 64 bits. - * - * This function is called by v4l2_compat_ioctl32() when the function is - * not private to some specific driver. - * - * It converts a 32-bits struct into a 64 bits one, calls the native 64-bits - * ioctl handler and fills back the 32-bits struct with the results of the - * native call. - */ -static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long arg) +unsigned int v4l2_compat_translate_cmd(unsigned int cmd) { - void __user *p32 = compat_ptr(arg); - void __user *new_p64 = NULL; - void __user *aux_buf; - u32 aux_space; - int compatible_arg = 1; - long err = 0; - unsigned int ncmd; - - /* - * 1. When struct size is different, converts the command. - */ switch (cmd) { - case VIDIOC_G_FMT32: ncmd = VIDIOC_G_FMT; break; - case VIDIOC_S_FMT32: ncmd = VIDIOC_S_FMT; break; - case VIDIOC_QUERYBUF32: ncmd = VIDIOC_QUERYBUF; break; - case VIDIOC_QUERYBUF32_TIME32: ncmd = VIDIOC_QUERYBUF_TIME32; break; - case VIDIOC_G_FBUF32: ncmd = VIDIOC_G_FBUF; break; - case VIDIOC_S_FBUF32: ncmd = VIDIOC_S_FBUF; break; - case VIDIOC_QBUF32: ncmd = VIDIOC_QBUF; break; - case VIDIOC_QBUF32_TIME32: ncmd = VIDIOC_QBUF_TIME32; break; - case VIDIOC_DQBUF32: ncmd = VIDIOC_DQBUF; break; - case VIDIOC_DQBUF32_TIME32: ncmd = VIDIOC_DQBUF_TIME32; break; - case VIDIOC_ENUMSTD32: ncmd = VIDIOC_ENUMSTD; break; - case VIDIOC_ENUMINPUT32: ncmd = VIDIOC_ENUMINPUT; break; - case VIDIOC_TRY_FMT32: ncmd = VIDIOC_TRY_FMT; break; - case VIDIOC_G_EXT_CTRLS32: ncmd = VIDIOC_G_EXT_CTRLS; break; - case VIDIOC_S_EXT_CTRLS32: ncmd = VIDIOC_S_EXT_CTRLS; break; - case VIDIOC_TRY_EXT_CTRLS32: ncmd = VIDIOC_TRY_EXT_CTRLS; break; + case VIDIOC_G_FMT32: + return VIDIOC_G_FMT; + case VIDIOC_S_FMT32: + return VIDIOC_S_FMT; + case VIDIOC_TRY_FMT32: + return VIDIOC_TRY_FMT; + case VIDIOC_G_FBUF32: + return VIDIOC_G_FBUF; + case VIDIOC_S_FBUF32: + return VIDIOC_S_FBUF; +#ifdef CONFIG_COMPAT_32BIT_TIME + case VIDIOC_QUERYBUF32_TIME32: + return VIDIOC_QUERYBUF; + case VIDIOC_QBUF32_TIME32: + return VIDIOC_QBUF; + case VIDIOC_DQBUF32_TIME32: + return VIDIOC_DQBUF; + case VIDIOC_PREPARE_BUF32_TIME32: + return VIDIOC_PREPARE_BUF; +#endif + case VIDIOC_QUERYBUF32: + return VIDIOC_QUERYBUF; + case VIDIOC_QBUF32: + return VIDIOC_QBUF; + case VIDIOC_DQBUF32: + return VIDIOC_DQBUF; + case VIDIOC_CREATE_BUFS32: + return VIDIOC_CREATE_BUFS; + case VIDIOC_G_EXT_CTRLS32: + return VIDIOC_G_EXT_CTRLS; + case VIDIOC_S_EXT_CTRLS32: + return VIDIOC_S_EXT_CTRLS; + case VIDIOC_TRY_EXT_CTRLS32: + return VIDIOC_TRY_EXT_CTRLS; + case VIDIOC_PREPARE_BUF32: + return VIDIOC_PREPARE_BUF; + case VIDIOC_ENUMSTD32: + return VIDIOC_ENUMSTD; + case VIDIOC_ENUMINPUT32: + return VIDIOC_ENUMINPUT; + case VIDIOC_G_EDID32: + return VIDIOC_G_EDID; + case VIDIOC_S_EDID32: + return VIDIOC_S_EDID; #ifdef CONFIG_X86_64 - case VIDIOC_DQEVENT32: ncmd = VIDIOC_DQEVENT; break; - case VIDIOC_DQEVENT32_TIME32: ncmd = VIDIOC_DQEVENT_TIME32; break; + case VIDIOC_DQEVENT32: + return VIDIOC_DQEVENT; +#ifdef CONFIG_COMPAT_32BIT_TIME + case VIDIOC_DQEVENT32_TIME32: + return VIDIOC_DQEVENT; +#endif #endif - case VIDIOC_OVERLAY32: ncmd = VIDIOC_OVERLAY; break; - case VIDIOC_STREAMON32: ncmd = VIDIOC_STREAMON; break; - case VIDIOC_STREAMOFF32: ncmd = VIDIOC_STREAMOFF; break; - case VIDIOC_G_INPUT32: ncmd = VIDIOC_G_INPUT; break; - case VIDIOC_S_INPUT32: ncmd = VIDIOC_S_INPUT; break; - case VIDIOC_G_OUTPUT32: ncmd = VIDIOC_G_OUTPUT; break; - case VIDIOC_S_OUTPUT32: ncmd = VIDIOC_S_OUTPUT; break; - case VIDIOC_CREATE_BUFS32: ncmd = VIDIOC_CREATE_BUFS; break; - case VIDIOC_PREPARE_BUF32: ncmd = VIDIOC_PREPARE_BUF; break; - case VIDIOC_PREPARE_BUF32_TIME32: ncmd = VIDIOC_PREPARE_BUF_TIME32; break; - case VIDIOC_G_EDID32: ncmd = VIDIOC_G_EDID; break; - case VIDIOC_S_EDID32: ncmd = VIDIOC_S_EDID; break; - default: ncmd = cmd; break; } + return cmd; +} - /* - * 2. Allocates a 64-bits userspace pointer to store the - * values of the ioctl and copy data from the 32-bits __user - * argument into it. - */ +int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd) +{ switch (cmd) { - case VIDIOC_OVERLAY32: - case VIDIOC_STREAMON32: - case VIDIOC_STREAMOFF32: - case VIDIOC_S_INPUT32: - case VIDIOC_S_OUTPUT32: - err = alloc_userspace(sizeof(unsigned int), 0, &new_p64); - if (!err && assign_in_user((unsigned int __user *)new_p64, - (compat_uint_t __user *)p32)) - err = -EFAULT; - compatible_arg = 0; - break; + case VIDIOC_G_FMT32: + case VIDIOC_S_FMT32: + case VIDIOC_TRY_FMT32: + return get_v4l2_format32(parg, arg); - case VIDIOC_G_INPUT32: - case VIDIOC_G_OUTPUT32: - err = alloc_userspace(sizeof(unsigned int), 0, &new_p64); - compatible_arg = 0; - break; + case VIDIOC_S_FBUF32: + return get_v4l2_framebuffer32(parg, arg); +#ifdef CONFIG_COMPAT_32BIT_TIME + case VIDIOC_QUERYBUF32_TIME32: + case VIDIOC_QBUF32_TIME32: + case VIDIOC_DQBUF32_TIME32: + case VIDIOC_PREPARE_BUF32_TIME32: + return get_v4l2_buffer32_time32(parg, arg); +#endif + case VIDIOC_QUERYBUF32: + case VIDIOC_QBUF32: + case VIDIOC_DQBUF32: + case VIDIOC_PREPARE_BUF32: + return get_v4l2_buffer32(parg, arg); + + case VIDIOC_G_EXT_CTRLS32: + case VIDIOC_S_EXT_CTRLS32: + case VIDIOC_TRY_EXT_CTRLS32: + return get_v4l2_ext_controls32(parg, arg); + + case VIDIOC_CREATE_BUFS32: + return get_v4l2_create32(parg, arg); + + case VIDIOC_ENUMSTD32: + return get_v4l2_standard32(parg, arg); + + case VIDIOC_ENUMINPUT32: + return get_v4l2_input32(parg, arg); case VIDIOC_G_EDID32: case VIDIOC_S_EDID32: - err = alloc_userspace(sizeof(struct v4l2_edid), 0, &new_p64); - if (!err) - err = get_v4l2_edid32(new_p64, p32); - compatible_arg = 0; - break; + return get_v4l2_edid32(parg, arg); + } + return 0; +} +int v4l2_compat_put_user(void __user *arg, void *parg, unsigned int cmd) +{ + switch (cmd) { case VIDIOC_G_FMT32: case VIDIOC_S_FMT32: case VIDIOC_TRY_FMT32: - err = bufsize_v4l2_format(p32, &aux_space); - if (!err) - err = alloc_userspace(sizeof(struct v4l2_format), - aux_space, &new_p64); - if (!err) { - aux_buf = new_p64 + sizeof(struct v4l2_format); - err = get_v4l2_format32(new_p64, p32, - aux_buf, aux_space); - } - compatible_arg = 0; - break; - - case VIDIOC_CREATE_BUFS32: - err = bufsize_v4l2_create(p32, &aux_space); - if (!err) - err = alloc_userspace(sizeof(struct v4l2_create_buffers), - aux_space, &new_p64); - if (!err) { - aux_buf = new_p64 + sizeof(struct v4l2_create_buffers); - err = get_v4l2_create32(new_p64, p32, - aux_buf, aux_space); - } - compatible_arg = 0; - break; + return put_v4l2_format32(parg, arg); - case VIDIOC_PREPARE_BUF32: - case VIDIOC_QUERYBUF32: - case VIDIOC_QBUF32: - case VIDIOC_DQBUF32: - err = bufsize_v4l2_buffer(p32, &aux_space); - if (!err) - err = alloc_userspace(sizeof(struct v4l2_buffer), - aux_space, &new_p64); - if (!err) { - aux_buf = new_p64 + sizeof(struct v4l2_buffer); - err = get_v4l2_buffer32(new_p64, p32, - aux_buf, aux_space); - } - compatible_arg = 0; - break; - - case VIDIOC_PREPARE_BUF32_TIME32: + case VIDIOC_G_FBUF32: + return put_v4l2_framebuffer32(parg, arg); +#ifdef CONFIG_COMPAT_32BIT_TIME case VIDIOC_QUERYBUF32_TIME32: case VIDIOC_QBUF32_TIME32: case VIDIOC_DQBUF32_TIME32: - err = bufsize_v4l2_buffer_time32(p32, &aux_space); - if (!err) - err = alloc_userspace(sizeof(struct v4l2_buffer), - aux_space, &new_p64); - if (!err) { - aux_buf = new_p64 + sizeof(struct v4l2_buffer); - err = get_v4l2_buffer32_time32(new_p64, p32, - aux_buf, aux_space); - } - compatible_arg = 0; - break; + case VIDIOC_PREPARE_BUF32_TIME32: + return put_v4l2_buffer32_time32(parg, arg); +#endif + case VIDIOC_QUERYBUF32: + case VIDIOC_QBUF32: + case VIDIOC_DQBUF32: + case VIDIOC_PREPARE_BUF32: + return put_v4l2_buffer32(parg, arg); - case VIDIOC_S_FBUF32: - err = alloc_userspace(sizeof(struct v4l2_framebuffer), 0, - &new_p64); - if (!err) - err = get_v4l2_framebuffer32(new_p64, p32); - compatible_arg = 0; - break; + case VIDIOC_G_EXT_CTRLS32: + case VIDIOC_S_EXT_CTRLS32: + case VIDIOC_TRY_EXT_CTRLS32: + return put_v4l2_ext_controls32(parg, arg); - case VIDIOC_G_FBUF32: - err = alloc_userspace(sizeof(struct v4l2_framebuffer), 0, - &new_p64); - compatible_arg = 0; - break; + case VIDIOC_CREATE_BUFS32: + return put_v4l2_create32(parg, arg); case VIDIOC_ENUMSTD32: - err = alloc_userspace(sizeof(struct v4l2_standard), 0, - &new_p64); - if (!err) - err = get_v4l2_standard32(new_p64, p32); - compatible_arg = 0; - break; + return put_v4l2_standard32(parg, arg); case VIDIOC_ENUMINPUT32: - err = alloc_userspace(sizeof(struct v4l2_input), 0, &new_p64); - if (!err) - err = get_v4l2_input32(new_p64, p32); - compatible_arg = 0; - break; + return put_v4l2_input32(parg, arg); - case VIDIOC_G_EXT_CTRLS32: - case VIDIOC_S_EXT_CTRLS32: - case VIDIOC_TRY_EXT_CTRLS32: - err = bufsize_v4l2_ext_controls(p32, &aux_space); - if (!err) - err = alloc_userspace(sizeof(struct v4l2_ext_controls), - aux_space, &new_p64); - if (!err) { - aux_buf = new_p64 + sizeof(struct v4l2_ext_controls); - err = get_v4l2_ext_controls32(file, new_p64, p32, - aux_buf, aux_space); - } - compatible_arg = 0; - break; + case VIDIOC_G_EDID32: + case VIDIOC_S_EDID32: + return put_v4l2_edid32(parg, arg); #ifdef CONFIG_X86_64 case VIDIOC_DQEVENT32: - err = alloc_userspace(sizeof(struct v4l2_event), 0, &new_p64); - compatible_arg = 0; - break; + return put_v4l2_event32(parg, arg); +#ifdef CONFIG_COMPAT_32BIT_TIME case VIDIOC_DQEVENT32_TIME32: - err = alloc_userspace(sizeof(struct v4l2_event_time32), 0, &new_p64); - compatible_arg = 0; - break; + return put_v4l2_event32_time32(parg, arg); +#endif #endif } - if (err) - return err; - - /* - * 3. Calls the native 64-bits ioctl handler. - * - * For the functions where a conversion was not needed, - * compatible_arg is true, and it will call it with the arguments - * provided by userspace and stored at @p32 var. - * - * Otherwise, it will pass the newly allocated @new_p64 argument. - */ - if (compatible_arg) - err = native_ioctl(file, ncmd, (unsigned long)p32); - else - err = native_ioctl(file, ncmd, (unsigned long)new_p64); - - if (err == -ENOTTY) - return err; - - /* - * 4. Special case: even after an error we need to put the - * results back for some ioctls. - * - * In the case of EXT_CTRLS, the error_idx will contain information - * on which control failed. - * - * In the case of S_EDID, the driver can return E2BIG and set - * the blocks to maximum allowed value. - */ + return 0; +} + +int v4l2_compat_get_array_args(struct file *file, void *mbuf, + void __user *user_ptr, size_t array_size, + unsigned int cmd, void *arg) +{ + int err = 0; + switch (cmd) { - case VIDIOC_G_EXT_CTRLS32: - case VIDIOC_S_EXT_CTRLS32: - case VIDIOC_TRY_EXT_CTRLS32: - if (put_v4l2_ext_controls32(file, new_p64, p32)) - err = -EFAULT; + case VIDIOC_G_FMT32: + case VIDIOC_S_FMT32: + case VIDIOC_TRY_FMT32: { + struct v4l2_format *f64 = arg; + struct v4l2_clip *c64 = mbuf; + struct v4l2_clip32 __user *c32 = user_ptr; + u32 clipcount = f64->fmt.win.clipcount; + + if ((f64->type != V4L2_BUF_TYPE_VIDEO_OVERLAY && + f64->type != V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY) || + clipcount == 0) + return 0; + if (clipcount > 2048) + return -EINVAL; + while (clipcount--) { + if (copy_from_user(c64, c32, sizeof(c64->c))) + return -EFAULT; + c64->next = NULL; + c64++; + c32++; + } break; - case VIDIOC_S_EDID32: - if (put_v4l2_edid32(new_p64, p32)) - err = -EFAULT; + } +#ifdef CONFIG_COMPAT_32BIT_TIME + case VIDIOC_QUERYBUF32_TIME32: + case VIDIOC_QBUF32_TIME32: + case VIDIOC_DQBUF32_TIME32: + case VIDIOC_PREPARE_BUF32_TIME32: +#endif + case VIDIOC_QUERYBUF32: + case VIDIOC_QBUF32: + case VIDIOC_DQBUF32: + case VIDIOC_PREPARE_BUF32: { + struct v4l2_buffer *b64 = arg; + struct v4l2_plane *p64 = mbuf; + struct v4l2_plane32 __user *p32 = user_ptr; + + if (V4L2_TYPE_IS_MULTIPLANAR(b64->type)) { + u32 num_planes = b64->length; + + if (num_planes == 0) + return 0; + + while (num_planes--) { + err = get_v4l2_plane32(p64, p32, b64->memory); + if (err) + return err; + ++p64; + ++p32; + } + } break; } - if (err) - return err; + case VIDIOC_G_EXT_CTRLS32: + case VIDIOC_S_EXT_CTRLS32: + case VIDIOC_TRY_EXT_CTRLS32: { + struct v4l2_ext_controls *ecs64 = arg; + struct v4l2_ext_control *ec64 = mbuf; + struct v4l2_ext_control32 __user *ec32 = user_ptr; + int n; + + for (n = 0; n < ecs64->count; n++) { + if (copy_from_user(ec64, ec32, sizeof(*ec32))) + return -EFAULT; - /* - * 5. Copy the data returned at the 64 bits userspace pointer to - * the original 32 bits structure. - */ - switch (cmd) { - case VIDIOC_S_INPUT32: - case VIDIOC_S_OUTPUT32: - case VIDIOC_G_INPUT32: - case VIDIOC_G_OUTPUT32: - if (assign_in_user((compat_uint_t __user *)p32, - ((unsigned int __user *)new_p64))) - err = -EFAULT; - break; + if (ctrl_is_pointer(file, ec64->id)) { + compat_uptr_t p; - case VIDIOC_G_FBUF32: - err = put_v4l2_framebuffer32(new_p64, p32); + if (get_user(p, &ec32->string)) + return -EFAULT; + ec64->string = compat_ptr(p); + } + ec32++; + ec64++; + } break; - -#ifdef CONFIG_X86_64 - case VIDIOC_DQEVENT32: - err = put_v4l2_event32(new_p64, p32); + } + default: + if (copy_from_user(mbuf, user_ptr, array_size)) + err = -EFAULT; break; + } - case VIDIOC_DQEVENT32_TIME32: - err = put_v4l2_event32_time32(new_p64, p32); - break; -#endif + return err; +} - case VIDIOC_G_EDID32: - err = put_v4l2_edid32(new_p64, p32); - break; +int v4l2_compat_put_array_args(struct file *file, void __user *user_ptr, + void *mbuf, size_t array_size, + unsigned int cmd, void *arg) +{ + int err = 0; + switch (cmd) { case VIDIOC_G_FMT32: case VIDIOC_S_FMT32: - case VIDIOC_TRY_FMT32: - err = put_v4l2_format32(new_p64, p32); - break; - - case VIDIOC_CREATE_BUFS32: - err = put_v4l2_create32(new_p64, p32); + case VIDIOC_TRY_FMT32: { + struct v4l2_format *f64 = arg; + struct v4l2_clip *c64 = mbuf; + struct v4l2_clip32 __user *c32 = user_ptr; + u32 clipcount = f64->fmt.win.clipcount; + + if ((f64->type != V4L2_BUF_TYPE_VIDEO_OVERLAY && + f64->type != V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY) || + clipcount == 0) + return 0; + if (clipcount > 2048) + return -EINVAL; + while (clipcount--) { + if (copy_to_user(c32, c64, sizeof(c64->c))) + return -EFAULT; + c64++; + c32++; + } break; - - case VIDIOC_PREPARE_BUF32: + } +#ifdef CONFIG_COMPAT_32BIT_TIME + case VIDIOC_QUERYBUF32_TIME32: + case VIDIOC_QBUF32_TIME32: + case VIDIOC_DQBUF32_TIME32: + case VIDIOC_PREPARE_BUF32_TIME32: +#endif case VIDIOC_QUERYBUF32: case VIDIOC_QBUF32: case VIDIOC_DQBUF32: - err = put_v4l2_buffer32(new_p64, p32); + case VIDIOC_PREPARE_BUF32: { + struct v4l2_buffer *b64 = arg; + struct v4l2_plane *p64 = mbuf; + struct v4l2_plane32 __user *p32 = user_ptr; + + if (V4L2_TYPE_IS_MULTIPLANAR(b64->type)) { + u32 num_planes = b64->length; + + if (num_planes == 0) + return 0; + + while (num_planes--) { + err = put_v4l2_plane32(p64, p32, b64->memory); + if (err) + return err; + ++p64; + ++p32; + } + } break; + } + case VIDIOC_G_EXT_CTRLS32: + case VIDIOC_S_EXT_CTRLS32: + case VIDIOC_TRY_EXT_CTRLS32: { + struct v4l2_ext_controls *ecs64 = arg; + struct v4l2_ext_control *ec64 = mbuf; + struct v4l2_ext_control32 __user *ec32 = user_ptr; + int n; + + for (n = 0; n < ecs64->count; n++) { + unsigned int size = sizeof(*ec32); + /* + * Do not modify the pointer when copying a pointer + * control. The contents of the pointer was changed, + * not the pointer itself. + * The structures are otherwise compatible. + */ + if (ctrl_is_pointer(file, ec64->id)) + size -= sizeof(ec32->value64); - case VIDIOC_PREPARE_BUF32_TIME32: - case VIDIOC_QUERYBUF32_TIME32: - case VIDIOC_QBUF32_TIME32: - case VIDIOC_DQBUF32_TIME32: - err = put_v4l2_buffer32_time32(new_p64, p32); - break; + if (copy_to_user(ec32, ec64, size)) + return -EFAULT; - case VIDIOC_ENUMSTD32: - err = put_v4l2_standard32(new_p64, p32); + ec32++; + ec64++; + } break; - - case VIDIOC_ENUMINPUT32: - err = put_v4l2_input32(new_p64, p32); + } + default: + if (copy_to_user(user_ptr, mbuf, array_size)) + err = -EFAULT; break; } + return err; } @@ -1787,7 +1245,8 @@ long v4l2_compat_ioctl32(struct file *file, unsigned int cmd, unsigned long arg) return ret; if (_IOC_TYPE(cmd) == 'V' && _IOC_NR(cmd) < BASE_VIDIOC_PRIVATE) - ret = do_video_ioctl(file, cmd, arg); + ret = file->f_op->unlocked_ioctl(file, cmd, + (unsigned long)compat_ptr(arg)); else if (vdev->fops->compat_ioctl32) ret = vdev->fops->compat_ioctl32(file, cmd, arg); |