Commit c6cbc2c3 authored by Hans Verkuil's avatar Hans Verkuil Committed by Greg Kroah-Hartman

media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32

commit 8ed5a59d upstream.

The struct v4l2_plane32 should set m.userptr as well. The same
happens in v4l2_buffer32 and v4l2-compliance tests for this.
Signed-off-by: default avatarHans Verkuil <hans.verkuil@cisco.com>
Acked-by: default avatarSakari Ailus <sakari.ailus@linux.intel.com>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 57f0817a
...@@ -299,19 +299,24 @@ static int get_v4l2_plane32(struct v4l2_plane __user *up, struct v4l2_plane32 __ ...@@ -299,19 +299,24 @@ static int get_v4l2_plane32(struct v4l2_plane __user *up, struct v4l2_plane32 __
sizeof(up->data_offset))) sizeof(up->data_offset)))
return -EFAULT; return -EFAULT;
if (memory == V4L2_MEMORY_USERPTR) { switch (memory) {
case V4L2_MEMORY_MMAP:
case V4L2_MEMORY_OVERLAY:
if (copy_in_user(&up->m.mem_offset, &up32->m.mem_offset,
sizeof(up32->m.mem_offset)))
return -EFAULT;
break;
case V4L2_MEMORY_USERPTR:
if (get_user(p, &up32->m.userptr)) if (get_user(p, &up32->m.userptr))
return -EFAULT; return -EFAULT;
up_pln = compat_ptr(p); up_pln = compat_ptr(p);
if (put_user((unsigned long)up_pln, &up->m.userptr)) if (put_user((unsigned long)up_pln, &up->m.userptr))
return -EFAULT; return -EFAULT;
} else if (memory == V4L2_MEMORY_DMABUF) { break;
case V4L2_MEMORY_DMABUF:
if (copy_in_user(&up->m.fd, &up32->m.fd, sizeof(up32->m.fd))) if (copy_in_user(&up->m.fd, &up32->m.fd, sizeof(up32->m.fd)))
return -EFAULT; return -EFAULT;
} else { break;
if (copy_in_user(&up->m.mem_offset, &up32->m.mem_offset,
sizeof(up32->m.mem_offset)))
return -EFAULT;
} }
return 0; return 0;
...@@ -320,22 +325,32 @@ static int get_v4l2_plane32(struct v4l2_plane __user *up, struct v4l2_plane32 __ ...@@ -320,22 +325,32 @@ static int get_v4l2_plane32(struct v4l2_plane __user *up, struct v4l2_plane32 __
static int put_v4l2_plane32(struct v4l2_plane __user *up, struct v4l2_plane32 __user *up32, static int put_v4l2_plane32(struct v4l2_plane __user *up, struct v4l2_plane32 __user *up32,
enum v4l2_memory memory) enum v4l2_memory memory)
{ {
unsigned long p;
if (copy_in_user(up32, up, 2 * sizeof(__u32)) || if (copy_in_user(up32, up, 2 * sizeof(__u32)) ||
copy_in_user(&up32->data_offset, &up->data_offset, copy_in_user(&up32->data_offset, &up->data_offset,
sizeof(up->data_offset))) sizeof(up->data_offset)))
return -EFAULT; return -EFAULT;
/* For MMAP, driver might've set up the offset, so copy it back. switch (memory) {
* USERPTR stays the same (was userspace-provided), so no copying. */ case V4L2_MEMORY_MMAP:
if (memory == V4L2_MEMORY_MMAP) case V4L2_MEMORY_OVERLAY:
if (copy_in_user(&up32->m.mem_offset, &up->m.mem_offset, if (copy_in_user(&up32->m.mem_offset, &up->m.mem_offset,
sizeof(up->m.mem_offset))) sizeof(up->m.mem_offset)))
return -EFAULT; return -EFAULT;
/* For DMABUF, driver might've set up the fd, so copy it back. */ break;
if (memory == V4L2_MEMORY_DMABUF) case V4L2_MEMORY_USERPTR:
if (get_user(p, &up->m.userptr) ||
put_user((compat_ulong_t)ptr_to_compat((__force void *)p),
&up32->m.userptr))
return -EFAULT;
break;
case V4L2_MEMORY_DMABUF:
if (copy_in_user(&up32->m.fd, &up->m.fd, if (copy_in_user(&up32->m.fd, &up->m.fd,
sizeof(up->m.fd))) sizeof(up->m.fd)))
return -EFAULT; return -EFAULT;
break;
}
return 0; return 0;
} }
...@@ -395,6 +410,7 @@ static int get_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user ...@@ -395,6 +410,7 @@ static int get_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user
} else { } else {
switch (kp->memory) { switch (kp->memory) {
case V4L2_MEMORY_MMAP: case V4L2_MEMORY_MMAP:
case V4L2_MEMORY_OVERLAY:
if (get_user(kp->m.offset, &up->m.offset)) if (get_user(kp->m.offset, &up->m.offset))
return -EFAULT; return -EFAULT;
break; break;
...@@ -408,10 +424,6 @@ static int get_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user ...@@ -408,10 +424,6 @@ static int get_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user
kp->m.userptr = (unsigned long)compat_ptr(tmp); kp->m.userptr = (unsigned long)compat_ptr(tmp);
} }
break; break;
case V4L2_MEMORY_OVERLAY:
if (get_user(kp->m.offset, &up->m.offset))
return -EFAULT;
break;
case V4L2_MEMORY_DMABUF: case V4L2_MEMORY_DMABUF:
if (get_user(kp->m.fd, &up->m.fd)) if (get_user(kp->m.fd, &up->m.fd))
return -EFAULT; return -EFAULT;
...@@ -468,6 +480,7 @@ static int put_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user ...@@ -468,6 +480,7 @@ static int put_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user
} else { } else {
switch (kp->memory) { switch (kp->memory) {
case V4L2_MEMORY_MMAP: case V4L2_MEMORY_MMAP:
case V4L2_MEMORY_OVERLAY:
if (put_user(kp->m.offset, &up->m.offset)) if (put_user(kp->m.offset, &up->m.offset))
return -EFAULT; return -EFAULT;
break; break;
...@@ -475,10 +488,6 @@ static int put_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user ...@@ -475,10 +488,6 @@ static int put_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user
if (put_user(kp->m.userptr, &up->m.userptr)) if (put_user(kp->m.userptr, &up->m.userptr))
return -EFAULT; return -EFAULT;
break; break;
case V4L2_MEMORY_OVERLAY:
if (put_user(kp->m.offset, &up->m.offset))
return -EFAULT;
break;
case V4L2_MEMORY_DMABUF: case V4L2_MEMORY_DMABUF:
if (put_user(kp->m.fd, &up->m.fd)) if (put_user(kp->m.fd, &up->m.fd))
return -EFAULT; return -EFAULT;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment