summaryrefslogtreecommitdiff
path: root/linux/drivers/media/video/v4l2-compat-ioctl32.c
diff options
context:
space:
mode:
Diffstat (limited to 'linux/drivers/media/video/v4l2-compat-ioctl32.c')
-rw-r--r--linux/drivers/media/video/v4l2-compat-ioctl32.c68
1 files changed, 48 insertions, 20 deletions
diff --git a/linux/drivers/media/video/v4l2-compat-ioctl32.c b/linux/drivers/media/video/v4l2-compat-ioctl32.c
index 05a356776..3454e7c64 100644
--- a/linux/drivers/media/video/v4l2-compat-ioctl32.c
+++ b/linux/drivers/media/video/v4l2-compat-ioctl32.c
@@ -605,9 +605,37 @@ struct v4l2_ext_controls32 {
compat_caddr_t controls; /* actually struct v4l2_ext_control32 * */
};
+struct v4l2_ext_control32 {
+ __u32 id;
+ __u32 size;
+ __u32 reserved2[1];
+ union {
+ __s32 value;
+ __s64 value64;
+ compat_caddr_t string; /* actually char * */
+ };
+} __attribute__ ((packed));
+
+/* The following function really belong in v4l2-common, but that causes
+ a circular dependency between modules. We need to think about this, but
+ for now this will do. */
+
+/* Return non-zero if this control is a pointer type. Currently only
+ type STRING is a pointer type. */
+static inline int ctrl_is_pointer(u32 id)
+{
+ switch (id) {
+ case V4L2_CID_RDS_TX_PS_NAME:
+ case V4L2_CID_RDS_TX_RADIO_TEXT:
+ return 1;
+ default:
+ return 0;
+ }
+}
+
static int get_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext_controls32 __user *up)
{
- struct v4l2_ext_control __user *ucontrols;
+ struct v4l2_ext_control32 __user *ucontrols;
struct v4l2_ext_control __user *kcontrols;
int n;
compat_caddr_t p;
@@ -631,15 +659,17 @@ static int get_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext
kcontrols = compat_alloc_user_space(n * sizeof(struct v4l2_ext_control));
kp->controls = kcontrols;
while (--n >= 0) {
- if (copy_in_user(&kcontrols->id, &ucontrols->id, sizeof(__u32)))
- return -EFAULT;
- if (copy_in_user(&kcontrols->reserved2, &ucontrols->reserved2, sizeof(ucontrols->reserved2)))
- return -EFAULT;
- /* Note: if the void * part of the union ever becomes relevant
- then we need to know the type of the control in order to do
- the right thing here. Luckily, that is not yet an issue. */
- if (copy_in_user(&kcontrols->value, &ucontrols->value, sizeof(ucontrols->value)))
+ if (copy_in_user(kcontrols, ucontrols, sizeof(*kcontrols)))
return -EFAULT;
+ if (ctrl_is_pointer(kcontrols->id)) {
+ void __user *s;
+
+ if (get_user(p, &ucontrols->string))
+ return -EFAULT;
+ s = compat_ptr(p);
+ if (put_user(s, &kcontrols->string))
+ return -EFAULT;
+ }
ucontrols++;
kcontrols++;
}
@@ -648,7 +678,7 @@ static int get_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext
static int put_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext_controls32 __user *up)
{
- struct v4l2_ext_control __user *ucontrols;
+ struct v4l2_ext_control32 __user *ucontrols;
struct v4l2_ext_control __user *kcontrols = kp->controls;
int n = kp->count;
compat_caddr_t p;
@@ -669,15 +699,14 @@ static int put_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext
return -EFAULT;
while (--n >= 0) {
- if (copy_in_user(&ucontrols->id, &kcontrols->id, sizeof(__u32)))
- return -EFAULT;
- if (copy_in_user(&ucontrols->reserved2, &kcontrols->reserved2,
- sizeof(ucontrols->reserved2)))
- return -EFAULT;
- /* Note: if the void * part of the union ever becomes relevant
- then we need to know the type of the control in order to do
- the right thing here. Luckily, that is not yet an issue. */
- if (copy_in_user(&ucontrols->value, &kcontrols->value, sizeof(ucontrols->value)))
+ unsigned size = sizeof(*ucontrols);
+
+ /* Do not modify the pointer when copying a pointer control.
+ The contents of the pointer was changed, not the pointer
+ itself. */
+ if (ctrl_is_pointer(kcontrols->id))
+ size -= sizeof(ucontrols->value64);
+ if (copy_in_user(ucontrols, kcontrols, size))
return -EFAULT;
ucontrols++;
kcontrols++;
@@ -1052,7 +1081,6 @@ long v4l2_compat_ioctl32(struct file *file, unsigned int cmd, unsigned long arg)
case VIDIOC_DBG_S_REGISTER:
case VIDIOC_DBG_G_REGISTER:
case VIDIOC_DBG_G_CHIP_IDENT:
- case VIDIOC_G_CHIP_IDENT_OLD:
case VIDIOC_S_HW_FREQ_SEEK:
ret = do_video_ioctl(file, cmd, arg);
break;