]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/blob - drivers/media/v4l2-core/v4l2-compat-ioctl32.c
projects / mirror_ubuntu-bionic-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
[mirror_ubuntu-bionic-kernel.git] / drivers / media / v4l2-core / v4l2-compat-ioctl32.c
1 /*
2 * ioctl32.c: Conversion between 32bit and 64bit native ioctls.
3 * Separated from fs stuff by Arnd Bergmann <arnd@arndb.de>
4 *
5 * Copyright (C) 1997-2000 Jakub Jelinek (jakub@redhat.com)
6 * Copyright (C) 1998 Eddie C. Dost (ecd@skynet.be)
7 * Copyright (C) 2001,2002 Andi Kleen, SuSE Labs
8 * Copyright (C) 2003 Pavel Machek (pavel@ucw.cz)
9 * Copyright (C) 2005 Philippe De Muyter (phdm@macqel.be)
10 * Copyright (C) 2008 Hans Verkuil <hverkuil@xs4all.nl>
11 *
12 * These routines maintain argument size conversion between 32bit and 64bit
13 * ioctls.
14 */
15
16 #include <linux/compat.h>
17 #include <linux/module.h>
18 #include <linux/videodev2.h>
19 #include <linux/v4l2-subdev.h>
20 #include <media/v4l2-dev.h>
21 #include <media/v4l2-ioctl.h>
22
23 static long native_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
24 {
25 long ret = -ENOIOCTLCMD;
26
27 if (file->f_op->unlocked_ioctl)
28 ret = file->f_op->unlocked_ioctl(file, cmd, arg);
29
30 return ret;
31 }
32
33
34 struct v4l2_clip32 {
35 struct v4l2_rect c;
36 compat_caddr_t next;
37 };
38
39 struct v4l2_window32 {
40 struct v4l2_rect w;
41 __u32 field; /* enum v4l2_field */
42 __u32 chromakey;
43 compat_caddr_t clips; /* actually struct v4l2_clip32 * */
44 __u32 clipcount;
45 compat_caddr_t bitmap;
46 __u8 global_alpha;
47 };
48
49 static int get_v4l2_window32(struct v4l2_window *kp, struct v4l2_window32 __user *up)
50 {
51 if (!access_ok(VERIFY_READ, up, sizeof(*up)) ||
52 copy_from_user(&kp->w, &up->w, sizeof(up->w)) ||
53 get_user(kp->field, &up->field) ||
54 get_user(kp->chromakey, &up->chromakey) ||
55 get_user(kp->clipcount, &up->clipcount) ||
56 get_user(kp->global_alpha, &up->global_alpha))
57 return -EFAULT;
58 if (kp->clipcount > 2048)
59 return -EINVAL;
60 if (kp->clipcount) {
61 struct v4l2_clip32 __user *uclips;
62 struct v4l2_clip __user *kclips;
63 int n = kp->clipcount;
64 compat_caddr_t p;
65
66 if (get_user(p, &up->clips))
67 return -EFAULT;
68 uclips = compat_ptr(p);
69 kclips = compat_alloc_user_space(n * sizeof(*kclips));
70 kp->clips = kclips;
71 while (--n >= 0) {
72 if (copy_in_user(&kclips->c, &uclips->c, sizeof(uclips->c)))
73 return -EFAULT;
74 if (put_user(n ? kclips + 1 : NULL, &kclips->next))
75 return -EFAULT;
76 uclips += 1;
77 kclips += 1;
78 }
79 } else
80 kp->clips = NULL;
81 return 0;
82 }
83
84 static int put_v4l2_window32(struct v4l2_window *kp, struct v4l2_window32 __user *up)
85 {
86 if (copy_to_user(&up->w, &kp->w, sizeof(kp->w)) ||
87 put_user(kp->field, &up->field) ||
88 put_user(kp->chromakey, &up->chromakey) ||
89 put_user(kp->clipcount, &up->clipcount) ||
90 put_user(kp->global_alpha, &up->global_alpha))
91 return -EFAULT;
92 return 0;
93 }
94
95 struct v4l2_format32 {
96 __u32 type; /* enum v4l2_buf_type */
97 union {
98 struct v4l2_pix_format pix;
99 struct v4l2_pix_format_mplane pix_mp;
100 struct v4l2_window32 win;
101 struct v4l2_vbi_format vbi;
102 struct v4l2_sliced_vbi_format sliced;
103 struct v4l2_sdr_format sdr;
104 struct v4l2_meta_format meta;
105 __u8 raw_data[200]; /* user-defined */
106 } fmt;
107 };
108
109 /**
110 * struct v4l2_create_buffers32 - VIDIOC_CREATE_BUFS32 argument
111 * @index: on return, index of the first created buffer
112 * @count: entry: number of requested buffers,
113 * return: number of created buffers
114 * @memory: buffer memory type
115 * @format: frame format, for which buffers are requested
116 * @reserved: future extensions
117 */
118 struct v4l2_create_buffers32 {
119 __u32 index;
120 __u32 count;
121 __u32 memory; /* enum v4l2_memory */
122 struct v4l2_format32 format;
123 __u32 reserved[8];
124 };
125
126 static int __get_v4l2_format32(struct v4l2_format *kp, struct v4l2_format32 __user *up)
127 {
128 if (get_user(kp->type, &up->type))
129 return -EFAULT;
130
131 switch (kp->type) {
132 case V4L2_BUF_TYPE_VIDEO_CAPTURE:
133 case V4L2_BUF_TYPE_VIDEO_OUTPUT:
134 return copy_from_user(&kp->fmt.pix, &up->fmt.pix,
135 sizeof(kp->fmt.pix)) ? -EFAULT : 0;
136 case V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE:
137 case V4L2_BUF_TYPE_VIDEO_OUTPUT_MPLANE:
138 return copy_from_user(&kp->fmt.pix_mp, &up->fmt.pix_mp,
139 sizeof(kp->fmt.pix_mp)) ? -EFAULT : 0;
140 case V4L2_BUF_TYPE_VIDEO_OVERLAY:
141 case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY:
142 return get_v4l2_window32(&kp->fmt.win, &up->fmt.win);
143 case V4L2_BUF_TYPE_VBI_CAPTURE:
144 case V4L2_BUF_TYPE_VBI_OUTPUT:
145 return copy_from_user(&kp->fmt.vbi, &up->fmt.vbi,
146 sizeof(kp->fmt.vbi)) ? -EFAULT : 0;
147 case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE:
148 case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT:
149 return copy_from_user(&kp->fmt.sliced, &up->fmt.sliced,
150 sizeof(kp->fmt.sliced)) ? -EFAULT : 0;
151 case V4L2_BUF_TYPE_SDR_CAPTURE:
152 case V4L2_BUF_TYPE_SDR_OUTPUT:
153 return copy_from_user(&kp->fmt.sdr, &up->fmt.sdr,
154 sizeof(kp->fmt.sdr)) ? -EFAULT : 0;
155 case V4L2_BUF_TYPE_META_CAPTURE:
156 return copy_from_user(&kp->fmt.meta, &up->fmt.meta,
157 sizeof(kp->fmt.meta)) ? -EFAULT : 0;
158 default:
159 pr_info("compat_ioctl32: unexpected VIDIOC_FMT type %d\n",
160 kp->type);
161 return -EINVAL;
162 }
163 }
164
165 static int get_v4l2_format32(struct v4l2_format *kp, struct v4l2_format32 __user *up)
166 {
167 if (!access_ok(VERIFY_READ, up, sizeof(*up)))
168 return -EFAULT;
169 return __get_v4l2_format32(kp, up);
170 }
171
172 static int get_v4l2_create32(struct v4l2_create_buffers *kp, struct v4l2_create_buffers32 __user *up)
173 {
174 if (!access_ok(VERIFY_READ, up, sizeof(*up)) ||
175 copy_from_user(kp, up, offsetof(struct v4l2_create_buffers32, format)))
176 return -EFAULT;
177 return __get_v4l2_format32(&kp->format, &up->format);
178 }
179
180 static int __put_v4l2_format32(struct v4l2_format *kp, struct v4l2_format32 __user *up)
181 {
182 if (put_user(kp->type, &up->type))
183 return -EFAULT;
184
185 switch (kp->type) {
186 case V4L2_BUF_TYPE_VIDEO_CAPTURE:
187 case V4L2_BUF_TYPE_VIDEO_OUTPUT:
188 return copy_to_user(&up->fmt.pix, &kp->fmt.pix,
189 sizeof(kp->fmt.pix)) ? -EFAULT : 0;
190 case V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE:
191 case V4L2_BUF_TYPE_VIDEO_OUTPUT_MPLANE:
192 return copy_to_user(&up->fmt.pix_mp, &kp->fmt.pix_mp,
193 sizeof(kp->fmt.pix_mp)) ? -EFAULT : 0;
194 case V4L2_BUF_TYPE_VIDEO_OVERLAY:
195 case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY:
196 return put_v4l2_window32(&kp->fmt.win, &up->fmt.win);
197 case V4L2_BUF_TYPE_VBI_CAPTURE:
198 case V4L2_BUF_TYPE_VBI_OUTPUT:
199 return copy_to_user(&up->fmt.vbi, &kp->fmt.vbi,
200 sizeof(kp->fmt.vbi)) ? -EFAULT : 0;
201 case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE:
202 case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT:
203 return copy_to_user(&up->fmt.sliced, &kp->fmt.sliced,
204 sizeof(kp->fmt.sliced)) ? -EFAULT : 0;
205 case V4L2_BUF_TYPE_SDR_CAPTURE:
206 case V4L2_BUF_TYPE_SDR_OUTPUT:
207 return copy_to_user(&up->fmt.sdr, &kp->fmt.sdr,
208 sizeof(kp->fmt.sdr)) ? -EFAULT : 0;
209 case V4L2_BUF_TYPE_META_CAPTURE:
210 return copy_to_user(&up->fmt.meta, &kp->fmt.meta,
211 sizeof(kp->fmt.meta)) ? -EFAULT : 0;
212 default:
213 pr_info("compat_ioctl32: unexpected VIDIOC_FMT type %d\n",
214 kp->type);
215 return -EINVAL;
216 }
217 }
218
219 static int put_v4l2_format32(struct v4l2_format *kp, struct v4l2_format32 __user *up)
220 {
221 if (!access_ok(VERIFY_WRITE, up, sizeof(*up)))
222 return -EFAULT;
223 return __put_v4l2_format32(kp, up);
224 }
225
226 static int put_v4l2_create32(struct v4l2_create_buffers *kp, struct v4l2_create_buffers32 __user *up)
227 {
228 if (!access_ok(VERIFY_WRITE, up, sizeof(*up)) ||
229 copy_to_user(up, kp, offsetof(struct v4l2_create_buffers32, format)) ||
230 copy_to_user(up->reserved, kp->reserved, sizeof(kp->reserved)))
231 return -EFAULT;
232 return __put_v4l2_format32(&kp->format, &up->format);
233 }
234
235 struct v4l2_standard32 {
236 __u32 index;
237 compat_u64 id;
238 __u8 name[24];
239 struct v4l2_fract frameperiod; /* Frames, not fields */
240 __u32 framelines;
241 __u32 reserved[4];
242 };
243
244 static int get_v4l2_standard32(struct v4l2_standard *kp, struct v4l2_standard32 __user *up)
245 {
246 /* other fields are not set by the user, nor used by the driver */
247 if (!access_ok(VERIFY_READ, up, sizeof(*up)) ||
248 get_user(kp->index, &up->index))
249 return -EFAULT;
250 return 0;
251 }
252
253 static int put_v4l2_standard32(struct v4l2_standard *kp, struct v4l2_standard32 __user *up)
254 {
255 if (!access_ok(VERIFY_WRITE, up, sizeof(*up)) ||
256 put_user(kp->index, &up->index) ||
257 put_user(kp->id, &up->id) ||
258 copy_to_user(up->name, kp->name, sizeof(up->name)) ||
259 copy_to_user(&up->frameperiod, &kp->frameperiod,
260 sizeof(kp->frameperiod)) ||
261 put_user(kp->framelines, &up->framelines) ||
262 copy_to_user(up->reserved, kp->reserved, sizeof(kp->reserved)))
263 return -EFAULT;
264 return 0;
265 }
266
267 struct v4l2_plane32 {
268 __u32 bytesused;
269 __u32 length;
270 union {
271 __u32 mem_offset;
272 compat_long_t userptr;
273 __s32 fd;
274 } m;
275 __u32 data_offset;
276 __u32 reserved[11];
277 };
278
279 struct v4l2_buffer32 {
280 __u32 index;
281 __u32 type; /* enum v4l2_buf_type */
282 __u32 bytesused;
283 __u32 flags;
284 __u32 field; /* enum v4l2_field */
285 struct compat_timeval timestamp;
286 struct v4l2_timecode timecode;
287 __u32 sequence;
288
289 /* memory location */
290 __u32 memory; /* enum v4l2_memory */
291 union {
292 __u32 offset;
293 compat_long_t userptr;
294 compat_caddr_t planes;
295 __s32 fd;
296 } m;
297 __u32 length;
298 __u32 reserved2;
299 __u32 reserved;
300 };
301
302 static int get_v4l2_plane32(struct v4l2_plane __user *up, struct v4l2_plane32 __user *up32,
303 enum v4l2_memory memory)
304 {
305 void __user *up_pln;
306 compat_long_t p;
307
308 if (copy_in_user(up, up32, 2 * sizeof(__u32)) ||
309 copy_in_user(&up->data_offset, &up32->data_offset,
310 sizeof(up->data_offset)))
311 return -EFAULT;
312
313 switch (memory) {
314 case V4L2_MEMORY_MMAP:
315 case V4L2_MEMORY_OVERLAY:
316 if (copy_in_user(&up->m.mem_offset, &up32->m.mem_offset,
317 sizeof(up32->m.mem_offset)))
318 return -EFAULT;
319 break;
320 case V4L2_MEMORY_USERPTR:
321 if (get_user(p, &up32->m.userptr))
322 return -EFAULT;
323 up_pln = compat_ptr(p);
324 if (put_user((unsigned long)up_pln, &up->m.userptr))
325 return -EFAULT;
326 break;
327 case V4L2_MEMORY_DMABUF:
328 if (copy_in_user(&up->m.fd, &up32->m.fd, sizeof(up32->m.fd)))
329 return -EFAULT;
330 break;
331 }
332
333 return 0;
334 }
335
336 static int put_v4l2_plane32(struct v4l2_plane __user *up, struct v4l2_plane32 __user *up32,
337 enum v4l2_memory memory)
338 {
339 unsigned long p;
340
341 if (copy_in_user(up32, up, 2 * sizeof(__u32)) ||
342 copy_in_user(&up32->data_offset, &up->data_offset,
343 sizeof(up->data_offset)))
344 return -EFAULT;
345
346 switch (memory) {
347 case V4L2_MEMORY_MMAP:
348 case V4L2_MEMORY_OVERLAY:
349 if (copy_in_user(&up32->m.mem_offset, &up->m.mem_offset,
350 sizeof(up->m.mem_offset)))
351 return -EFAULT;
352 break;
353 case V4L2_MEMORY_USERPTR:
354 if (get_user(p, &up->m.userptr) ||
355 put_user((compat_ulong_t)ptr_to_compat((__force void *)p),
356 &up32->m.userptr))
357 return -EFAULT;
358 break;
359 case V4L2_MEMORY_DMABUF:
360 if (copy_in_user(&up32->m.fd, &up->m.fd,
361 sizeof(up->m.fd)))
362 return -EFAULT;
363 break;
364 }
365
366 return 0;
367 }
368
369 static int get_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user *up)
370 {
371 struct v4l2_plane32 __user *uplane32;
372 struct v4l2_plane __user *uplane;
373 compat_caddr_t p;
374 int ret;
375
376 if (!access_ok(VERIFY_READ, up, sizeof(*up)) ||
377 get_user(kp->index, &up->index) ||
378 get_user(kp->type, &up->type) ||
379 get_user(kp->flags, &up->flags) ||
380 get_user(kp->memory, &up->memory) ||
381 get_user(kp->length, &up->length))
382 return -EFAULT;
383
384 if (V4L2_TYPE_IS_OUTPUT(kp->type))
385 if (get_user(kp->bytesused, &up->bytesused) ||
386 get_user(kp->field, &up->field) ||
387 get_user(kp->timestamp.tv_sec, &up->timestamp.tv_sec) ||
388 get_user(kp->timestamp.tv_usec, &up->timestamp.tv_usec))
389 return -EFAULT;
390
391 if (V4L2_TYPE_IS_MULTIPLANAR(kp->type)) {
392 unsigned int num_planes;
393
394 if (kp->length == 0) {
395 kp->m.planes = NULL;
396 /* num_planes == 0 is legal, e.g. when userspace doesn't
397 * need planes array on DQBUF*/
398 return 0;
399 } else if (kp->length > VIDEO_MAX_PLANES) {
400 return -EINVAL;
401 }
402
403 if (get_user(p, &up->m.planes))
404 return -EFAULT;
405
406 uplane32 = compat_ptr(p);
407 if (!access_ok(VERIFY_READ, uplane32,
408 kp->length * sizeof(*uplane32)))
409 return -EFAULT;
410
411 /* We don't really care if userspace decides to kill itself
412 * by passing a very big num_planes value */
413 uplane = compat_alloc_user_space(kp->length * sizeof(*uplane));
414 kp->m.planes = (__force struct v4l2_plane *)uplane;
415
416 for (num_planes = 0; num_planes < kp->length; num_planes++) {
417 ret = get_v4l2_plane32(uplane, uplane32, kp->memory);
418 if (ret)
419 return ret;
420 ++uplane;
421 ++uplane32;
422 }
423 } else {
424 switch (kp->memory) {
425 case V4L2_MEMORY_MMAP:
426 case V4L2_MEMORY_OVERLAY:
427 if (get_user(kp->m.offset, &up->m.offset))
428 return -EFAULT;
429 break;
430 case V4L2_MEMORY_USERPTR:
431 {
432 compat_long_t tmp;
433
434 if (get_user(tmp, &up->m.userptr))
435 return -EFAULT;
436
437 kp->m.userptr = (unsigned long)compat_ptr(tmp);
438 }
439 break;
440 case V4L2_MEMORY_DMABUF:
441 if (get_user(kp->m.fd, &up->m.fd))
442 return -EFAULT;
443 break;
444 }
445 }
446
447 return 0;
448 }
449
450 static int put_v4l2_buffer32(struct v4l2_buffer *kp, struct v4l2_buffer32 __user *up)
451 {
452 struct v4l2_plane32 __user *uplane32;
453 struct v4l2_plane __user *uplane;
454 compat_caddr_t p;
455 int num_planes;
456 int ret;
457
458 if (!access_ok(VERIFY_WRITE, up, sizeof(*up)) ||
459 put_user(kp->index, &up->index) ||
460 put_user(kp->type, &up->type) ||
461 put_user(kp->flags, &up->flags) ||
462 put_user(kp->memory, &up->memory))
463 return -EFAULT;
464
465 if (put_user(kp->bytesused, &up->bytesused) ||
466 put_user(kp->field, &up->field) ||
467 put_user(kp->timestamp.tv_sec, &up->timestamp.tv_sec) ||
468 put_user(kp->timestamp.tv_usec, &up->timestamp.tv_usec) ||
469 copy_to_user(&up->timecode, &kp->timecode, sizeof(kp->timecode)) ||
470 put_user(kp->sequence, &up->sequence) ||
471 put_user(kp->reserved2, &up->reserved2) ||
472 put_user(kp->reserved, &up->reserved) ||
473 put_user(kp->length, &up->length))
474 return -EFAULT;
475
476 if (V4L2_TYPE_IS_MULTIPLANAR(kp->type)) {
477 num_planes = kp->length;
478 if (num_planes == 0)
479 return 0;
480
481 uplane = (__force struct v4l2_plane __user *)kp->m.planes;
482 if (get_user(p, &up->m.planes))
483 return -EFAULT;
484 uplane32 = compat_ptr(p);
485
486 while (--num_planes >= 0) {
487 ret = put_v4l2_plane32(uplane, uplane32, kp->memory);
488 if (ret)
489 return ret;
490 ++uplane;
491 ++uplane32;
492 }
493 } else {
494 switch (kp->memory) {
495 case V4L2_MEMORY_MMAP:
496 case V4L2_MEMORY_OVERLAY:
497 if (put_user(kp->m.offset, &up->m.offset))
498 return -EFAULT;
499 break;
500 case V4L2_MEMORY_USERPTR:
501 if (put_user(kp->m.userptr, &up->m.userptr))
502 return -EFAULT;
503 break;
504 case V4L2_MEMORY_DMABUF:
505 if (put_user(kp->m.fd, &up->m.fd))
506 return -EFAULT;
507 break;
508 }
509 }
510
511 return 0;
512 }
513
514 struct v4l2_framebuffer32 {
515 __u32 capability;
516 __u32 flags;
517 compat_caddr_t base;
518 struct {
519 __u32 width;
520 __u32 height;
521 __u32 pixelformat;
522 __u32 field;
523 __u32 bytesperline;
524 __u32 sizeimage;
525 __u32 colorspace;
526 __u32 priv;
527 } fmt;
528 };
529
530 static int get_v4l2_framebuffer32(struct v4l2_framebuffer *kp, struct v4l2_framebuffer32 __user *up)
531 {
532 u32 tmp;
533
534 if (!access_ok(VERIFY_READ, up, sizeof(*up)) ||
535 get_user(tmp, &up->base) ||
536 get_user(kp->capability, &up->capability) ||
537 get_user(kp->flags, &up->flags) ||
538 copy_from_user(&kp->fmt, &up->fmt, sizeof(up->fmt)))
539 return -EFAULT;
540 kp->base = (__force void *)compat_ptr(tmp);
541 return 0;
542 }
543
544 static int put_v4l2_framebuffer32(struct v4l2_framebuffer *kp, struct v4l2_framebuffer32 __user *up)
545 {
546 u32 tmp = (u32)((unsigned long)kp->base);
547
548 if (!access_ok(VERIFY_WRITE, up, sizeof(*up)) ||
549 put_user(tmp, &up->base) ||
550 put_user(kp->capability, &up->capability) ||
551 put_user(kp->flags, &up->flags) ||
552 copy_to_user(&up->fmt, &kp->fmt, sizeof(up->fmt)))
553 return -EFAULT;
554 return 0;
555 }
556
557 struct v4l2_input32 {
558 __u32 index; /* Which input */
559 __u8 name[32]; /* Label */
560 __u32 type; /* Type of input */
561 __u32 audioset; /* Associated audios (bitfield) */
562 __u32 tuner; /* Associated tuner */
563 compat_u64 std;
564 __u32 status;
565 __u32 capabilities;
566 __u32 reserved[3];
567 };
568
569 /* The 64-bit v4l2_input struct has extra padding at the end of the struct.
570 Otherwise it is identical to the 32-bit version. */
571 static inline int get_v4l2_input32(struct v4l2_input *kp, struct v4l2_input32 __user *up)
572 {
573 if (copy_from_user(kp, up, sizeof(*up)))
574 return -EFAULT;
575 return 0;
576 }
577
578 static inline int put_v4l2_input32(struct v4l2_input *kp, struct v4l2_input32 __user *up)
579 {
580 if (copy_to_user(up, kp, sizeof(*up)))
581 return -EFAULT;
582 return 0;
583 }
584
585 struct v4l2_ext_controls32 {
586 __u32 which;
587 __u32 count;
588 __u32 error_idx;
589 __u32 reserved[2];
590 compat_caddr_t controls; /* actually struct v4l2_ext_control32 * */
591 };
592
593 struct v4l2_ext_control32 {
594 __u32 id;
595 __u32 size;
596 __u32 reserved2[1];
597 union {
598 __s32 value;
599 __s64 value64;
600 compat_caddr_t string; /* actually char * */
601 };
602 } __attribute__ ((packed));
603
604 /* The following function really belong in v4l2-common, but that causes
605 a circular dependency between modules. We need to think about this, but
606 for now this will do. */
607
608 /* Return non-zero if this control is a pointer type. Currently only
609 type STRING is a pointer type. */
610 static inline int ctrl_is_pointer(u32 id)
611 {
612 switch (id) {
613 case V4L2_CID_RDS_TX_PS_NAME:
614 case V4L2_CID_RDS_TX_RADIO_TEXT:
615 return 1;
616 default:
617 return 0;
618 }
619 }
620
621 static int get_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext_controls32 __user *up)
622 {
623 struct v4l2_ext_control32 __user *ucontrols;
624 struct v4l2_ext_control __user *kcontrols;
625 unsigned int n;
626 compat_caddr_t p;
627
628 if (!access_ok(VERIFY_READ, up, sizeof(*up)) ||
629 get_user(kp->which, &up->which) ||
630 get_user(kp->count, &up->count) ||
631 get_user(kp->error_idx, &up->error_idx) ||
632 copy_from_user(kp->reserved, up->reserved, sizeof(kp->reserved)))
633 return -EFAULT;
634 if (kp->count == 0) {
635 kp->controls = NULL;
636 return 0;
637 } else if (kp->count > V4L2_CID_MAX_CTRLS) {
638 return -EINVAL;
639 }
640 if (get_user(p, &up->controls))
641 return -EFAULT;
642 ucontrols = compat_ptr(p);
643 if (!access_ok(VERIFY_READ, ucontrols, kp->count * sizeof(*ucontrols)))
644 return -EFAULT;
645 kcontrols = compat_alloc_user_space(kp->count * sizeof(*kcontrols));
646 kp->controls = (__force struct v4l2_ext_control *)kcontrols;
647 for (n = 0; n < kp->count; n++) {
648 u32 id;
649
650 if (copy_in_user(kcontrols, ucontrols, sizeof(*ucontrols)))
651 return -EFAULT;
652 if (get_user(id, &kcontrols->id))
653 return -EFAULT;
654 if (ctrl_is_pointer(id)) {
655 void __user *s;
656
657 if (get_user(p, &ucontrols->string))
658 return -EFAULT;
659 s = compat_ptr(p);
660 if (put_user(s, &kcontrols->string))
661 return -EFAULT;
662 }
663 ucontrols++;
664 kcontrols++;
665 }
666 return 0;
667 }
668
669 static int put_v4l2_ext_controls32(struct v4l2_ext_controls *kp, struct v4l2_ext_controls32 __user *up)
670 {
671 struct v4l2_ext_control32 __user *ucontrols;
672 struct v4l2_ext_control __user *kcontrols =
673 (__force struct v4l2_ext_control __user *)kp->controls;
674 int n = kp->count;
675 compat_caddr_t p;
676
677 if (!access_ok(VERIFY_WRITE, up, sizeof(*up)) ||
678 put_user(kp->which, &up->which) ||
679 put_user(kp->count, &up->count) ||
680 put_user(kp->error_idx, &up->error_idx) ||
681 copy_to_user(up->reserved, kp->reserved, sizeof(up->reserved)))
682 return -EFAULT;
683 if (!kp->count)
684 return 0;
685
686 if (get_user(p, &up->controls))
687 return -EFAULT;
688 ucontrols = compat_ptr(p);
689 if (!access_ok(VERIFY_WRITE, ucontrols, n * sizeof(*ucontrols)))
690 return -EFAULT;
691
692 while (--n >= 0) {
693 unsigned size = sizeof(*ucontrols);
694 u32 id;
695
696 if (get_user(id, &kcontrols->id))
697 return -EFAULT;
698 /* Do not modify the pointer when copying a pointer control.
699 The contents of the pointer was changed, not the pointer
700 itself. */
701 if (ctrl_is_pointer(id))
702 size -= sizeof(ucontrols->value64);
703 if (copy_in_user(ucontrols, kcontrols, size))
704 return -EFAULT;
705 ucontrols++;
706 kcontrols++;
707 }
708 return 0;
709 }
710
711 struct v4l2_event32 {
712 __u32 type;
713 union {
714 compat_s64 value64;
715 __u8 data[64];
716 } u;
717 __u32 pending;
718 __u32 sequence;
719 struct compat_timespec timestamp;
720 __u32 id;
721 __u32 reserved[8];
722 };
723
724 static int put_v4l2_event32(struct v4l2_event *kp, struct v4l2_event32 __user *up)
725 {
726 if (!access_ok(VERIFY_WRITE, up, sizeof(*up)) ||
727 put_user(kp->type, &up->type) ||
728 copy_to_user(&up->u, &kp->u, sizeof(kp->u)) ||
729 put_user(kp->pending, &up->pending) ||
730 put_user(kp->sequence, &up->sequence) ||
731 put_user(kp->timestamp.tv_sec, &up->timestamp.tv_sec) ||
732 put_user(kp->timestamp.tv_nsec, &up->timestamp.tv_nsec) ||
733 put_user(kp->id, &up->id) ||
734 copy_to_user(up->reserved, kp->reserved, sizeof(kp->reserved)))
735 return -EFAULT;
736 return 0;
737 }
738
739 struct v4l2_edid32 {
740 __u32 pad;
741 __u32 start_block;
742 __u32 blocks;
743 __u32 reserved[5];
744 compat_caddr_t edid;
745 };
746
747 static int get_v4l2_edid32(struct v4l2_edid *kp, struct v4l2_edid32 __user *up)
748 {
749 u32 tmp;
750
751 if (!access_ok(VERIFY_READ, up, sizeof(*up)) ||
752 get_user(kp->pad, &up->pad) ||
753 get_user(kp->start_block, &up->start_block) ||
754 get_user(kp->blocks, &up->blocks) ||
755 get_user(tmp, &up->edid) ||
756 copy_from_user(kp->reserved, up->reserved, sizeof(kp->reserved)))
757 return -EFAULT;
758 kp->edid = (__force u8 *)compat_ptr(tmp);
759 return 0;
760 }
761
762 static int put_v4l2_edid32(struct v4l2_edid *kp, struct v4l2_edid32 __user *up)
763 {
764 u32 tmp = (u32)((unsigned long)kp->edid);
765
766 if (!access_ok(VERIFY_WRITE, up, sizeof(*up)) ||
767 put_user(kp->pad, &up->pad) ||
768 put_user(kp->start_block, &up->start_block) ||
769 put_user(kp->blocks, &up->blocks) ||
770 put_user(tmp, &up->edid) ||
771 copy_to_user(up->reserved, kp->reserved, sizeof(up->reserved)))
772 return -EFAULT;
773 return 0;
774 }
775
776
777 #define VIDIOC_G_FMT32 _IOWR('V', 4, struct v4l2_format32)
778 #define VIDIOC_S_FMT32 _IOWR('V', 5, struct v4l2_format32)
779 #define VIDIOC_QUERYBUF32 _IOWR('V', 9, struct v4l2_buffer32)
780 #define VIDIOC_G_FBUF32 _IOR ('V', 10, struct v4l2_framebuffer32)
781 #define VIDIOC_S_FBUF32 _IOW ('V', 11, struct v4l2_framebuffer32)
782 #define VIDIOC_QBUF32 _IOWR('V', 15, struct v4l2_buffer32)
783 #define VIDIOC_DQBUF32 _IOWR('V', 17, struct v4l2_buffer32)
784 #define VIDIOC_ENUMSTD32 _IOWR('V', 25, struct v4l2_standard32)
785 #define VIDIOC_ENUMINPUT32 _IOWR('V', 26, struct v4l2_input32)
786 #define VIDIOC_G_EDID32 _IOWR('V', 40, struct v4l2_edid32)
787 #define VIDIOC_S_EDID32 _IOWR('V', 41, struct v4l2_edid32)
788 #define VIDIOC_TRY_FMT32 _IOWR('V', 64, struct v4l2_format32)
789 #define VIDIOC_G_EXT_CTRLS32 _IOWR('V', 71, struct v4l2_ext_controls32)
790 #define VIDIOC_S_EXT_CTRLS32 _IOWR('V', 72, struct v4l2_ext_controls32)
791 #define VIDIOC_TRY_EXT_CTRLS32 _IOWR('V', 73, struct v4l2_ext_controls32)
792 #define VIDIOC_DQEVENT32 _IOR ('V', 89, struct v4l2_event32)
793 #define VIDIOC_CREATE_BUFS32 _IOWR('V', 92, struct v4l2_create_buffers32)
794 #define VIDIOC_PREPARE_BUF32 _IOWR('V', 93, struct v4l2_buffer32)
795
796 #define VIDIOC_OVERLAY32 _IOW ('V', 14, s32)
797 #define VIDIOC_STREAMON32 _IOW ('V', 18, s32)
798 #define VIDIOC_STREAMOFF32 _IOW ('V', 19, s32)
799 #define VIDIOC_G_INPUT32 _IOR ('V', 38, s32)
800 #define VIDIOC_S_INPUT32 _IOWR('V', 39, s32)
801 #define VIDIOC_G_OUTPUT32 _IOR ('V', 46, s32)
802 #define VIDIOC_S_OUTPUT32 _IOWR('V', 47, s32)
803
804 static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
805 {
806 union {
807 struct v4l2_format v2f;
808 struct v4l2_buffer v2b;
809 struct v4l2_framebuffer v2fb;
810 struct v4l2_input v2i;
811 struct v4l2_standard v2s;
812 struct v4l2_ext_controls v2ecs;
813 struct v4l2_event v2ev;
814 struct v4l2_create_buffers v2crt;
815 struct v4l2_edid v2edid;
816 unsigned long vx;
817 int vi;
818 } karg;
819 void __user *up = compat_ptr(arg);
820 int compatible_arg = 1;
821 long err = 0;
822
823 /* First, convert the command. */
824 switch (cmd) {
825 case VIDIOC_G_FMT32: cmd = VIDIOC_G_FMT; break;
826 case VIDIOC_S_FMT32: cmd = VIDIOC_S_FMT; break;
827 case VIDIOC_QUERYBUF32: cmd = VIDIOC_QUERYBUF; break;
828 case VIDIOC_G_FBUF32: cmd = VIDIOC_G_FBUF; break;
829 case VIDIOC_S_FBUF32: cmd = VIDIOC_S_FBUF; break;
830 case VIDIOC_QBUF32: cmd = VIDIOC_QBUF; break;
831 case VIDIOC_DQBUF32: cmd = VIDIOC_DQBUF; break;
832 case VIDIOC_ENUMSTD32: cmd = VIDIOC_ENUMSTD; break;
833 case VIDIOC_ENUMINPUT32: cmd = VIDIOC_ENUMINPUT; break;
834 case VIDIOC_TRY_FMT32: cmd = VIDIOC_TRY_FMT; break;
835 case VIDIOC_G_EXT_CTRLS32: cmd = VIDIOC_G_EXT_CTRLS; break;
836 case VIDIOC_S_EXT_CTRLS32: cmd = VIDIOC_S_EXT_CTRLS; break;
837 case VIDIOC_TRY_EXT_CTRLS32: cmd = VIDIOC_TRY_EXT_CTRLS; break;
838 case VIDIOC_DQEVENT32: cmd = VIDIOC_DQEVENT; break;
839 case VIDIOC_OVERLAY32: cmd = VIDIOC_OVERLAY; break;
840 case VIDIOC_STREAMON32: cmd = VIDIOC_STREAMON; break;
841 case VIDIOC_STREAMOFF32: cmd = VIDIOC_STREAMOFF; break;
842 case VIDIOC_G_INPUT32: cmd = VIDIOC_G_INPUT; break;
843 case VIDIOC_S_INPUT32: cmd = VIDIOC_S_INPUT; break;
844 case VIDIOC_G_OUTPUT32: cmd = VIDIOC_G_OUTPUT; break;
845 case VIDIOC_S_OUTPUT32: cmd = VIDIOC_S_OUTPUT; break;
846 case VIDIOC_CREATE_BUFS32: cmd = VIDIOC_CREATE_BUFS; break;
847 case VIDIOC_PREPARE_BUF32: cmd = VIDIOC_PREPARE_BUF; break;
848 case VIDIOC_G_EDID32: cmd = VIDIOC_G_EDID; break;
849 case VIDIOC_S_EDID32: cmd = VIDIOC_S_EDID; break;
850 }
851
852 switch (cmd) {
853 case VIDIOC_OVERLAY:
854 case VIDIOC_STREAMON:
855 case VIDIOC_STREAMOFF:
856 case VIDIOC_S_INPUT:
857 case VIDIOC_S_OUTPUT:
858 err = get_user(karg.vi, (s32 __user *)up);
859 compatible_arg = 0;
860 break;
861
862 case VIDIOC_G_INPUT:
863 case VIDIOC_G_OUTPUT:
864 compatible_arg = 0;
865 break;
866
867 case VIDIOC_G_EDID:
868 case VIDIOC_S_EDID:
869 err = get_v4l2_edid32(&karg.v2edid, up);
870 compatible_arg = 0;
871 break;
872
873 case VIDIOC_G_FMT:
874 case VIDIOC_S_FMT:
875 case VIDIOC_TRY_FMT:
876 err = get_v4l2_format32(&karg.v2f, up);
877 compatible_arg = 0;
878 break;
879
880 case VIDIOC_CREATE_BUFS:
881 err = get_v4l2_create32(&karg.v2crt, up);
882 compatible_arg = 0;
883 break;
884
885 case VIDIOC_PREPARE_BUF:
886 case VIDIOC_QUERYBUF:
887 case VIDIOC_QBUF:
888 case VIDIOC_DQBUF:
889 err = get_v4l2_buffer32(&karg.v2b, up);
890 compatible_arg = 0;
891 break;
892
893 case VIDIOC_S_FBUF:
894 err = get_v4l2_framebuffer32(&karg.v2fb, up);
895 compatible_arg = 0;
896 break;
897
898 case VIDIOC_G_FBUF:
899 compatible_arg = 0;
900 break;
901
902 case VIDIOC_ENUMSTD:
903 err = get_v4l2_standard32(&karg.v2s, up);
904 compatible_arg = 0;
905 break;
906
907 case VIDIOC_ENUMINPUT:
908 err = get_v4l2_input32(&karg.v2i, up);
909 compatible_arg = 0;
910 break;
911
912 case VIDIOC_G_EXT_CTRLS:
913 case VIDIOC_S_EXT_CTRLS:
914 case VIDIOC_TRY_EXT_CTRLS:
915 err = get_v4l2_ext_controls32(&karg.v2ecs, up);
916 compatible_arg = 0;
917 break;
918 case VIDIOC_DQEVENT:
919 compatible_arg = 0;
920 break;
921 }
922 if (err)
923 return err;
924
925 if (compatible_arg)
926 err = native_ioctl(file, cmd, (unsigned long)up);
927 else {
928 mm_segment_t old_fs = get_fs();
929
930 set_fs(KERNEL_DS);
931 err = native_ioctl(file, cmd, (unsigned long)&karg);
932 set_fs(old_fs);
933 }
934
935 /* Special case: even after an error we need to put the
936 results back for these ioctls since the error_idx will
937 contain information on which control failed. */
938 switch (cmd) {
939 case VIDIOC_G_EXT_CTRLS:
940 case VIDIOC_S_EXT_CTRLS:
941 case VIDIOC_TRY_EXT_CTRLS:
942 if (put_v4l2_ext_controls32(&karg.v2ecs, up))
943 err = -EFAULT;
944 break;
945 case VIDIOC_S_EDID:
946 if (put_v4l2_edid32(&karg.v2edid, up))
947 err = -EFAULT;
948 break;
949 }
950 if (err)
951 return err;
952
953 switch (cmd) {
954 case VIDIOC_S_INPUT:
955 case VIDIOC_S_OUTPUT:
956 case VIDIOC_G_INPUT:
957 case VIDIOC_G_OUTPUT:
958 err = put_user(((s32)karg.vi), (s32 __user *)up);
959 break;
960
961 case VIDIOC_G_FBUF:
962 err = put_v4l2_framebuffer32(&karg.v2fb, up);
963 break;
964
965 case VIDIOC_DQEVENT:
966 err = put_v4l2_event32(&karg.v2ev, up);
967 break;
968
969 case VIDIOC_G_EDID:
970 err = put_v4l2_edid32(&karg.v2edid, up);
971 break;
972
973 case VIDIOC_G_FMT:
974 case VIDIOC_S_FMT:
975 case VIDIOC_TRY_FMT:
976 err = put_v4l2_format32(&karg.v2f, up);
977 break;
978
979 case VIDIOC_CREATE_BUFS:
980 err = put_v4l2_create32(&karg.v2crt, up);
981 break;
982
983 case VIDIOC_PREPARE_BUF:
984 case VIDIOC_QUERYBUF:
985 case VIDIOC_QBUF:
986 case VIDIOC_DQBUF:
987 err = put_v4l2_buffer32(&karg.v2b, up);
988 break;
989
990 case VIDIOC_ENUMSTD:
991 err = put_v4l2_standard32(&karg.v2s, up);
992 break;
993
994 case VIDIOC_ENUMINPUT:
995 err = put_v4l2_input32(&karg.v2i, up);
996 break;
997 }
998 return err;
999 }
1000
1001 long v4l2_compat_ioctl32(struct file *file, unsigned int cmd, unsigned long arg)
1002 {
1003 struct video_device *vdev = video_devdata(file);
1004 long ret = -ENOIOCTLCMD;
1005
1006 if (!file->f_op->unlocked_ioctl)
1007 return ret;
1008
1009 if (_IOC_TYPE(cmd) == 'V' && _IOC_NR(cmd) < BASE_VIDIOC_PRIVATE)
1010 ret = do_video_ioctl(file, cmd, arg);
1011 else if (vdev->fops->compat_ioctl32)
1012 ret = vdev->fops->compat_ioctl32(file, cmd, arg);
1013
1014 if (ret == -ENOIOCTLCMD)
1015 pr_debug("compat_ioctl32: unknown ioctl '%c', dir=%d, #%d (0x%08x)\n",
1016 _IOC_TYPE(cmd), _IOC_DIR(cmd), _IOC_NR(cmd), cmd);
1017 return ret;
1018 }
1019 EXPORT_SYMBOL_GPL(v4l2_compat_ioctl32);
ubuntu-bionic-kernel mirror