Re: [PATCH 4/5] media: v4l2-compat-ioctl32: fix several __user annotations

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mauro Carvalho Chehab <mchehab@s-opensource.com>
To: Hans Verkuil <hansverk@cisco.com>
Cc: Linux Media Mailing List <linux-media@vger.kernel.org>,
	Mauro Carvalho Chehab <mchehab@infradead.org>,
	Sakari Ailus <sakari.ailus@linux.intel.com>,
	Daniel Mentz <danielmentz@google.com>,
	Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Subject: Re: [PATCH 4/5] media: v4l2-compat-ioctl32: fix several __user annotations
Date: Tue, 17 Apr 2018 10:10:09 -0300	[thread overview]
Message-ID: <20180417101009.71d98c63@vento.lan> (raw)
In-Reply-To: <20180417100131.3add7f67@vento.lan>

Em Tue, 17 Apr 2018 10:01:31 -0300
Mauro Carvalho Chehab <mchehab@s-opensource.com> escreveu:

> > >> ->blocks is a u32, so this should be a u32 cast as well.    
> > 
> > Be aware that the unsigned char * cast is actually a bug: it will clamp the
> > u32 'blocks' value to a u8.
> > 
> > Regards,
> > 
> > 	Hans
> 
> What about this approach (code untested)?

Even better:

[PATCH] media: v4l2-compat-ioctl32: simplify casts

Making the cast right for get_user/put_user is not trivial, as
it needs to ensure that the types are the correct ones.

Improve it by using macros.

PS.: Patch untested

Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>

diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
index 8c05dd9660d3..d2f0268427c2 100644
--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
+++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
@@ -30,6 +30,24 @@
 	get_user(__assign_tmp, from) || put_user(__assign_tmp, to);	\
 })
 
+#define get_user_cast(__x, __ptr)					\
+({									\
+	get_user(__x, (typeof(*__ptr) __user *)(__ptr));		\
+})
+
+#define put_user_force(__x, __ptr)					\
+({									\
+	put_user((typeof(*__x) __force *)(__x), __ptr);			\
+})
+
+#define assign_in_user_cast(to, from)					\
+({									\
+	typeof(*from) __assign_tmp;					\
+									\
+	get_user_cast(__assign_tmp, from) || put_user(__assign_tmp, to);\
+})
+
+
 static long native_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 {
 	long ret = -ENOIOCTLCMD;
@@ -543,8 +561,7 @@ static int get_v4l2_buffer32(struct v4l2_buffer __user *p64,
 			return -EFAULT;
 
 		uplane = aux_buf;
-		if (put_user((__force struct v4l2_plane *)uplane,
-			     &p64->m.planes))
+		if (put_user_force(uplane, &p64->m.planes))
 			return -EFAULT;
 
 		while (num_planes--) {
@@ -682,7 +699,7 @@ static int get_v4l2_framebuffer32(struct v4l2_framebuffer __user *p64,
 
 	if (!access_ok(VERIFY_READ, p32, sizeof(*p32)) ||
 	    get_user(tmp, &p32->base) ||
-	    put_user((void __force *)compat_ptr(tmp), &p64->base) ||
+	    put_user_force(compat_ptr(tmp), &p64->base) ||
 	    assign_in_user(&p64->capability, &p32->capability) ||
 	    assign_in_user(&p64->flags, &p32->flags) ||
 	    copy_in_user(&p64->fmt, &p32->fmt, sizeof(p64->fmt)))
@@ -831,8 +848,7 @@ static int get_v4l2_ext_controls32(struct file *file,
 	if (aux_space < count * sizeof(*kcontrols))
 		return -EFAULT;
 	kcontrols = aux_buf;
-	if (put_user((__force struct v4l2_ext_control *)kcontrols,
-		     &p64->controls))
+	if (put_user_force(kcontrols, &p64->controls))
 		return -EFAULT;
 
 	for (n = 0; n < count; n++) {
@@ -898,12 +914,11 @@ static int put_v4l2_ext_controls32(struct file *file,
 		unsigned int size = sizeof(*ucontrols);
 		u32 id;
 
-		if (get_user(id, (unsigned int __user *)&kcontrols->id) ||
+		if (get_user_cast(id, &kcontrols->id) ||
 		    put_user(id, &ucontrols->id) ||
-		    assign_in_user(&ucontrols->size,
-				   (unsigned int __user *)&kcontrols->size) ||
+		    assign_in_user_cast(&ucontrols->size, &kcontrols->size) ||
 		    copy_in_user(&ucontrols->reserved2,
-				 (unsigned int __user *)&kcontrols->reserved2,
+				 (void __user *)&kcontrols->reserved2,
 				 sizeof(ucontrols->reserved2)))
 			return -EFAULT;
 
@@ -916,7 +931,7 @@ static int put_v4l2_ext_controls32(struct file *file,
 			size -= sizeof(ucontrols->value64);
 
 		if (copy_in_user(ucontrols,
-			         (unsigned int __user *)kcontrols, size))
+			         (void __user *)kcontrols, size))
 			return -EFAULT;
 
 		ucontrols++;
@@ -970,10 +985,9 @@ static int get_v4l2_edid32(struct v4l2_edid __user *p64,
 	if (!access_ok(VERIFY_READ, p32, sizeof(*p32)) ||
 	    assign_in_user(&p64->pad, &p32->pad) ||
 	    assign_in_user(&p64->start_block, &p32->start_block) ||
-	    assign_in_user(&p64->blocks,
-			   (unsigned char __user *)&p32->blocks) ||
+	    assign_in_user_cast(&p64->blocks, &p32->blocks) ||
 	    get_user(tmp, &p32->edid) ||
-	    put_user((void __force *)compat_ptr(tmp), &p64->edid) ||
+	    put_user_force(compat_ptr(tmp), &p64->edid) ||
 	    copy_in_user(p64->reserved, p32->reserved, sizeof(p64->reserved)))
 		return -EFAULT;
 	return 0;


Thanks,
Mauro

next prev parent reply	other threads:[~2018-04-17 13:10 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-04-17 10:20 [PATCH 0/5] Remaining COMPILE_TEST and smatch cleanups Mauro Carvalho Chehab
2018-04-17 10:20 ` [PATCH 1/5] omap: omap-iommu.h: allow building drivers with COMPILE_TEST Mauro Carvalho Chehab
2018-04-17 10:20 ` [PATCH 2/5] media: omap3isp: Enable driver compilation on ARM " Mauro Carvalho Chehab
2018-04-17 10:20 ` [PATCH 3/5] media: omap3isp: allow it to build " Mauro Carvalho Chehab
2018-04-17 10:20 ` [PATCH 4/5] media: v4l2-compat-ioctl32: fix several __user annotations Mauro Carvalho Chehab
2018-04-17 10:33   ` Hans Verkuil
2018-04-17 10:53     ` Mauro Carvalho Chehab
2018-04-17 11:04       ` Hans Verkuil
2018-04-17 11:30         ` Mauro Carvalho Chehab
2018-04-17 13:01         ` Mauro Carvalho Chehab
2018-04-17 13:10           ` Mauro Carvalho Chehab [this message]
2018-04-17 13:58             ` Mauro Carvalho Chehab
2018-04-17 14:21               ` Mauro Carvalho Chehab
2018-04-17 13:11           ` Hans Verkuil
2018-04-17 13:35             ` Mauro Carvalho Chehab
2018-04-17 10:20 ` [PATCH 5/5] media: v4l2-compat-ioctl32: better name userspace pointers Mauro Carvalho Chehab
2018-04-17 10:37   ` Hans Verkuil
2018-04-17 10:22 ` [PATCH 0/5] Remaining COMPILE_TEST and smatch cleanups Mauro Carvalho Chehab
     [not found] ` <20180418090414.6h5q3zfm3udzscd7@valkosipuli.retiisi.org.uk>
2018-04-19 10:42   ` Mauro Carvalho Chehab
2018-04-23 14:09     ` Sakari Ailus
2018-04-23 14:37       ` Mauro Carvalho Chehab

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8c05dd9660d dfblob:d2f0268427c )
 OR (
bs:"Re: [PATCH 4/5] media: v4l2-compat-ioctl32: fix several __user annotations" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180417101009.71d98c63@vento.lan \
    --to=mchehab@s-opensource.com \
    --cc=danielmentz@google.com \
    --cc=hansverk@cisco.com \
    --cc=laurent.pinchart@ideasonboard.com \
    --cc=linux-media@vger.kernel.org \
    --cc=mchehab@infradead.org \
    --cc=sakari.ailus@linux.intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.