Re: [PATCH 4/5] media: v4l2-compat-ioctl32: fix several __user annotations

linux-media.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Mauro Carvalho Chehab <mchehab@s-opensource.com>
To: Hans Verkuil <hansverk@cisco.com>
Cc: Linux Media Mailing List <linux-media@vger.kernel.org>,
	Mauro Carvalho Chehab <mchehab@infradead.org>,
	Sakari Ailus <sakari.ailus@linux.intel.com>,
	Daniel Mentz <danielmentz@google.com>,
	Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Subject: Re: [PATCH 4/5] media: v4l2-compat-ioctl32: fix several __user annotations
Date: Tue, 17 Apr 2018 10:10:09 -0300	[thread overview]
Message-ID: <20180417101009.71d98c63@vento.lan> (raw)
In-Reply-To: <20180417100131.3add7f67@vento.lan>

Em Tue, 17 Apr 2018 10:01:31 -0300
Mauro Carvalho Chehab <mchehab@s-opensource.com> escreveu:

> > >> ->blocks is a u32, so this should be a u32 cast as well.    
> > 
> > Be aware that the unsigned char * cast is actually a bug: it will clamp the
> > u32 'blocks' value to a u8.
> > 
> > Regards,
> > 
> > 	Hans
> 
> What about this approach (code untested)?

Even better:

[PATCH] media: v4l2-compat-ioctl32: simplify casts

Making the cast right for get_user/put_user is not trivial, as
it needs to ensure that the types are the correct ones.

Improve it by using macros.

PS.: Patch untested

Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com>

diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
index 8c05dd9660d3..d2f0268427c2 100644
--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
+++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
@@ -30,6 +30,24 @@
 	get_user(__assign_tmp, from) || put_user(__assign_tmp, to);	\
 })
 
+#define get_user_cast(__x, __ptr)					\
+({									\
+	get_user(__x, (typeof(*__ptr) __user *)(__ptr));		\
+})
+
+#define put_user_force(__x, __ptr)					\
+({									\
+	put_user((typeof(*__x) __force *)(__x), __ptr);			\
+})
+
+#define assign_in_user_cast(to, from)					\
+({									\
+	typeof(*from) __assign_tmp;					\
+									\
+	get_user_cast(__assign_tmp, from) || put_user(__assign_tmp, to);\
+})
+
+
 static long native_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 {
 	long ret = -ENOIOCTLCMD;
@@ -543,8 +561,7 @@ static int get_v4l2_buffer32(struct v4l2_buffer __user *p64,
 			return -EFAULT;
 
 		uplane = aux_buf;
-		if (put_user((__force struct v4l2_plane *)uplane,
-			     &p64->m.planes))
+		if (put_user_force(uplane, &p64->m.planes))
 			return -EFAULT;
 
 		while (num_planes--) {
@@ -682,7 +699,7 @@ static int get_v4l2_framebuffer32(struct v4l2_framebuffer __user *p64,
 
 	if (!access_ok(VERIFY_READ, p32, sizeof(*p32)) ||
 	    get_user(tmp, &p32->base) ||
-	    put_user((void __force *)compat_ptr(tmp), &p64->base) ||
+	    put_user_force(compat_ptr(tmp), &p64->base) ||
 	    assign_in_user(&p64->capability, &p32->capability) ||
 	    assign_in_user(&p64->flags, &p32->flags) ||
 	    copy_in_user(&p64->fmt, &p32->fmt, sizeof(p64->fmt)))
@@ -831,8 +848,7 @@ static int get_v4l2_ext_controls32(struct file *file,
 	if (aux_space < count * sizeof(*kcontrols))
 		return -EFAULT;
 	kcontrols = aux_buf;
-	if (put_user((__force struct v4l2_ext_control *)kcontrols,
-		     &p64->controls))
+	if (put_user_force(kcontrols, &p64->controls))
 		return -EFAULT;
 
 	for (n = 0; n < count; n++) {
@@ -898,12 +914,11 @@ static int put_v4l2_ext_controls32(struct file *file,
 		unsigned int size = sizeof(*ucontrols);
 		u32 id;
 
-		if (get_user(id, (unsigned int __user *)&kcontrols->id) ||
+		if (get_user_cast(id, &kcontrols->id) ||
 		    put_user(id, &ucontrols->id) ||
-		    assign_in_user(&ucontrols->size,
-				   (unsigned int __user *)&kcontrols->size) ||
+		    assign_in_user_cast(&ucontrols->size, &kcontrols->size) ||
 		    copy_in_user(&ucontrols->reserved2,
-				 (unsigned int __user *)&kcontrols->reserved2,
+				 (void __user *)&kcontrols->reserved2,
 				 sizeof(ucontrols->reserved2)))
 			return -EFAULT;
 
@@ -916,7 +931,7 @@ static int put_v4l2_ext_controls32(struct file *file,
 			size -= sizeof(ucontrols->value64);
 
 		if (copy_in_user(ucontrols,
-			         (unsigned int __user *)kcontrols, size))
+			         (void __user *)kcontrols, size))
 			return -EFAULT;
 
 		ucontrols++;
@@ -970,10 +985,9 @@ static int get_v4l2_edid32(struct v4l2_edid __user *p64,
 	if (!access_ok(VERIFY_READ, p32, sizeof(*p32)) ||
 	    assign_in_user(&p64->pad, &p32->pad) ||
 	    assign_in_user(&p64->start_block, &p32->start_block) ||
-	    assign_in_user(&p64->blocks,
-			   (unsigned char __user *)&p32->blocks) ||
+	    assign_in_user_cast(&p64->blocks, &p32->blocks) ||
 	    get_user(tmp, &p32->edid) ||
-	    put_user((void __force *)compat_ptr(tmp), &p64->edid) ||
+	    put_user_force(compat_ptr(tmp), &p64->edid) ||
 	    copy_in_user(p64->reserved, p32->reserved, sizeof(p64->reserved)))
 		return -EFAULT;
 	return 0;


Thanks,
Mauro

next prev parent reply	other threads:[~2018-04-17 13:10 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-04-17 10:20 [PATCH 0/5] Remaining COMPILE_TEST and smatch cleanups Mauro Carvalho Chehab
2018-04-17 10:20 ` [PATCH 1/5] omap: omap-iommu.h: allow building drivers with COMPILE_TEST Mauro Carvalho Chehab
2018-04-17 10:20 ` [PATCH 2/5] media: omap3isp: Enable driver compilation on ARM " Mauro Carvalho Chehab
2018-04-17 10:20 ` [PATCH 3/5] media: omap3isp: allow it to build " Mauro Carvalho Chehab
2018-04-17 10:20 ` [PATCH 4/5] media: v4l2-compat-ioctl32: fix several __user annotations Mauro Carvalho Chehab
2018-04-17 10:33   ` Hans Verkuil
2018-04-17 10:53     ` Mauro Carvalho Chehab
2018-04-17 11:04       ` Hans Verkuil
2018-04-17 11:30         ` Mauro Carvalho Chehab
2018-04-17 13:01         ` Mauro Carvalho Chehab
2018-04-17 13:10           ` Mauro Carvalho Chehab [this message]
2018-04-17 13:58             ` Mauro Carvalho Chehab
2018-04-17 14:21               ` Mauro Carvalho Chehab
2018-04-17 13:11           ` Hans Verkuil
2018-04-17 13:35             ` Mauro Carvalho Chehab
2018-04-17 10:20 ` [PATCH 5/5] media: v4l2-compat-ioctl32: better name userspace pointers Mauro Carvalho Chehab
2018-04-17 10:37   ` Hans Verkuil
2018-04-17 10:22 ` [PATCH 0/5] Remaining COMPILE_TEST and smatch cleanups Mauro Carvalho Chehab
     [not found] ` <20180418090414.6h5q3zfm3udzscd7@valkosipuli.retiisi.org.uk>
2018-04-19 10:42   ` Mauro Carvalho Chehab
2018-04-23 14:09     ` Sakari Ailus
2018-04-23 14:37       ` Mauro Carvalho Chehab

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8c05dd9660d dfblob:d2f0268427c )
 OR (
bs:"Re: [PATCH 4/5] media: v4l2-compat-ioctl32: fix several __user annotations" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180417101009.71d98c63@vento.lan \
    --to=mchehab@s-opensource.com \
    --cc=danielmentz@google.com \
    --cc=hansverk@cisco.com \
    --cc=laurent.pinchart@ideasonboard.com \
    --cc=linux-media@vger.kernel.org \
    --cc=mchehab@infradead.org \
    --cc=sakari.ailus@linux.intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).