From: Mauro Carvalho Chehab <mchehab@s-opensource.com>
To: Linux Media Mailing List <linux-media@vger.kernel.org>,
stable@vger.kernel.org, Greg KH <gregkh@linuxfoundation.org>
Cc: Mauro Carvalho Chehab <mchehab@s-opensource.com>,
Mauro Carvalho Chehab <mchehab@infradead.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Seung-Woo Kim <sw0312.kim@samsung.com>,
Inki Dae <inki.dae@samsung.com>,
Brian Warner <brian.warner@samsung.com>
Subject: [PATCH for v3.18 00/18] Backport CVE-2017-13166 fixes to Kernel 3.18
Date: Wed, 28 Mar 2018 15:12:19 -0300 [thread overview]
Message-ID: <cover.1522260310.git.mchehab@s-opensource.com> (raw)
Hi Greg,
Those are the backports meant to solve CVE-2017-13166 on Kernel 3.18.
It contains two v4l2-ctrls fixes that are required to avoid crashes
at the test application.
I wrote two patches myself for Kernel 3.18 in order to solve some
issues specific for Kernel 3.18 with aren't needed upstream.
one is actually a one-line change backport. The other one makes
sure that both 32-bits and 64-bits version of some ioctl calls
will return the same value for a reserved field.
I noticed an extra bug while testing it, but the bug also hits upstream,
and should be backported all the way down all stable/LTS versions.
So, I'll send it the usual way, after merging upsream.
Regards,
Mauro
Daniel Mentz (2):
media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha
media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
Hans Verkuil (12):
media: v4l2-ioctl.c: don't copy back the result for -ENOTTY
media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF
media: v4l2-compat-ioctl32.c: fix the indentation
media: v4l2-compat-ioctl32.c: move 'helper' functions to
__get/put_v4l2_format32
media: v4l2-compat-ioctl32.c: avoid sizeof(type)
media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32
media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer
media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs
media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32
media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type
media: v4l2-compat-ioctl32.c: don't copy back the result for certain
errors
media: v4l2-ctrls: fix sparse warning
Mauro Carvalho Chehab (2):
media: v4l2-compat-ioctl32: use compat_u64 for video standard
media: v4l2-compat-ioctl32: initialize a reserved field
Ricardo Ribalda (2):
vb2: V4L2_BUF_FLAG_DONE is set after DQBUF
media: media/v4l2-ctrls: volatiles should not generate CH_VALUE
drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 1020 +++++++++++++++----------
drivers/media/v4l2-core/v4l2-ctrls.c | 96 ++-
drivers/media/v4l2-core/v4l2-ioctl.c | 5 +-
drivers/media/v4l2-core/videobuf2-core.c | 5 +
4 files changed, 691 insertions(+), 435 deletions(-)
--
2.14.3
next reply other threads:[~2018-03-28 18:12 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <CGME20180328181304epcas4p2593efec8fcccbf6bf30ed30d9b5f0093@epcas4p2.samsung.com>
2018-03-28 18:12 ` Mauro Carvalho Chehab [this message]
2018-03-28 18:12 ` [PATCH for v3.18 01/18] media: v4l2-ioctl.c: don't copy back the result for -ENOTTY Mauro Carvalho Chehab
2018-03-28 18:12 ` [PATCH for v3.18 02/18] vb2: V4L2_BUF_FLAG_DONE is set after DQBUF Mauro Carvalho Chehab
2018-03-28 18:12 ` [PATCH for v3.18 03/18] media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF Mauro Carvalho Chehab
2018-03-28 18:12 ` [PATCH for v3.18 04/18] media: v4l2-compat-ioctl32.c: fix the indentation Mauro Carvalho Chehab
2018-03-28 18:12 ` [PATCH for v3.18 05/18] media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32 Mauro Carvalho Chehab
2018-04-04 15:32 ` Patch "media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32" has been added to the 3.18-stable tree gregkh
2018-03-28 18:12 ` [PATCH for v3.18 06/18] media: v4l2-compat-ioctl32.c: avoid sizeof(type) Mauro Carvalho Chehab
2018-04-04 15:32 ` Patch "media: v4l2-compat-ioctl32.c: avoid sizeof(type)" has been added to the 3.18-stable tree gregkh
2018-03-28 18:12 ` [PATCH for v3.18 07/18] media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 Mauro Carvalho Chehab
2018-04-04 15:32 ` Patch "media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32" has been added to the 3.18-stable tree gregkh
2018-03-28 18:12 ` [PATCH for v3.18 08/18] media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer Mauro Carvalho Chehab
2018-04-04 15:32 ` Patch "media: v4l2-compat-ioctl32.c: fix ctrl_is_pointer" has been added to the 3.18-stable tree gregkh
2018-03-28 18:12 ` [PATCH for v3.18 09/18] media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs Mauro Carvalho Chehab
2018-04-04 15:32 ` Patch "media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for subdevs" has been added to the 3.18-stable tree gregkh
2018-03-28 18:12 ` [PATCH for v3.18 10/18] media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha Mauro Carvalho Chehab
2018-04-04 15:32 ` Patch "media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha" has been added to the 3.18-stable tree gregkh
2018-03-28 18:12 ` [PATCH for v3.18 11/18] media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 Mauro Carvalho Chehab
2018-04-04 15:32 ` Patch "media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32" has been added to the 3.18-stable tree gregkh
2018-03-28 18:12 ` [PATCH for v3.18 12/18] media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type Mauro Carvalho Chehab
2018-04-04 15:32 ` Patch "media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type" has been added to the 3.18-stable tree gregkh
2018-03-28 18:12 ` [PATCH for v3.18 13/18] media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors Mauro Carvalho Chehab
2018-04-04 15:32 ` Patch "media: v4l2-compat-ioctl32.c: don't copy back the result for certain errors" has been added to the 3.18-stable tree gregkh
2018-03-28 18:12 ` [PATCH for v3.18 14/18] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic Mauro Carvalho Chehab
2018-04-04 15:32 ` Patch "media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic" has been added to the 3.18-stable tree gregkh
2018-03-28 18:12 ` [PATCH for v3.18 15/18] media: v4l2-ctrls: fix sparse warning Mauro Carvalho Chehab
2018-04-04 15:32 ` Patch "media: v4l2-ctrls: fix sparse warning" has been added to the 3.18-stable tree gregkh
2018-03-28 18:12 ` [PATCH for v3.18 16/18] media: media/v4l2-ctrls: volatiles should not generate CH_VALUE Mauro Carvalho Chehab
2018-04-04 15:32 ` Patch "media: media/v4l2-ctrls: volatiles should not generate CH_VALUE" has been added to the 3.18-stable tree gregkh
2018-03-28 18:12 ` [PATCH for v3.18 17/18] media: v4l2-compat-ioctl32: use compat_u64 for video standard Mauro Carvalho Chehab
2018-04-04 15:32 ` Patch "media: v4l2-compat-ioctl32: use compat_u64 for video standard" has been added to the 3.18-stable tree gregkh
2018-03-28 18:12 ` [PATCH for v3.18 18/18] media: v4l2-compat-ioctl32: initialize a reserved field Mauro Carvalho Chehab
2018-04-04 15:32 ` Patch "media: v4l2-compat-ioctl32: initialize a reserved field" has been added to the 3.18-stable tree gregkh
2018-03-28 23:22 ` [PATCH for v3.18 00/18] Backport CVE-2017-13166 fixes to Kernel 3.18 Inki Dae
2018-03-29 4:25 ` Greg KH
2018-03-29 6:39 ` Inki Dae
2018-03-29 7:00 ` Greg KH
2018-03-29 9:32 ` Inki Dae
2018-03-29 14:30 ` Mauro Carvalho Chehab
2018-04-04 15:33 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1522260310.git.mchehab@s-opensource.com \
--to=mchehab@s-opensource.com \
--cc=brian.warner@samsung.com \
--cc=gregkh@linuxfoundation.org \
--cc=inki.dae@samsung.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@infradead.org \
--cc=stable@vger.kernel.org \
--cc=sw0312.kim@samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).