From patchwork Thu Aug 3 03:42:17 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Daniel Mentz X-Patchwork-Id: 9878105 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 51352603B4 for ; Thu, 3 Aug 2017 03:43:16 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 37A202864F for ; Thu, 3 Aug 2017 03:43:16 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2C024286C5; Thu, 3 Aug 2017 03:43:16 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5422C2864F for ; Thu, 3 Aug 2017 03:43:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751161AbdHCDnI (ORCPT ); Wed, 2 Aug 2017 23:43:08 -0400 Received: from mail-pf0-f175.google.com ([209.85.192.175]:34089 "EHLO mail-pf0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751188AbdHCDnH (ORCPT ); Wed, 2 Aug 2017 23:43:07 -0400 Received: by mail-pf0-f175.google.com with SMTP id o86so1182455pfj.1 for ; Wed, 02 Aug 2017 20:43:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=VANgUSTCA8mxMLifMMbD+XjWe4vKt3/Tjwle6r0Bj5g=; b=ik378UkryDWzsQ92XoSuxG6DbnA8AQ8Kb9TMMB6l+MT6kHL6Dvz19RzHbUwBMnQKVg 2Vv7r/kbGUM4fhZMKI+OAWm/I5Sl/S3BWUSbu2V8AUBbP36IUAxXZUcV+3lEoF7XDN3u CHVOIyI+hPUbfIBPjzksYDb8kl9PPBHpDSgmK1i/Bv42gkKZhpw9AVaI2Q7Nz4eExJAl I7+rpX6YnmzpkdQPj9EroF6Q5CDUQiMEGBjPTC+pRRIfUa/0xgvJdCTFz2pTzWvenvbX Y2h97p6/zF77iMG1fvO4jgo04QPKb9thuJ2onZZRF4H45+SwcMlqJ9Dsw9Gp7vqoK5fc fL9Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=VANgUSTCA8mxMLifMMbD+XjWe4vKt3/Tjwle6r0Bj5g=; b=tLnLOQzO2YSgtYsEmOQFdMi8RFGk5EkbOTKVpZ1IJ3baCmfszjL5vKVxw9h7wHur2U 4UjGOpZWpjT0FG8wOL/2K85FakMVKXQzXzxNfztcOlIsdCLposL2jqsUhJlGFlj8hfip Mf6yPu8m57wSWbxSklr8qvezdy7nuTuU7t9kBnHSmBeOK4Mwh+0LLGZ1xaNacBOBdg/E mCUP99uDA+qt2DzLfOACSDUWnirM06ky5VijPorxicfcWmEmdWhFnGGoUNqxZDJX7Thc mvqdHA+tB5b3ZmrLNmq7LX5O4W1QXDLEnVBFDuUZNrHC4wqnunO9Eh2JdSSdgQyaZtFN Vh1g== X-Gm-Message-State: AIVw110ovlwDa1mpB5GRoqY+drlSHIKUvxz7M2Qcn4+agtKg9LIuGjDc pvYa/E/tUecj9MwLhtURqw== X-Received: by 10.84.160.198 with SMTP id v6mr340245plg.312.1501731786703; Wed, 02 Aug 2017 20:43:06 -0700 (PDT) Received: from danielmentz.mtv.corp.google.com ([100.98.120.46]) by smtp.gmail.com with ESMTPSA id b84sm17658924pfj.128.2017.08.02.20.43.05 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 02 Aug 2017 20:43:05 -0700 (PDT) From: Daniel Mentz To: linux-media@vger.kernel.org Cc: Daniel Mentz , stable@vger.kernel.org, "H . Peter Anvin" , Hans Verkuil , Laurent Pinchart , Tiffany Lin , Ricardo Ribalda Delgado , Sakari Ailus Subject: [PATCH] [media] v4l2-compat-ioctl32: Fix timespec conversion Date: Wed, 2 Aug 2017 20:42:17 -0700 Message-Id: <20170803034217.23048-1-danielmentz@google.com> X-Mailer: git-send-email 2.14.0.rc1.383.gd1ce394fe2-goog Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Certain syscalls like recvmmsg support 64 bit timespec values for the X32 ABI. The helper function compat_put_timespec converts a timespec value to a 32 bit or 64 bit value depending on what ABI is used. The v4l2 compat layer, however, is not designed to support 64 bit timespec values and always uses 32 bit values. Hence, compat_put_timespec must not be used. Without this patch, user space will be provided with bad timestamp values from the VIDIOC_DQEVENT ioctl. Also, fields of the struct v4l2_event32 that come immediately after timestamp get overwritten, namely the field named id. Fixes: 81993e81a994 ("compat: Get rid of (get|put)_compat_time(val|spec)") Cc: stable@vger.kernel.org Cc: H. Peter Anvin Cc: Hans Verkuil Cc: Laurent Pinchart Cc: Tiffany Lin Cc: Ricardo Ribalda Delgado Cc: Sakari Ailus Signed-off-by: Daniel Mentz --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index 6f52970f8b54..0c14e995667c 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -796,7 +796,8 @@ static int put_v4l2_event32(struct v4l2_event *kp, struct v4l2_event32 __user *u copy_to_user(&up->u, &kp->u, sizeof(kp->u)) || put_user(kp->pending, &up->pending) || put_user(kp->sequence, &up->sequence) || - compat_put_timespec(&kp->timestamp, &up->timestamp) || + put_user(kp->timestamp.tv_sec, &up->timestamp.tv_sec) || + put_user(kp->timestamp.tv_nsec, &up->timestamp.tv_nsec) || put_user(kp->id, &up->id) || copy_to_user(up->reserved, kp->reserved, 8 * sizeof(__u32))) return -EFAULT;