aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/media/v4l2-core
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/media/v4l2-core')
-rw-r--r--drivers/media/v4l2-core/v4l2-common.c33
-rw-r--r--drivers/media/v4l2-core/v4l2-compat-ioctl32.c1793
-rw-r--r--drivers/media/v4l2-core/v4l2-ctrls.c235
-rw-r--r--drivers/media/v4l2-core/v4l2-device.c3
-rw-r--r--drivers/media/v4l2-core/v4l2-fwnode.c32
-rw-r--r--drivers/media/v4l2-core/v4l2-ioctl.c184
-rw-r--r--drivers/media/v4l2-core/v4l2-subdev.c48
7 files changed, 1030 insertions, 1298 deletions
diff --git a/drivers/media/v4l2-core/v4l2-common.c b/drivers/media/v4l2-core/v4l2-common.c
index 3dc17ebe14fa..78007dba4677 100644
--- a/drivers/media/v4l2-core/v4l2-common.c
+++ b/drivers/media/v4l2-core/v4l2-common.c
@@ -441,3 +441,36 @@ int v4l2_fill_pixfmt(struct v4l2_pix_format *pixfmt, u32 pixelformat,
return 0;
}
EXPORT_SYMBOL_GPL(v4l2_fill_pixfmt);
+
+s64 v4l2_get_link_rate(struct v4l2_ctrl_handler *handler, unsigned int mul,
+ unsigned int div)
+{
+ struct v4l2_ctrl *ctrl;
+ s64 freq;
+
+ ctrl = v4l2_ctrl_find(handler, V4L2_CID_LINK_FREQ);
+ if (ctrl) {
+ struct v4l2_querymenu qm = { .id = V4L2_CID_LINK_FREQ };
+ int ret;
+
+ qm.index = v4l2_ctrl_g_ctrl(ctrl);
+
+ ret = v4l2_querymenu(handler, &qm);
+ if (ret)
+ return -ENOENT;
+
+ freq = qm.value;
+ } else {
+ if (!mul || !div)
+ return -ENOENT;
+
+ ctrl = v4l2_ctrl_find(handler, V4L2_CID_PIXEL_RATE);
+ if (!ctrl)
+ return -ENOENT;
+
+ freq = div_u64(v4l2_ctrl_g_ctrl_int64(ctrl) * mul, div);
+ }
+
+ return freq > 0 ? freq : -EINVAL;
+}
+EXPORT_SYMBOL_GPL(v4l2_get_link_rate);
diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
index a99e82ec9ab6..0ca75f6784c5 100644
--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
+++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
@@ -23,103 +23,6 @@
#include <media/v4l2-ctrls.h>
#include <media/v4l2-ioctl.h>
-/**
- * assign_in_user() - Copy from one __user var to another one
- *
- * @to: __user var where data will be stored
- * @from: __user var where data will be retrieved.
- *
- * As this code very often needs to allocate userspace memory, it is easier
- * to have a macro that will do both get_user() and put_user() at once.
- *
- * This function complements the macros defined at asm-generic/uaccess.h.
- * It uses the same argument order as copy_in_user()
- */
-#define assign_in_user(to, from) \
-({ \
- typeof(*from) __assign_tmp; \
- \
- get_user(__assign_tmp, from) || put_user(__assign_tmp, to); \
-})
-
-/**
- * get_user_cast() - Stores at a kernelspace local var the contents from a
- * pointer with userspace data that is not tagged with __user.
- *
- * @__x: var where data will be stored
- * @__ptr: var where data will be retrieved.
- *
- * Sometimes we need to declare a pointer without __user because it
- * comes from a pointer struct field that will be retrieved from userspace
- * by the 64-bit native ioctl handler. This function ensures that the
- * @__ptr will be cast to __user before calling get_user() in order to
- * avoid warnings with static code analyzers like smatch.
- */
-#define get_user_cast(__x, __ptr) \
-({ \
- get_user(__x, (typeof(*__ptr) __user *)(__ptr)); \
-})
-
-/**
- * put_user_force() - Stores the contents of a kernelspace local var
- * into a userspace pointer, removing any __user cast.
- *
- * @__x: var where data will be stored
- * @__ptr: var where data will be retrieved.
- *
- * Sometimes we need to remove the __user attribute from some data,
- * by passing the __force macro. This function ensures that the
- * @__ptr will be cast with __force before calling put_user(), in order to
- * avoid warnings with static code analyzers like smatch.
- */
-#define put_user_force(__x, __ptr) \
-({ \
- put_user((typeof(*__x) __force *)(__x), __ptr); \
-})
-
-/**
- * assign_in_user_cast() - Copy from one __user var to another one
- *
- * @to: __user var where data will be stored
- * @from: var where data will be retrieved that needs to be cast to __user.
- *
- * As this code very often needs to allocate userspace memory, it is easier
- * to have a macro that will do both get_user_cast() and put_user() at once.
- *
- * This function should be used instead of assign_in_user() when the @from
- * variable was not declared as __user. See get_user_cast() for more details.
- *
- * This function complements the macros defined at asm-generic/uaccess.h.
- * It uses the same argument order as copy_in_user()
- */
-#define assign_in_user_cast(to, from) \
-({ \
- typeof(*from) __assign_tmp; \
- \
- get_user_cast(__assign_tmp, from) || put_user(__assign_tmp, to);\
-})
-
-/**
- * native_ioctl - Ancillary function that calls the native 64 bits ioctl
- * handler.
- *
- * @file: pointer to &struct file with the file handler
- * @cmd: ioctl to be called
- * @arg: arguments passed from/to the ioctl handler
- *
- * This function calls the native ioctl handler at v4l2-dev, e. g. v4l2_ioctl()
- */
-static long native_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
-{
- long ret = -ENOIOCTLCMD;
-
- if (file->f_op->unlocked_ioctl)
- ret = file->f_op->unlocked_ioctl(file, cmd, arg);
-
- return ret;
-}
-
-
/*
* Per-ioctl data copy handlers.
*
@@ -150,77 +53,54 @@ struct v4l2_window32 {
__u8 global_alpha;
};
-static int get_v4l2_window32(struct v4l2_window __user *p64,
- struct v4l2_window32 __user *p32,
- void __user *aux_buf, u32 aux_space)
+static int get_v4l2_window32(struct v4l2_window *p64,
+ struct v4l2_window32 __user *p32)
{
- struct v4l2_clip32 __user *uclips;
- struct v4l2_clip __user *kclips;
- compat_caddr_t p;
- u32 clipcount;
-
- if (!access_ok(p32, sizeof(*p32)) ||
- copy_in_user(&p64->w, &p32->w, sizeof(p32->w)) ||
- assign_in_user(&p64->field, &p32->field) ||
- assign_in_user(&p64->chromakey, &p32->chromakey) ||
- assign_in_user(&p64->global_alpha, &p32->global_alpha) ||
- get_user(clipcount, &p32->clipcount) ||
- put_user(clipcount, &p64->clipcount))
- return -EFAULT;
- if (clipcount > 2048)
- return -EINVAL;
- if (!clipcount)
- return put_user(NULL, &p64->clips);
+ struct v4l2_window32 w32;
- if (get_user(p, &p32->clips))
- return -EFAULT;
- uclips = compat_ptr(p);
- if (aux_space < clipcount * sizeof(*kclips))
- return -EFAULT;
- kclips = aux_buf;
- if (put_user(kclips, &p64->clips))
+ if (copy_from_user(&w32, p32, sizeof(w32)))
return -EFAULT;
- while (clipcount--) {
- if (copy_in_user(&kclips->c, &uclips->c, sizeof(uclips->c)))
- return -EFAULT;
- if (put_user(clipcount ? kclips + 1 : NULL, &kclips->next))
- return -EFAULT;
- uclips++;
- kclips++;
- }
+ *p64 = (struct v4l2_window) {
+ .w = w32.w,
+ .field = w32.field,
+ .chromakey = w32.chromakey,
+ .clips = (void __force *)compat_ptr(w32.clips),
+ .clipcount = w32.clipcount,
+ .bitmap = compat_ptr(w32.bitmap),
+ .global_alpha = w32.global_alpha,
+ };
+
+ if (p64->clipcount > 2048)
+ return -EINVAL;
+ if (!p64->clipcount)
+ p64->clips = NULL;
+
return 0;
}
-static int put_v4l2_window32(struct v4l2_window __user *p64,
+static int put_v4l2_window32(struct v4l2_window *p64,
struct v4l2_window32 __user *p32)
{
- struct v4l2_clip __user *kclips;
- struct v4l2_clip32 __user *uclips;
- compat_caddr_t p;
- u32 clipcount;
-
- if (copy_in_user(&p32->w, &p64->w, sizeof(p64->w)) ||
- assign_in_user(&p32->field, &p64->field) ||
- assign_in_user(&p32->chromakey, &p64->chromakey) ||
- assign_in_user(&p32->global_alpha, &p64->global_alpha) ||
- get_user(clipcount, &p64->clipcount) ||
- put_user(clipcount, &p32->clipcount))
- return -EFAULT;
- if (!clipcount)
- return 0;
+ struct v4l2_window32 w32;
+
+ memset(&w32, 0, sizeof(w32));
+ w32 = (struct v4l2_window32) {
+ .w = p64->w,
+ .field = p64->field,
+ .chromakey = p64->chromakey,
+ .clips = (uintptr_t)p64->clips,
+ .clipcount = p64->clipcount,
+ .bitmap = ptr_to_compat(p64->bitmap),
+ .global_alpha = p64->global_alpha,
+ };
- if (get_user(kclips, &p64->clips))
+ /* copy everything except the clips pointer */
+ if (copy_to_user(p32, &w32, offsetof(struct v4l2_window32, clips)) ||
+ copy_to_user(&p32->clipcount, &w32.clipcount,
+ sizeof(w32) - offsetof(struct v4l2_window32, clipcount)))
return -EFAULT;
- if (get_user(p, &p32->clips))
- return -EFAULT;
- uclips = compat_ptr(p);
- while (clipcount--) {
- if (copy_in_user(&uclips->c, &kclips->c, sizeof(uclips->c)))
- return -EFAULT;
- uclips++;
- kclips++;
- }
+
return 0;
}
@@ -257,169 +137,99 @@ struct v4l2_create_buffers32 {
__u32 reserved[7];
};
-static int __bufsize_v4l2_format(struct v4l2_format32 __user *p32, u32 *size)
-{
- u32 type;
-
- if (get_user(type, &p32->type))
- return -EFAULT;
-
- switch (type) {
- case V4L2_BUF_TYPE_VIDEO_OVERLAY:
- case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY: {
- u32 clipcount;
-
- if (get_user(clipcount, &p32->fmt.win.clipcount))
- return -EFAULT;
- if (clipcount > 2048)
- return -EINVAL;
- *size = clipcount * sizeof(struct v4l2_clip);
- return 0;
- }
- default:
- *size = 0;
- return 0;
- }
-}
-
-static int bufsize_v4l2_format(struct v4l2_format32 __user *p32, u32 *size)
-{
- if (!access_ok(p32, sizeof(*p32)))
- return -EFAULT;
- return __bufsize_v4l2_format(p32, size);
-}
-
-static int __get_v4l2_format32(struct v4l2_format __user *p64,
- struct v4l2_format32 __user *p32,
- void __user *aux_buf, u32 aux_space)
+static int get_v4l2_format32(struct v4l2_format *p64,
+ struct v4l2_format32 __user *p32)
{
- u32 type;
-
- if (get_user(type, &p32->type) || put_user(type, &p64->type))
+ if (get_user(p64->type, &p32->type))
return -EFAULT;
- switch (type) {
+ switch (p64->type) {
case V4L2_BUF_TYPE_VIDEO_CAPTURE:
case V4L2_BUF_TYPE_VIDEO_OUTPUT:
- return copy_in_user(&p64->fmt.pix, &p32->fmt.pix,
- sizeof(p64->fmt.pix)) ? -EFAULT : 0;
+ return copy_from_user(&p64->fmt.pix, &p32->fmt.pix,
+ sizeof(p64->fmt.pix)) ? -EFAULT : 0;
case V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE:
case V4L2_BUF_TYPE_VIDEO_OUTPUT_MPLANE:
- return copy_in_user(&p64->fmt.pix_mp, &p32->fmt.pix_mp,
- sizeof(p64->fmt.pix_mp)) ? -EFAULT : 0;
+ return copy_from_user(&p64->fmt.pix_mp, &p32->fmt.pix_mp,
+ sizeof(p64->fmt.pix_mp)) ? -EFAULT : 0;
case V4L2_BUF_TYPE_VIDEO_OVERLAY:
case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY:
- return get_v4l2_window32(&p64->fmt.win, &p32->fmt.win,
- aux_buf, aux_space);
+ return get_v4l2_window32(&p64->fmt.win, &p32->fmt.win);
case V4L2_BUF_TYPE_VBI_CAPTURE:
case V4L2_BUF_TYPE_VBI_OUTPUT:
- return copy_in_user(&p64->fmt.vbi, &p32->fmt.vbi,
- sizeof(p64->fmt.vbi)) ? -EFAULT : 0;
+ return copy_from_user(&p64->fmt.vbi, &p32->fmt.vbi,
+ sizeof(p64->fmt.vbi)) ? -EFAULT : 0;
case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE:
case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT:
- return copy_in_user(&p64->fmt.sliced, &p32->fmt.sliced,
- sizeof(p64->fmt.sliced)) ? -EFAULT : 0;
+ return copy_from_user(&p64->fmt.sliced, &p32->fmt.sliced,
+ sizeof(p64->fmt.sliced)) ? -EFAULT : 0;
case V4L2_BUF_TYPE_SDR_CAPTURE:
case V4L2_BUF_TYPE_SDR_OUTPUT:
- return copy_in_user(&p64->fmt.sdr, &p32->fmt.sdr,
- sizeof(p64->fmt.sdr)) ? -EFAULT : 0;
+ return copy_from_user(&p64->fmt.sdr, &p32->fmt.sdr,
+ sizeof(p64->fmt.sdr)) ? -EFAULT : 0;
case V4L2_BUF_TYPE_META_CAPTURE:
case V4L2_BUF_TYPE_META_OUTPUT:
- return copy_in_user(&p64->fmt.meta, &p32->fmt.meta,
- sizeof(p64->fmt.meta)) ? -EFAULT : 0;
+ return copy_from_user(&p64->fmt.meta, &p32->fmt.meta,
+ sizeof(p64->fmt.meta)) ? -EFAULT : 0;
default:
return -EINVAL;
}
}
-static int get_v4l2_format32(struct v4l2_format __user *p64,
- struct v4l2_format32 __user *p32,
- void __user *aux_buf, u32 aux_space)
-{
- if (!access_ok(p32, sizeof(*p32)))
- return -EFAULT;
- return __get_v4l2_format32(p64, p32, aux_buf, aux_space);
-}
-
-static int bufsize_v4l2_create(struct v4l2_create_buffers32 __user *p32,
- u32 *size)
-{
- if (!access_ok(p32, sizeof(*p32)))
- return -EFAULT;
- return __bufsize_v4l2_format(&p32->format, size);
-}
-
-static int get_v4l2_create32(struct v4l2_create_buffers __user *p64,
- struct v4l2_create_buffers32 __user *p32,
- void __user *aux_buf, u32 aux_space)
+static int get_v4l2_create32(struct v4l2_create_buffers *p64,
+ struct v4l2_create_buffers32 __user *p32)
{
- if (!access_ok(p32, sizeof(*p32)) ||
- copy_in_user(p64, p32,
- offsetof(struct v4l2_create_buffers32, format)))
+ if (copy_from_user(p64, p32,
+ offsetof(struct v4l2_create_buffers32, format)))
return -EFAULT;
- return __get_v4l2_format32(&p64->format, &p32->format,
- aux_buf, aux_space);
+ return get_v4l2_format32(&p64->format, &p32->format);
}
-static int __put_v4l2_format32(struct v4l2_format __user *p64,
- struct v4l2_format32 __user *p32)
+static int put_v4l2_format32(struct v4l2_format *p64,
+ struct v4l2_format32 __user *p32)
{
- u32 type;
-
- if (get_user(type, &p64->type))
- return -EFAULT;
-
- switch (type) {
+ switch (p64->type) {
case V4L2_BUF_TYPE_VIDEO_CAPTURE:
case V4L2_BUF_TYPE_VIDEO_OUTPUT:
- return copy_in_user(&p32->fmt.pix, &p64->fmt.pix,
+ return copy_to_user(&p32->fmt.pix, &p64->fmt.pix,
sizeof(p64->fmt.pix)) ? -EFAULT : 0;
case V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE:
case V4L2_BUF_TYPE_VIDEO_OUTPUT_MPLANE:
- return copy_in_user(&p32->fmt.pix_mp, &p64->fmt.pix_mp,
+ return copy_to_user(&p32->fmt.pix_mp, &p64->fmt.pix_mp,
sizeof(p64->fmt.pix_mp)) ? -EFAULT : 0;
case V4L2_BUF_TYPE_VIDEO_OVERLAY:
case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY:
return put_v4l2_window32(&p64->fmt.win, &p32->fmt.win);
case V4L2_BUF_TYPE_VBI_CAPTURE:
case V4L2_BUF_TYPE_VBI_OUTPUT:
- return copy_in_user(&p32->fmt.vbi, &p64->fmt.vbi,
+ return copy_to_user(&p32->fmt.vbi, &p64->fmt.vbi,
sizeof(p64->fmt.vbi)) ? -EFAULT : 0;
case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE:
case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT:
- return copy_in_user(&p32->fmt.sliced, &p64->fmt.sliced,
+ return copy_to_user(&p32->fmt.sliced, &p64->fmt.sliced,
sizeof(p64->fmt.sliced)) ? -EFAULT : 0;
case V4L2_BUF_TYPE_SDR_CAPTURE:
case V4L2_BUF_TYPE_SDR_OUTPUT:
- return copy_in_user(&p32->fmt.sdr, &p64->fmt.sdr,
+ return copy_to_user(&p32->fmt.sdr, &p64->fmt.sdr,
sizeof(p64->fmt.sdr)) ? -EFAULT : 0;
case V4L2_BUF_TYPE_META_CAPTURE:
case V4L2_BUF_TYPE_META_OUTPUT:
- return copy_in_user(&p32->fmt.meta, &p64->fmt.meta,
+ return copy_to_user(&p32->fmt.meta, &p64->fmt.meta,
sizeof(p64->fmt.meta)) ? -EFAULT : 0;
default:
return -EINVAL;
}
}
-static int put_v4l2_format32(struct v4l2_format __user *p64,
- struct v4l2_format32 __user *p32)
-{
- if (!access_ok(p32, sizeof(*p32)))
- return -EFAULT;
- return __put_v4l2_format32(p64, p32);
-}
-
-static int put_v4l2_create32(struct v4l2_create_buffers __user *p64,
+static int put_v4l2_create32(struct v4l2_create_buffers *p64,
struct v4l2_create_buffers32 __user *p32)
{
- if (!access_ok(p32, sizeof(*p32)) ||
- copy_in_user(p32, p64,
+ if (copy_to_user(p32, p64,
offsetof(struct v4l2_create_buffers32, format)) ||
- assign_in_user(&p32->capabilities, &p64->capabilities) ||
- copy_in_user(p32->reserved, p64->reserved, sizeof(p64->reserved)))
+ put_user(p64->capabilities, &p32->capabilities) ||
+ copy_to_user(p32->reserved, p64->reserved, sizeof(p64->reserved)))
return -EFAULT;
- return __put_v4l2_format32(&p64->format, &p32->format);
+ return put_v4l2_format32(&p64->format, &p32->format);
}
struct v4l2_standard32 {
@@ -431,27 +241,23 @@ struct v4l2_standard32 {
__u32 reserved[4];
};
-static int get_v4l2_standard32(struct v4l2_standard __user *p64,
+static int get_v4l2_standard32(struct v4l2_standard *p64,
struct v4l2_standard32 __user *p32)
{
/* other fields are not set by the user, nor used by the driver */
- if (!access_ok(p32, sizeof(*p32)) ||
- assign_in_user(&p64->index, &p32->index))
- return -EFAULT;
- return 0;
+ return get_user(p64->index, &p32->index);
}
-static int put_v4l2_standard32(struct v4l2_standard __user *p64,
+static int put_v4l2_standard32(struct v4l2_standard *p64,
struct v4l2_standard32 __user *p32)
{
- if (!access_ok(p32, sizeof(*p32)) ||
- assign_in_user(&p32->index, &p64->index) ||
- assign_in_user(&p32->id, &p64->id) ||
- copy_in_user(p32->name, p64->name, sizeof(p32->name)) ||
- copy_in_user(&p32->frameperiod, &p64->frameperiod,
+ if (put_user(p64->index, &p32->index) ||
+ put_user(p64->id, &p32->id) ||
+ copy_to_user(p32->name, p64->name, sizeof(p32->name)) ||
+ copy_to_user(&p32->frameperiod, &p64->frameperiod,
sizeof(p32->frameperiod)) ||
- assign_in_user(&p32->framelines, &p64->framelines) ||
- copy_in_user(p32->reserved, p64->reserved, sizeof(p32->reserved)))
+ put_user(p64->framelines, &p32->framelines) ||
+ copy_to_user(p32->reserved, p64->reserved, sizeof(p32->reserved)))
return -EFAULT;
return 0;
}
@@ -498,6 +304,7 @@ struct v4l2_buffer32 {
__s32 request_fd;
};
+#ifdef CONFIG_COMPAT_32BIT_TIME
struct v4l2_buffer32_time32 {
__u32 index;
__u32 type; /* enum v4l2_buf_type */
@@ -520,481 +327,252 @@ struct v4l2_buffer32_time32 {
__u32 reserved2;
__s32 request_fd;
};
+#endif
-static int get_v4l2_plane32(struct v4l2_plane __user *p64,
+static int get_v4l2_plane32(struct v4l2_plane *p64,
struct v4l2_plane32 __user *p32,
enum v4l2_memory memory)
{
- compat_ulong_t p;
+ struct v4l2_plane32 plane32;
+ typeof(p64->m) m = {};
- if (copy_in_user(p64, p32, 2 * sizeof(__u32)) ||
- copy_in_user(&p64->data_offset, &p32->data_offset,
- sizeof(p64->data_offset)))
+ if (copy_from_user(&plane32, p32, sizeof(plane32)))
return -EFAULT;
switch (memory) {
case V4L2_MEMORY_MMAP:
case V4L2_MEMORY_OVERLAY:
- if (copy_in_user(&p64->m.mem_offset, &p32->m.mem_offset,
- sizeof(p32->m.mem_offset)))
- return -EFAULT;
+ m.mem_offset = plane32.m.mem_offset;
break;
case V4L2_MEMORY_USERPTR:
- if (get_user(p, &p32->m.userptr) ||
- put_user((unsigned long)compat_ptr(p), &p64->m.userptr))
- return -EFAULT;
+ m.userptr = (unsigned long)compat_ptr(plane32.m.userptr);
break;
case V4L2_MEMORY_DMABUF:
- if (copy_in_user(&p64->m.fd, &p32->m.fd, sizeof(p32->m.fd)))
- return -EFAULT;
+ m.fd = plane32.m.fd;
break;
}
+ memset(p64, 0, sizeof(*p64));
+ *p64 = (struct v4l2_plane) {
+ .bytesused = plane32.bytesused,
+ .length = plane32.length,
+ .m = m,
+ .data_offset = plane32.data_offset,
+ };
+
return 0;
}
-static int put_v4l2_plane32(struct v4l2_plane __user *p64,
+static int put_v4l2_plane32(struct v4l2_plane *p64,
struct v4l2_plane32 __user *p32,
enum v4l2_memory memory)
{
- unsigned long p;
+ struct v4l2_plane32 plane32;
- if (copy_in_user(p32, p64, 2 * sizeof(__u32)) ||
- copy_in_user(&p32->data_offset, &p64->data_offset,
- sizeof(p64->data_offset)))
- return -EFAULT;
+ memset(&plane32, 0, sizeof(plane32));
+ plane32 = (struct v4l2_plane32) {
+ .bytesused = p64->bytesused,
+ .length = p64->length,
+ .data_offset = p64->data_offset,
+ };
switch (memory) {
case V4L2_MEMORY_MMAP:
case V4L2_MEMORY_OVERLAY:
- if (copy_in_user(&p32->m.mem_offset, &p64->m.mem_offset,
- sizeof(p64->m.mem_offset)))
- return -EFAULT;
+ plane32.m.mem_offset = p64->m.mem_offset;
break;
case V4L2_MEMORY_USERPTR:
- if (get_user(p, &p64->m.userptr) ||
- put_user((compat_ulong_t)ptr_to_compat((void __user *)p),
- &p32->m.userptr))
- return -EFAULT;
+ plane32.m.userptr = (uintptr_t)(p64->m.userptr);
break;
case V4L2_MEMORY_DMABUF:
- if (copy_in_user(&p32->m.fd, &p64->m.fd, sizeof(p64->m.fd)))
- return -EFAULT;
+ plane32.m.fd = p64->m.fd;
break;
}
- return 0;
-}
-
-static int bufsize_v4l2_buffer(struct v4l2_buffer32 __user *p32, u32 *size)
-{
- u32 type;
- u32 length;
-
- if (!access_ok(p32, sizeof(*p32)) ||
- get_user(type, &p32->type) ||
- get_user(length, &p32->length))
+ if (copy_to_user(p32, &plane32, sizeof(plane32)))
return -EFAULT;
- if (V4L2_TYPE_IS_MULTIPLANAR(type)) {
- if (length > VIDEO_MAX_PLANES)
- return -EINVAL;
-
- /*
- * We don't really care if userspace decides to kill itself
- * by passing a very big length value
- */
- *size = length * sizeof(struct v4l2_plane);
- } else {
- *size = 0;
- }
return 0;
}
-static int bufsize_v4l2_buffer_time32(struct v4l2_buffer32_time32 __user *p32, u32 *size)
+static int get_v4l2_buffer32(struct v4l2_buffer *vb,
+ struct v4l2_buffer32 __user *arg)
{
- u32 type;
- u32 length;
+ struct v4l2_buffer32 vb32;
- if (!access_ok(p32, sizeof(*p32)) ||
- get_user(type, &p32->type) ||
- get_user(length, &p32->length))
+ if (copy_from_user(&vb32, arg, sizeof(vb32)))
return -EFAULT;
- if (V4L2_TYPE_IS_MULTIPLANAR(type)) {
- if (length > VIDEO_MAX_PLANES)
- return -EINVAL;
+ memset(vb, 0, sizeof(*vb));
+ *vb = (struct v4l2_buffer) {
+ .index = vb32.index,
+ .type = vb32.type,
+ .bytesused = vb32.bytesused,
+ .flags = vb32.flags,
+ .field = vb32.field,
+ .timestamp.tv_sec = vb32.timestamp.tv_sec,
+ .timestamp.tv_usec = vb32.timestamp.tv_usec,
+ .timecode = vb32.timecode,
+ .sequence = vb32.sequence,
+ .memory = vb32.memory,
+ .m.offset = vb32.m.offset,
+ .length = vb32.length,
+ .request_fd = vb32.request_fd,
+ };
- /*
- * We don't really care if userspace decides to kill itself
- * by passing a very big length value
- */
- *size = length * sizeof(struct v4l2_plane);
- } else {
- *size = 0;
+ switch (vb->memory) {
+ case V4L2_MEMORY_MMAP:
+ case V4L2_MEMORY_OVERLAY:
+ vb->m.offset = vb32.m.offset;
+ break;
+ case V4L2_MEMORY_USERPTR:
+ vb->m.userptr = (unsigned long)compat_ptr(vb32.m.userptr);
+ break;
+ case V4L2_MEMORY_DMABUF:
+ vb->m.fd = vb32.m.fd;
+ break;
}
- return 0;
-}
-
-static int get_v4l2_buffer32(struct v4l2_buffer __user *p64,
- struct v4l2_buffer32 __user *p32,
- void __user *aux_buf, u32 aux_space)
-{
- u32 type;
- u32 length;
- s32 request_fd;
- enum v4l2_memory memory;
- struct v4l2_plane32 __user *uplane32;
- struct v4l2_plane __user *uplane;
- compat_caddr_t p;
- int ret;
-
- if (!access_ok(p32, sizeof(*p32)) ||
- assign_in_user(&p64->index, &p32->index) ||
- get_user(type, &p32->type) ||
- put_user(type, &p64->type) ||
- assign_in_user(&p64->flags, &p32->flags) ||
- get_user(memory, &p32->memory) ||
- put_user(memory, &p64->memory) ||
- get_user(length, &p32->length) ||
- put_user(length, &p64->length) ||
- get_user(request_fd, &p32->request_fd) ||
- put_user(request_fd, &p64->request_fd))
- return -EFAULT;
-
- if (V4L2_TYPE_IS_OUTPUT(type))
- if (assign_in_user(&p64->bytesused, &p32->bytesused) ||
- assign_in_user(&p64->field, &p32->field) ||
- assign_in_user(&p64->timestamp.tv_sec,
- &p32->timestamp.tv_sec) ||
- assign_in_user(&p64->timestamp.tv_usec,
- &p32->timestamp.tv_usec))
- return -EFAULT;
-
- if (V4L2_TYPE_IS_MULTIPLANAR(type)) {
- u32 num_planes = length;
- if (num_planes == 0) {
- /*
- * num_planes == 0 is legal, e.g. when userspace doesn't
- * need planes array on DQBUF
- */
- return put_user(NULL, &p64->m.planes);
- }
- if (num_planes > VIDEO_MAX_PLANES)
- return -EINVAL;
-
- if (get_user(p, &p32->m.planes))
- return -EFAULT;
-
- uplane32 = compat_ptr(p);
- if (!access_ok(uplane32,
- num_planes * sizeof(*uplane32)))
- return -EFAULT;
-
- /*
- * We don't really care if userspace decides to kill itself
- * by passing a very big num_planes value
- */
- if (aux_space < num_planes * sizeof(*uplane))
- return -EFAULT;
-
- uplane = aux_buf;
- if (put_user_force(uplane, &p64->m.planes))
- return -EFAULT;
-
- while (num_planes--) {
- ret = get_v4l2_plane32(uplane, uplane32, memory);
- if (ret)
- return ret;
- uplane++;
- uplane32++;
- }
- } else {
- switch (memory) {
- case V4L2_MEMORY_MMAP:
- case V4L2_MEMORY_OVERLAY:
- if (assign_in_user(&p64->m.offset, &p32->m.offset))
- return -EFAULT;
- break;
- case V4L2_MEMORY_USERPTR: {
- compat_ulong_t userptr;
-
- if (get_user(userptr, &p32->m.userptr) ||
- put_user((unsigned long)compat_ptr(userptr),
- &p64->m.userptr))
- return -EFAULT;
- break;
- }
- case V4L2_MEMORY_DMABUF:
- if (assign_in_user(&p64->m.fd, &p32->m.fd))
- return -EFAULT;
- break;
- }
- }
+ if (V4L2_TYPE_IS_MULTIPLANAR(vb->type))
+ vb->m.planes = (void __force *)
+ compat_ptr(vb32.m.planes);
return 0;
}
-static int get_v4l2_buffer32_time32(struct v4l2_buffer_time32 __user *p64,
- struct v4l2_buffer32_time32 __user *p32,
- void __user *aux_buf, u32 aux_space)
+#ifdef CONFIG_COMPAT_32BIT_TIME
+static int get_v4l2_buffer32_time32(struct v4l2_buffer *vb,
+ struct v4l2_buffer32_time32 __user *arg)
{
- u32 type;
- u32 length;
- s32 request_fd;
- enum v4l2_memory memory;
- struct v4l2_plane32 __user *uplane32;
- struct v4l2_plane __user *uplane;
- compat_caddr_t p;
- int ret;
-
- if (!access_ok(p32, sizeof(*p32)) ||
- assign_in_user(&p64->index, &p32->index) ||
- get_user(type, &p32->type) ||
- put_user(type, &p64->type) ||
- assign_in_user(&p64->flags, &p32->flags) ||
- get_user(memory, &p32->memory) ||
- put_user(memory, &p64->memory) ||
- get_user(length, &p32->length) ||
- put_user(length, &p64->length) ||
- get_user(request_fd, &p32->request_fd) ||
- put_user(request_fd, &p64->request_fd))
- return -EFAULT;
+ struct v4l2_buffer32_time32 vb32;
- if (V4L2_TYPE_IS_OUTPUT(type))
- if (assign_in_user(&p64->bytesused, &p32->bytesused) ||
- assign_in_user(&p64->field, &p32->field) ||
- assign_in_user(&p64->timestamp.tv_sec,
- &p32->timestamp.tv_sec) ||
- assign_in_user(&p64->timestamp.tv_usec,
- &p32->timestamp.tv_usec))
- return -EFAULT;
-
- if (V4L2_TYPE_IS_MULTIPLANAR(type)) {
- u32 num_planes = length;
-
- if (num_planes == 0) {
- /*
- * num_planes == 0 is legal, e.g. when userspace doesn't
- * need planes array on DQBUF
- */
- return put_user(NULL, &p64->m.planes);
- }
- if (num_planes > VIDEO_MAX_PLANES)
- return -EINVAL;
-
- if (get_user(p, &p32->m.planes))
- return -EFAULT;
-
- uplane32 = compat_ptr(p);
- if (!access_ok(uplane32,
- num_planes * sizeof(*uplane32)))
- return -EFAULT;
-
- /*
- * We don't really care if userspace decides to kill itself
- * by passing a very big num_planes value
- */
- if (aux_space < num_planes * sizeof(*uplane))
- return -EFAULT;
-
- uplane = aux_buf;
- if (put_user_force(uplane, &p64->m.planes))
- return -EFAULT;
-
- while (num_planes--) {
- ret = get_v4l2_plane32(uplane, uplane32, memory);
- if (ret)
- return ret;
- uplane++;
- uplane32++;
- }
- } else {
- switch (memory) {
- case V4L2_MEMORY_MMAP:
- case V4L2_MEMORY_OVERLAY:
- if (assign_in_user(&p64->m.offset, &p32->m.offset))
- return -EFAULT;
- break;
- case V4L2_MEMORY_USERPTR: {
- compat_ulong_t userptr;
+ if (copy_from_user(&vb32, arg, sizeof(vb32)))
+ return -EFAULT;
- if (get_user(userptr, &p32->m.userptr) ||
- put_user((unsigned long)compat_ptr(userptr),
- &p64->m.userptr))
- return -EFAULT;
- break;
- }
- case V4L2_MEMORY_DMABUF:
- if (assign_in_user(&p64->m.fd, &p32->m.fd))
- return -EFAULT;
- break;
- }
+ *vb = (struct v4l2_buffer) {
+ .index = vb32.index,
+ .type = vb32.type,
+ .bytesused = vb32.bytesused,
+ .flags = vb32.flags,
+ .field = vb32.field,
+ .timestamp.tv_sec = vb32.timestamp.tv_sec,
+ .timestamp.tv_usec = vb32.timestamp.tv_usec,
+ .timecode = vb32.timecode,
+ .sequence = vb32.sequence,
+ .memory = vb32.memory,
+ .m.offset = vb32.m.offset,
+ .length = vb32.length,
+ .request_fd = vb32.request_fd,
+ };
+ switch (vb->memory) {
+ case V4L2_MEMORY_MMAP:
+ case V4L2_MEMORY_OVERLAY:
+ vb->m.offset = vb32.m.offset;
+ break;
+ case V4L2_MEMORY_USERPTR:
+ vb->m.userptr = (unsigned long)compat_ptr(vb32.m.userptr);
+ break;
+ case V4L2_MEMORY_DMABUF:
+ vb->m.fd = vb32.m.fd;
+ break;
}
+ if (V4L2_TYPE_IS_MULTIPLANAR(vb->type))
+ vb->m.planes = (void __force *)
+ compat_ptr(vb32.m.planes);
+
return 0;
}
+#endif
-static int put_v4l2_buffer32(struct v4l2_buffer __user *p64,
- struct v4l2_buffer32 __user *p32)
+static int put_v4l2_buffer32(struct v4l2_buffer *vb,
+ struct v4l2_buffer32 __user *arg)
{
- u32 type;
- u32 length;
- enum v4l2_memory memory;
- struct v4l2_plane32 __user *uplane32;
- struct v4l2_plane *uplane;
- compat_caddr_t p;
- int ret;
-
- if (!access_ok(p32, sizeof(*p32)) ||
- assign_in_user(&p32->index, &p64->index) ||
- get_user(type, &p64->type) ||
- put_user(type, &p32->type) ||
- assign_in_user(&p32->flags, &p64->flags) ||
- get_user(memory, &p64->memory) ||
- put_user(memory, &p32->memory))
- return -EFAULT;
+ struct v4l2_buffer32 vb32;
+
+ memset(&vb32, 0, sizeof(vb32));
+ vb32 = (struct v4l2_buffer32) {
+ .index = vb->index,
+ .type = vb->type,
+ .bytesused = vb->bytesused,
+ .flags = vb->flags,
+ .field = vb->field,
+ .timestamp.tv_sec = vb->timestamp.tv_sec,
+ .timestamp.tv_usec = vb->timestamp.tv_usec,
+ .timecode = vb->timecode,
+ .sequence = vb->sequence,
+ .memory = vb->memory,
+ .m.offset = vb->m.offset,
+ .length = vb->length,
+ .request_fd = vb->request_fd,
+ };
- if (assign_in_user(&p32->bytesused, &p64->bytesused) ||
- assign_in_user(&p32->field, &p64->field) ||
- assign_in_user(&p32->timestamp.tv_sec, &p64->timestamp.tv_sec) ||
- assign_in_user(&p32->timestamp.tv_usec, &p64->timestamp.tv_usec) ||
- copy_in_user(&p32->timecode, &p64->timecode, sizeof(p64->timecode)) ||
- assign_in_user(&p32->sequence, &p64->sequence) ||
- assign_in_user(&p32->reserved2, &p64->reserved2) ||
- assign_in_user(&p32->request_fd, &p64->request_fd) ||
- get_user(length, &p64->length) ||
- put_user(length, &p32->length))
- return -EFAULT;
+ switch (vb->memory) {
+ case V4L2_MEMORY_MMAP:
+ case V4L2_MEMORY_OVERLAY:
+ vb32.m.offset = vb->m.offset;
+ break;
+ case V4L2_MEMORY_USERPTR:
+ vb32.m.userptr = (uintptr_t)(vb->m.userptr);
+ break;
+ case V4L2_MEMORY_DMABUF:
+ vb32.m.fd = vb->m.fd;
+ break;
+ }
- if (V4L2_TYPE_IS_MULTIPLANAR(type)) {
- u32 num_planes = length;
+ if (V4L2_TYPE_IS_MULTIPLANAR(vb->type))
+ vb32.m.planes = (uintptr_t)vb->m.planes;
- if (num_planes == 0)
- return 0;
- /* We need to define uplane without __user, even though
- * it does point to data in userspace here. The reason is
- * that v4l2-ioctl.c copies it from userspace to kernelspace,
- * so its definition in videodev2.h doesn't have a
- * __user markup. Defining uplane with __user causes
- * smatch warnings, so instead declare it without __user
- * and cast it as a userspace pointer to put_v4l2_plane32().
- */
- if (get_user(uplane, &p64->m.planes))
- return -EFAULT;
- if (get_user(p, &p32->m.planes))
- return -EFAULT;
- uplane32 = compat_ptr(p);
-
- while (num_planes--) {
- ret = put_v4l2_plane32((void __user *)uplane,
- uplane32, memory);
- if (ret)
- return ret;
- ++uplane;
- ++uplane32;
- }
- } else {
- switch (memory) {
- case V4L2_MEMORY_MMAP:
- case V4L2_MEMORY_OVERLAY:
- if (assign_in_user(&p32->m.offset, &p64->m.offset))
- return -EFAULT;
- break;
- case V4L2_MEMORY_USERPTR:
- if (assign_in_user(&p32->m.userptr, &p64->m.userptr))
- return -EFAULT;
- break;
- case V4L2_MEMORY_DMABUF:
- if (assign_in_user(&p32->m.fd, &p64->m.fd))
- return -EFAULT;
- break;
- }
- }
+ if (copy_to_user(arg, &vb32, sizeof(vb32)))
+ return -EFAULT;
return 0;
}
-static int put_v4l2_buffer32_time32(struct v4l2_buffer_time32 __user *p64,
- struct v4l2_buffer32_time32 __user *p32)
+#ifdef CONFIG_COMPAT_32BIT_TIME
+static int put_v4l2_buffer32_time32(struct v4l2_buffer *vb,
+ struct v4l2_buffer32_time32 __user *arg)
{
- u32 type;
- u32 length;
- enum v4l2_memory memory;
- struct v4l2_plane32 __user *uplane32;
- struct v4l2_plane *uplane;
- compat_caddr_t p;
- int ret;
-
- if (!access_ok(p32, sizeof(*p32)) ||
- assign_in_user(&p32->index, &p64->index) ||
- get_user(type, &p64->type) ||
- put_user(type, &p32->type) ||
- assign_in_user(&p32->flags, &p64->flags) ||
- get_user(memory, &p64->memory) ||
- put_user(memory, &p32->memory))
- return -EFAULT;
-
- if (assign_in_user(&p32->bytesused, &p64->bytesused) ||
- assign_in_user(&p32->field, &p64->field) ||
- assign_in_user(&p32->timestamp.tv_sec, &p64->timestamp.tv_sec) ||
- assign_in_user(&p32->timestamp.tv_usec, &p64->timestamp.tv_usec) ||
- copy_in_user(&p32->timecode, &p64->timecode, sizeof(p64->timecode)) ||
- assign_in_user(&p32->sequence, &p64->sequence) ||
- assign_in_user(&p32->reserved2, &p64->reserved2) ||
- assign_in_user(&p32->request_fd, &p64->request_fd) ||
- get_user(length, &p64->length) ||
- put_user(length, &p32->length))
- return -EFAULT;
+ struct v4l2_buffer32_time32 vb32;
+
+ memset(&vb32, 0, sizeof(vb32));
+ vb32 = (struct v4l2_buffer32_time32) {
+ .index = vb->index,
+ .type = vb->type,
+ .bytesused = vb->bytesused,
+ .flags = vb->flags,
+ .field = vb->field,
+ .timestamp.tv_sec = vb->timestamp.tv_sec,
+ .timestamp.tv_usec = vb->timestamp.tv_usec,
+ .timecode = vb->timecode,
+ .sequence = vb->sequence,
+ .memory = vb->memory,
+ .m.offset = vb->m.offset,
+ .length = vb->length,
+ .request_fd = vb->request_fd,
+ };
+ switch (vb->memory) {
+ case V4L2_MEMORY_MMAP:
+ case V4L2_MEMORY_OVERLAY:
+ vb32.m.offset = vb->m.offset;
+ break;
+ case V4L2_MEMORY_USERPTR:
+ vb32.m.userptr = (uintptr_t)(vb->m.userptr);
+ break;
+ case V4L2_MEMORY_DMABUF:
+ vb32.m.fd = vb->m.fd;
+ break;
+ }
- if (V4L2_TYPE_IS_MULTIPLANAR(type)) {
- u32 num_planes = length;
+ if (V4L2_TYPE_IS_MULTIPLANAR(vb->type))
+ vb32.m.planes = (uintptr_t)vb->m.planes;
- if (num_planes == 0)
- return 0;
- /* We need to define uplane without __user, even though
- * it does point to data in userspace here. The reason is
- * that v4l2-ioctl.c copies it from userspace to kernelspace,
- * so its definition in videodev2.h doesn't have a
- * __user markup. Defining uplane with __user causes
- * smatch warnings, so instead declare it without __user
- * and cast it as a userspace pointer to put_v4l2_plane32().
- */
- if (get_user(uplane, &p64->m.planes))
- return -EFAULT;
- if (get_user(p, &p32->m.planes))
- return -EFAULT;
- uplane32 = compat_ptr(p);
-
- while (num_planes--) {
- ret = put_v4l2_plane32((void __user *)uplane,
- uplane32, memory);
- if (ret)
- return ret;
- ++uplane;
- ++uplane32;
- }
- } else {
- switch (memory) {
- case V4L2_MEMORY_MMAP:
- case V4L2_MEMORY_OVERLAY:
- if (assign_in_user(&p32->m.offset, &p64->m.offset))
- return -EFAULT;
- break;
- case V4L2_MEMORY_USERPTR:
- if (assign_in_user(&p32->m.userptr, &p64->m.userptr))
- return -EFAULT;
- break;
- case V4L2_MEMORY_DMABUF:
- if (assign_in_user(&p32->m.fd, &p64->m.fd))
- return -EFAULT;
- break;
- }
- }
+ if (copy_to_user(arg, &vb32, sizeof(vb32)))
+ return -EFAULT;
return 0;
}
+#endif
struct v4l2_framebuffer32 {
__u32 capability;
@@ -1012,33 +590,30 @@ struct v4l2_framebuffer32 {
} fmt;
};
-static int get_v4l2_framebuffer32(struct v4l2_framebuffer __user *p64,
+static int get_v4l2_framebuffer32(struct v4l2_framebuffer *p64,
struct v4l2_framebuffer32 __user *p32)
{
compat_caddr_t tmp;
- if (!access_ok(p32, sizeof(*p32)) ||
- get_user(tmp, &p32->base) ||
- put_user_force(compat_ptr(tmp), &p64->base) ||
- assign_in_user(&p64->capability, &p32->capability) ||
- assign_in_user(&p64->flags, &p32->flags) ||
- copy_in_user(&p64->fmt, &p32->fmt, sizeof(p64->fmt)))
+ if (get_user(tmp, &p32->base) ||
+ get_user(p64->capability, &p32->capability) ||
+ get_user(p64->flags, &p32->flags) ||
+ copy_from_user(&p64->fmt, &p32->fmt, sizeof(p64->fmt)))
return -EFAULT;
+ p64->base = (void __force *)compat_ptr(tmp);
+
return 0;
}
-static int put_v4l2_framebuffer32(struct v4l2_framebuffer __user *p64,
+static int put_v4l2_framebuffer32(struct v4l2_framebuffer *p64,
struct v4l2_framebuffer32 __user *p32)
{
- void *base;
-
- if (!access_ok(p32, sizeof(*p32)) ||
- get_user(base, &p64->base) ||
- put_user(ptr_to_compat((void __user *)base), &p32->base) ||
- assign_in_user(&p32->capability, &p64->capability) ||
- assign_in_user(&p32->flags, &p64->flags) ||
- copy_in_user(&p32->fmt, &p64->fmt, sizeof(p64->fmt)))
+ if (put_user((uintptr_t)p64->base, &p32->base) ||
+ put_user(p64->capability, &p32->capability) ||
+ put_user(p64->flags, &p32->flags) ||
+ copy_to_user(&p32->fmt, &p64->fmt, sizeof(p64->fmt)))
return -EFAULT;
+
return 0;
}
@@ -1058,18 +633,18 @@ struct v4l2_input32 {
* The 64-bit v4l2_input struct has extra padding at the end of the struct.
* Otherwise it is identical to the 32-bit version.
*/
-static inline int get_v4l2_input32(struct v4l2_input __user *p64,
+static inline int get_v4l2_input32(struct v4l2_input *p64,
struct v4l2_input32 __user *p32)
{
- if (copy_in_user(p64, p32, sizeof(*p32)))
+ if (copy_from_user(p64, p32, sizeof(*p32)))
return -EFAULT;
return 0;
}
-static inline int put_v4l2_input32(struct v4l2_input __user *p64,
+static inline int put_v4l2_input32(struct v4l2_input *p64,
struct v4l2_input32 __user *p32)
{
- if (copy_in_user(p32, p64, sizeof(*p32)))
+ if (copy_to_user(p32, p64, sizeof(*p32)))
return -EFAULT;
return 0;
}
@@ -1124,142 +699,44 @@ static inline bool ctrl_is_pointer(struct file *file, u32 id)
(qec.flags & V4L2_CTRL_FLAG_HAS_PAYLOAD);
}
-static int bufsize_v4l2_ext_controls(struct v4l2_ext_controls32 __user *p32,
- u32 *size)
-{
- u32 count;
-
- if (!access_ok(p32, sizeof(*p32)) ||
- get_user(count, &p32->count))
- return -EFAULT;
- if (count > V4L2_CID_MAX_CTRLS)
- return -EINVAL;
- *size = count * sizeof(struct v4l2_ext_control);
- return 0;
-}
-
-static int get_v4l2_ext_controls32(struct file *file,
- struct v4l2_ext_controls __user *p64,
- struct v4l2_ext_controls32 __user *p32,
- void __user *aux_buf, u32 aux_space)
+static int get_v4l2_ext_controls32(struct v4l2_ext_controls *p64,
+ struct v4l2_ext_controls32 __user *p32)
{
- struct v4l2_ext_control32 __user *ucontrols;
- struct v4l2_ext_control __user *kcontrols;
- u32 count;
- u32 n;
- compat_caddr_t p;
-
- if (!access_ok(p32, sizeof(*p32)) ||
- assign_in_user(&p64->which, &p32->which) ||
- get_user(count, &p32->count) ||
- put_user(count, &p64->count) ||
- assign_in_user(&p64->error_idx, &p32->error_idx) ||
- assign_in_user(&p64->request_fd, &p32->request_fd) ||
- copy_in_user(p64->reserved, p32->reserved, sizeof(p64->reserved)))
- return -EFAULT;
+ struct v4l2_ext_controls32 ec32;
- if (count == 0)
- return put_user(NULL, &p64->controls);
- if (count > V4L2_CID_MAX_CTRLS)
- return -EINVAL;
- if (get_user(p, &p32->controls))
- return -EFAULT;
- ucontrols = compat_ptr(p);
- if (!access_ok(ucontrols, count * sizeof(*ucontrols)))
+ if (copy_from_user(&ec32, p32, sizeof(ec32)))
return -EFAULT;
- if (aux_space < count * sizeof(*kcontrols))
- return -EFAULT;
- kcontrols = aux_buf;
- if (put_user_force(kcontrols, &p64->controls))
- return -EFAULT;
-
- for (n = 0; n < count; n++) {
- u32 id;
-
- if (copy_in_user(kcontrols, ucontrols, sizeof(*ucontrols)))
- return -EFAULT;
- if (get_user(id, &kcontrols->id))
- return -EFAULT;
-
- if (ctrl_is_pointer(file, id)) {
- void __user *s;
+ *p64 = (struct v4l2_ext_controls) {
+ .which = ec32.which,
+ .count = ec32.count,
+ .error_idx = ec32.error_idx,
+ .request_fd = ec32.request_fd,
+ .reserved[0] = ec32.reserved[0],
+ .controls = (void __force *)compat_ptr(ec32.controls),
+ };
- if (get_user(p, &ucontrols->string))
- return -EFAULT;
- s = compat_ptr(p);
- if (put_user(s, &kcontrols->string))
- return -EFAULT;
- }
- ucontrols++;
- kcontrols++;
- }
return 0;
}
-static int put_v4l2_ext_controls32(struct file *file,
- struct v4l2_ext_controls __user *p64,
+static int put_v4l2_ext_controls32(struct v4l2_ext_controls *p64,
struct v4l2_ext_controls32 __user *p32)
{
- struct v4l2_ext_control32 __user *ucontrols;
- struct v4l2_ext_control *kcontrols;
- u32 count;
- u32 n;
- compat_caddr_t p;
-
- /*
- * We need to define kcontrols without __user, even though it does
- * point to data in userspace here. The reason is that v4l2-ioctl.c
- * copies it from userspace to kernelspace, so its definition in
- * videodev2.h doesn't have a __user markup. Defining kcontrols
- * with __user causes smatch warnings, so instead declare it
- * without __user and cast it as a userspace pointer where needed.
- */
- if (!access_ok(p32, sizeof(*p32)) ||
- assign_in_user(&p32->which, &p64->which) ||
- get_user(count, &p64->count) ||
- put_user(count, &p32->count) ||
- assign_in_user(&p32->error_idx, &p64->error_idx) ||
- assign_in_user(&p32->request_fd, &p64->request_fd) ||
- copy_in_user(p32->reserved, p64->reserved, sizeof(p32->reserved)) ||
- get_user(kcontrols, &p64->controls))
- return -EFAULT;
+ struct v4l2_ext_controls32 ec32;
+
+ memset(&ec32, 0, sizeof(ec32));
+ ec32 = (struct v4l2_ext_controls32) {
+ .which = p64->which,
+ .count = p64->count,
+ .error_idx = p64->error_idx,
+ .request_fd = p64->request_fd,
+ .reserved[0] = p64->reserved[0],
+ .controls = (uintptr_t)p64->controls,
+ };
- if (!count || count > (U32_MAX/sizeof(*ucontrols)))
- return 0;
- if (get_user(p, &p32->controls))
- return -EFAULT;
- ucontrols = compat_ptr(p);
- if (!access_ok(ucontrols, count * sizeof(*ucontrols)))
+ if (copy_to_user(p32, &ec32, sizeof(ec32)))
return -EFAULT;
- for (n = 0; n < count; n++) {
- unsigned int size = sizeof(*ucontrols);
- u32 id;
-
- if (get_user_cast(id, &kcontrols->id) ||
- put_user(id, &ucontrols->id) ||
- assign_in_user_cast(&ucontrols->size, &kcontrols->size) ||
- copy_in_user(&ucontrols->reserved2,
- (void __user *)&kcontrols->reserved2,
- sizeof(ucontrols->reserved2)))
- return -EFAULT;
-
- /*
- * Do not modify the pointer when copying a pointer control.
- * The contents of the pointer was changed, not the pointer
- * itself.
- */
- if (ctrl_is_pointer(file, id))
- size -= sizeof(ucontrols->value64);
-
- if (copy_in_user(ucontrols,
- (void __user *)kcontrols, size))
- return -EFAULT;
-
- ucontrols++;
- kcontrols++;
- }
return 0;
}
@@ -1288,6 +765,7 @@ struct v4l2_event32 {
__u32 reserved[8];
};
+#ifdef CONFIG_COMPAT_32BIT_TIME
struct v4l2_event32_time32 {
__u32 type;
union {
@@ -1300,39 +778,40 @@ struct v4l2_event32_time32 {
__u32 id;
__u32 reserved[8];
};
+#endif
-static int put_v4l2_event32(struct v4l2_event __user *p64,
+static int put_v4l2_event32(struct v4l2_event *p64,
struct v4l2_event32 __user *p32)
{
- if (!access_ok(p32, sizeof(*p32)) ||
- assign_in_user(&p32->type, &p64->type) ||
- copy_in_user(&p32->u, &p64->u, sizeof(p64->u)) ||
- assign_in_user(&p32->pending, &p64->pending) ||
- assign_in_user(&p32->sequence, &p64->sequence) ||
- assign_in_user(&p32->timestamp.tv_sec, &p64->timestamp.tv_sec) ||
- assign_in_user(&p32->timestamp.tv_nsec, &p64->timestamp.tv_nsec) ||
- assign_in_user(&p32->id, &p64->id) ||
- copy_in_user(p32->reserved, p64->reserved, sizeof(p32->reserved)))
+ if (put_user(p64->type, &p32->type) ||
+ copy_to_user(&p32->u, &p64->u, sizeof(p64->u)) ||
+ put_user(p64->pending, &p32->pending) ||
+ put_user(p64->sequence, &p32->sequence) ||
+ put_user(p64->timestamp.tv_sec, &p32->timestamp.tv_sec) ||
+ put_user(p64->timestamp.tv_nsec, &p32->timestamp.tv_nsec) ||
+ put_user(p64->id, &p32->id) ||
+ copy_to_user(p32->reserved, p64->reserved, sizeof(p32->reserved)))
return -EFAULT;
return 0;
}
-static int put_v4l2_event32_time32(struct v4l2_event_time32 __user *p64,
+#ifdef CONFIG_COMPAT_32BIT_TIME
+static int put_v4l2_event32_time32(struct v4l2_event *p64,
struct v4l2_event32_time32 __user *p32)
{
- if (!access_ok(p32, sizeof(*p32)) ||
- assign_in_user(&p32->type, &p64->type) ||
- copy_in_user(&p32->u, &p64->u, sizeof(p64->u)) ||
- assign_in_user(&p32->pending, &p64->pending) ||
- assign_in_user(&p32->sequence, &p64->sequence) ||
- assign_in_user(&p32->timestamp.tv_sec, &p64->timestamp.tv_sec) ||
- assign_in_user(&p32->timestamp.tv_nsec, &p64->timestamp.tv_nsec) ||
- assign_in_user(&p32->id, &p64->id) ||
- copy_in_user(p32->reserved, p64->reserved, sizeof(p32->reserved)))
+ if (put_user(p64->type, &p32->type) ||
+ copy_to_user(&p32->u, &p64->u, sizeof(p64->u)) ||
+ put_user(p64->pending, &p32->pending) ||
+ put_user(p64->sequence, &p32->sequence) ||
+ put_user(p64->timestamp.tv_sec, &p32->timestamp.tv_sec) ||
+ put_user(p64->timestamp.tv_nsec, &p32->timestamp.tv_nsec) ||
+ put_user(p64->id, &p32->id) ||
+ copy_to_user(p32->reserved, p64->reserved, sizeof(p32->reserved)))
return -EFAULT;
return 0;
}
#endif
+#endif
struct v4l2_edid32 {
__u32 pad;
@@ -1342,34 +821,23 @@ struct v4l2_edid32 {
compat_caddr_t edid;
};
-static int get_v4l2_edid32(struct v4l2_edid __user *p64,
+static int get_v4l2_edid32(struct v4l2_edid *p64,
struct v4l2_edid32 __user *p32)
{
- compat_uptr_t tmp;
-
- if (!access_ok(p32, sizeof(*p32)) ||
- assign_in_user(&p64->pad, &p32->pad) ||
- assign_in_user(&p64->start_block, &p32->start_block) ||
- assign_in_user_cast(&p64->blocks, &p32->blocks) ||
- get_user(tmp, &p32->edid) ||
- put_user_force(compat_ptr(tmp), &p64->edid) ||
- copy_in_user(p64->reserved, p32->reserved, sizeof(p64->reserved)))
+ compat_uptr_t edid;
+
+ if (copy_from_user(p64, p32, offsetof(struct v4l2_edid32, edid)) ||
+ get_user(edid, &p32->edid))
return -EFAULT;
+
+ p64->edid = (void __force *)compat_ptr(edid);
return 0;
}
-static int put_v4l2_edid32(struct v4l2_edid __user *p64,
+static int put_v4l2_edid32(struct v4l2_edid *p64,
struct v4l2_edid32 __user *p32)
{
- void *edid;
-
- if (!access_ok(p32, sizeof(*p32)) ||
- assign_in_user(&p32->pad, &p64->pad) ||
- assign_in_user(&p32->start_block, &p64->start_block) ||
- assign_in_user(&p32->blocks, &p64->blocks) ||
- get_user(edid, &p64->edid) ||
- put_user(ptr_to_compat((void __user *)edid), &p32->edid) ||
- copy_in_user(p32->reserved, p64->reserved, sizeof(p32->reserved)))
+ if (copy_to_user(p32, p64, offsetof(struct v4l2_edid32, edid)))
return -EFAULT;
return 0;
}
@@ -1385,13 +853,10 @@ static int put_v4l2_edid32(struct v4l2_edid __user *p64,
#define VIDIOC_G_FMT32 _IOWR('V', 4, struct v4l2_format32)
#define VIDIOC_S_FMT32 _IOWR('V', 5, struct v4l2_format32)
#define VIDIOC_QUERYBUF32 _IOWR('V', 9, struct v4l2_buffer32)
-#define VIDIOC_QUERYBUF32_TIME32 _IOWR('V', 9, struct v4l2_buffer32_time32)
#define VIDIOC_G_FBUF32 _IOR ('V', 10, struct v4l2_framebuffer32)
#define VIDIOC_S_FBUF32 _IOW ('V', 11, struct v4l2_framebuffer32)
#define VIDIOC_QBUF32 _IOWR('V', 15, struct v4l2_buffer32)
-#define VIDIOC_QBUF32_TIME32 _IOWR('V', 15, struct v4l2_buffer32_time32)
#define VIDIOC_DQBUF32 _IOWR('V', 17, struct v4l2_buffer32)
-#define VIDIOC_DQBUF32_TIME32 _IOWR('V', 17, struct v4l2_buffer32_time32)
#define VIDIOC_ENUMSTD32 _IOWR('V', 25, struct v4l2_standard32)
#define VIDIOC_ENUMINPUT32 _IOWR('V', 26, struct v4l2_input32)
#define VIDIOC_G_EDID32 _IOWR('V', 40, struct v4l2_edid32)
@@ -1401,366 +866,359 @@ static int put_v4l2_edid32(struct v4l2_edid __user *p64,
#define VIDIOC_S_EXT_CTRLS32 _IOWR('V', 72, struct v4l2_ext_controls32)
#define VIDIOC_TRY_EXT_CTRLS32 _IOWR('V', 73, struct v4l2_ext_controls32)
#define VIDIOC_DQEVENT32 _IOR ('V', 89, struct v4l2_event32)
-#define VIDIOC_DQEVENT32_TIME32 _IOR ('V', 89, struct v4l2_event32_time32)
#define VIDIOC_CREATE_BUFS32 _IOWR('V', 92, struct v4l2_create_buffers32)
#define VIDIOC_PREPARE_BUF32 _IOWR('V', 93, struct v4l2_buffer32)
-#define VIDIOC_PREPARE_BUF32_TIME32 _IOWR('V', 93, struct v4l2_buffer32_time32)
-#define VIDIOC_OVERLAY32 _IOW ('V', 14, s32)
-#define VIDIOC_STREAMON32 _IOW ('V', 18, s32)
-#define VIDIOC_STREAMOFF32 _IOW ('V', 19, s32)
-#define VIDIOC_G_INPUT32 _IOR ('V', 38, s32)
-#define VIDIOC_S_INPUT32 _IOWR('V', 39, s32)
-#define VIDIOC_G_OUTPUT32 _IOR ('V', 46, s32)
-#define VIDIOC_S_OUTPUT32 _IOWR('V', 47, s32)
-
-/**
- * alloc_userspace() - Allocates a 64-bits userspace pointer compatible
- * for calling the native 64-bits version of an ioctl.
- *
- * @size: size of the structure itself to be allocated.
- * @aux_space: extra size needed to store "extra" data, e.g. space for
- * other __user data that is pointed to fields inside the
- * structure.
- * @new_p64: pointer to a pointer to be filled with the allocated struct.
- *
- * Return:
- *
- * if it can't allocate memory, either -ENOMEM or -EFAULT will be returned.
- * Zero otherwise.
- */
-static int alloc_userspace(unsigned int size, u32 aux_space,
- void __user **new_p64)
-{
- *new_p64 = compat_alloc_user_space(size + aux_space);
- if (!*new_p64)
- return -ENOMEM;
- if (clear_user(*new_p64, size))
- return -EFAULT;
- return 0;
-}
+#ifdef CONFIG_COMPAT_32BIT_TIME
+#define VIDIOC_QUERYBUF32_TIME32 _IOWR('V', 9, struct v4l2_buffer32_time32)
+#define VIDIOC_QBUF32_TIME32 _IOWR('V', 15, struct v4l2_buffer32_time32)
+#define VIDIOC_DQBUF32_TIME32 _IOWR('V', 17, struct v4l2_buffer32_time32)
+#ifdef CONFIG_X86_64
+#define VIDIOC_DQEVENT32_TIME32 _IOR ('V', 89, struct v4l2_event32_time32)
+#endif
+#define VIDIOC_PREPARE_BUF32_TIME32 _IOWR('V', 93, struct v4l2_buffer32_time32)
+#endif
-/**
- * do_video_ioctl() - Ancillary function with handles a compat32 ioctl call
- *
- * @file: pointer to &struct file with the file handler
- * @cmd: ioctl to be called
- * @arg: arguments passed from/to the ioctl handler
- *
- * This function is called when a 32 bits application calls a V4L2 ioctl
- * and the Kernel is compiled with 64 bits.
- *
- * This function is called by v4l2_compat_ioctl32() when the function is
- * not private to some specific driver.
- *
- * It converts a 32-bits struct into a 64 bits one, calls the native 64-bits
- * ioctl handler and fills back the 32-bits struct with the results of the
- * native call.
- */
-static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
+unsigned int v4l2_compat_translate_cmd(unsigned int cmd)
{
- void __user *p32 = compat_ptr(arg);
- void __user *new_p64 = NULL;
- void __user *aux_buf;
- u32 aux_space;
- int compatible_arg = 1;
- long err = 0;
- unsigned int ncmd;
-
- /*
- * 1. When struct size is different, converts the command.
- */
switch (cmd) {
- case VIDIOC_G_FMT32: ncmd = VIDIOC_G_FMT; break;
- case VIDIOC_S_FMT32: ncmd = VIDIOC_S_FMT; break;
- case VIDIOC_QUERYBUF32: ncmd = VIDIOC_QUERYBUF; break;
- case VIDIOC_QUERYBUF32_TIME32: ncmd = VIDIOC_QUERYBUF_TIME32; break;
- case VIDIOC_G_FBUF32: ncmd = VIDIOC_G_FBUF; break;
- case VIDIOC_S_FBUF32: ncmd = VIDIOC_S_FBUF; break;
- case VIDIOC_QBUF32: ncmd = VIDIOC_QBUF; break;
- case VIDIOC_QBUF32_TIME32: ncmd = VIDIOC_QBUF_TIME32; break;
- case VIDIOC_DQBUF32: ncmd = VIDIOC_DQBUF; break;
- case VIDIOC_DQBUF32_TIME32: ncmd = VIDIOC_DQBUF_TIME32; break;
- case VIDIOC_ENUMSTD32: ncmd = VIDIOC_ENUMSTD; break;
- case VIDIOC_ENUMINPUT32: ncmd = VIDIOC_ENUMINPUT; break;
- case VIDIOC_TRY_FMT32: ncmd = VIDIOC_TRY_FMT; break;
- case VIDIOC_G_EXT_CTRLS32: ncmd = VIDIOC_G_EXT_CTRLS; break;
- case VIDIOC_S_EXT_CTRLS32: ncmd = VIDIOC_S_EXT_CTRLS; break;
- case VIDIOC_TRY_EXT_CTRLS32: ncmd = VIDIOC_TRY_EXT_CTRLS; break;
+ case VIDIOC_G_FMT32:
+ return VIDIOC_G_FMT;
+ case VIDIOC_S_FMT32:
+ return VIDIOC_S_FMT;
+ case VIDIOC_TRY_FMT32:
+ return VIDIOC_TRY_FMT;
+ case VIDIOC_G_FBUF32:
+ return VIDIOC_G_FBUF;
+ case VIDIOC_S_FBUF32:
+ return VIDIOC_S_FBUF;
+#ifdef CONFIG_COMPAT_32BIT_TIME
+ case VIDIOC_QUERYBUF32_TIME32:
+ return VIDIOC_QUERYBUF;
+ case VIDIOC_QBUF32_TIME32:
+ return VIDIOC_QBUF;
+ case VIDIOC_DQBUF32_TIME32:
+ return VIDIOC_DQBUF;
+ case VIDIOC_PREPARE_BUF32_TIME32:
+ return VIDIOC_PREPARE_BUF;
+#endif
+ case VIDIOC_QUERYBUF32:
+ return VIDIOC_QUERYBUF;
+ case VIDIOC_QBUF32:
+ return VIDIOC_QBUF;
+ case VIDIOC_DQBUF32:
+ return VIDIOC_DQBUF;
+ case VIDIOC_CREATE_BUFS32:
+ return VIDIOC_CREATE_BUFS;
+ case VIDIOC_G_EXT_CTRLS32:
+ return VIDIOC_G_EXT_CTRLS;
+ case VIDIOC_S_EXT_CTRLS32:
+ return VIDIOC_S_EXT_CTRLS;
+ case VIDIOC_TRY_EXT_CTRLS32:
+ return VIDIOC_TRY_EXT_CTRLS;
+ case VIDIOC_PREPARE_BUF32:
+ return VIDIOC_PREPARE_BUF;
+ case VIDIOC_ENUMSTD32:
+ return VIDIOC_ENUMSTD;
+ case VIDIOC_ENUMINPUT32:
+ return VIDIOC_ENUMINPUT;
+ case VIDIOC_G_EDID32:
+ return VIDIOC_G_EDID;
+ case VIDIOC_S_EDID32:
+ return VIDIOC_S_EDID;
#ifdef CONFIG_X86_64
- case VIDIOC_DQEVENT32: ncmd = VIDIOC_DQEVENT; break;
- case VIDIOC_DQEVENT32_TIME32: ncmd = VIDIOC_DQEVENT_TIME32; break;
+ case VIDIOC_DQEVENT32:
+ return VIDIOC_DQEVENT;
+#ifdef CONFIG_COMPAT_32BIT_TIME
+ case VIDIOC_DQEVENT32_TIME32:
+ return VIDIOC_DQEVENT;
+#endif
#endif
- case VIDIOC_OVERLAY32: ncmd = VIDIOC_OVERLAY; break;
- case VIDIOC_STREAMON32: ncmd = VIDIOC_STREAMON; break;
- case VIDIOC_STREAMOFF32: ncmd = VIDIOC_STREAMOFF; break;
- case VIDIOC_G_INPUT32: ncmd = VIDIOC_G_INPUT; break;
- case VIDIOC_S_INPUT32: ncmd = VIDIOC_S_INPUT; break;
- case VIDIOC_G_OUTPUT32: ncmd = VIDIOC_G_OUTPUT; break;
- case VIDIOC_S_OUTPUT32: ncmd = VIDIOC_S_OUTPUT; break;
- case VIDIOC_CREATE_BUFS32: ncmd = VIDIOC_CREATE_BUFS; break;
- case VIDIOC_PREPARE_BUF32: ncmd = VIDIOC_PREPARE_BUF; break;
- case VIDIOC_PREPARE_BUF32_TIME32: ncmd = VIDIOC_PREPARE_BUF_TIME32; break;
- case VIDIOC_G_EDID32: ncmd = VIDIOC_G_EDID; break;
- case VIDIOC_S_EDID32: ncmd = VIDIOC_S_EDID; break;
- default: ncmd = cmd; break;
}
+ return cmd;
+}
- /*
- * 2. Allocates a 64-bits userspace pointer to store the
- * values of the ioctl and copy data from the 32-bits __user
- * argument into it.
- */
+int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd)
+{
switch (cmd) {
- case VIDIOC_OVERLAY32:
- case VIDIOC_STREAMON32:
- case VIDIOC_STREAMOFF32:
- case VIDIOC_S_INPUT32:
- case VIDIOC_S_OUTPUT32:
- err = alloc_userspace(sizeof(unsigned int), 0, &new_p64);
- if (!err && assign_in_user((unsigned int __user *)new_p64,
- (compat_uint_t __user *)p32))
- err = -EFAULT;
- compatible_arg = 0;
- break;
+ case VIDIOC_G_FMT32:
+ case VIDIOC_S_FMT32:
+ case VIDIOC_TRY_FMT32:
+ return get_v4l2_format32(parg, arg);
- case VIDIOC_G_INPUT32:
- case VIDIOC_G_OUTPUT32:
- err = alloc_userspace(sizeof(unsigned int), 0, &new_p64);
- compatible_arg = 0;
- break;
+ case VIDIOC_S_FBUF32:
+ return get_v4l2_framebuffer32(parg, arg);
+#ifdef CONFIG_COMPAT_32BIT_TIME
+ case VIDIOC_QUERYBUF32_TIME32:
+ case VIDIOC_QBUF32_TIME32:
+ case VIDIOC_DQBUF32_TIME32:
+ case VIDIOC_PREPARE_BUF32_TIME32:
+ return get_v4l2_buffer32_time32(parg, arg);
+#endif
+ case VIDIOC_QUERYBUF32:
+ case VIDIOC_QBUF32:
+ case VIDIOC_DQBUF32:
+ case VIDIOC_PREPARE_BUF32:
+ return get_v4l2_buffer32(parg, arg);
+
+ case VIDIOC_G_EXT_CTRLS32:
+ case VIDIOC_S_EXT_CTRLS32:
+ case VIDIOC_TRY_EXT_CTRLS32:
+ return get_v4l2_ext_controls32(parg, arg);
+
+ case VIDIOC_CREATE_BUFS32:
+ return get_v4l2_create32(parg, arg);
+
+ case VIDIOC_ENUMSTD32:
+ return get_v4l2_standard32(parg, arg);
+
+ case VIDIOC_ENUMINPUT32:
+ return get_v4l2_input32(parg, arg);
case VIDIOC_G_EDID32:
case VIDIOC_S_EDID32:
- err = alloc_userspace(sizeof(struct v4l2_edid), 0, &new_p64);
- if (!err)
- err = get_v4l2_edid32(new_p64, p32);
- compatible_arg = 0;
- break;
+ return get_v4l2_edid32(parg, arg);
+ }
+ return 0;
+}
+int v4l2_compat_put_user(void __user *arg, void *parg, unsigned int cmd)
+{
+ switch (cmd) {
case VIDIOC_G_FMT32:
case VIDIOC_S_FMT32:
case VIDIOC_TRY_FMT32:
- err = bufsize_v4l2_format(p32, &aux_space);
- if (!err)
- err = alloc_userspace(sizeof(struct v4l2_format),
- aux_space, &new_p64);
- if (!err) {
- aux_buf = new_p64 + sizeof(struct v4l2_format);
- err = get_v4l2_format32(new_p64, p32,
- aux_buf, aux_space);
- }
- compatible_arg = 0;
- break;
-
- case VIDIOC_CREATE_BUFS32:
- err = bufsize_v4l2_create(p32, &aux_space);
- if (!err)
- err = alloc_userspace(sizeof(struct v4l2_create_buffers),
- aux_space, &new_p64);
- if (!err) {
- aux_buf = new_p64 + sizeof(struct v4l2_create_buffers);
- err = get_v4l2_create32(new_p64, p32,
- aux_buf, aux_space);
- }
- compatible_arg = 0;
- break;
+ return put_v4l2_format32(parg, arg);
- case VIDIOC_PREPARE_BUF32:
- case VIDIOC_QUERYBUF32:
- case VIDIOC_QBUF32:
- case VIDIOC_DQBUF32:
- err = bufsize_v4l2_buffer(p32, &aux_space);
- if (!err)
- err = alloc_userspace(sizeof(struct v4l2_buffer),
- aux_space, &new_p64);
- if (!err) {
- aux_buf = new_p64 + sizeof(struct v4l2_buffer);
- err = get_v4l2_buffer32(new_p64, p32,
- aux_buf, aux_space);
- }
- compatible_arg = 0;
- break;
-
- case VIDIOC_PREPARE_BUF32_TIME32:
+ case VIDIOC_G_FBUF32:
+ return put_v4l2_framebuffer32(parg, arg);
+#ifdef CONFIG_COMPAT_32BIT_TIME
case VIDIOC_QUERYBUF32_TIME32:
case VIDIOC_QBUF32_TIME32:
case VIDIOC_DQBUF32_TIME32:
- err = bufsize_v4l2_buffer_time32(p32, &aux_space);
- if (!err)
- err = alloc_userspace(sizeof(struct v4l2_buffer),
- aux_space, &new_p64);
- if (!err) {
- aux_buf = new_p64 + sizeof(struct v4l2_buffer);
- err = get_v4l2_buffer32_time32(new_p64, p32,
- aux_buf, aux_space);
- }
- compatible_arg = 0;
- break;
+ case VIDIOC_PREPARE_BUF32_TIME32:
+ return put_v4l2_buffer32_time32(parg, arg);
+#endif
+ case VIDIOC_QUERYBUF32:
+ case VIDIOC_QBUF32:
+ case VIDIOC_DQBUF32:
+ case VIDIOC_PREPARE_BUF32:
+ return put_v4l2_buffer32(parg, arg);
- case VIDIOC_S_FBUF32:
- err = alloc_userspace(sizeof(struct v4l2_framebuffer), 0,
- &new_p64);
- if (!err)
- err = get_v4l2_framebuffer32(new_p64, p32);
- compatible_arg = 0;
- break;
+ case VIDIOC_G_EXT_CTRLS32:
+ case VIDIOC_S_EXT_CTRLS32:
+ case VIDIOC_TRY_EXT_CTRLS32:
+ return put_v4l2_ext_controls32(parg, arg);
- case VIDIOC_G_FBUF32:
- err = alloc_userspace(sizeof(struct v4l2_framebuffer), 0,
- &new_p64);
- compatible_arg = 0;
- break;
+ case VIDIOC_CREATE_BUFS32:
+ return put_v4l2_create32(parg, arg);
case VIDIOC_ENUMSTD32:
- err = alloc_userspace(sizeof(struct v4l2_standard), 0,
- &new_p64);
- if (!err)
- err = get_v4l2_standard32(new_p64, p32);
- compatible_arg = 0;
- break;
+ return put_v4l2_standard32(parg, arg);
case VIDIOC_ENUMINPUT32:
- err = alloc_userspace(sizeof(struct v4l2_input), 0, &new_p64);
- if (!err)
- err = get_v4l2_input32(new_p64, p32);
- compatible_arg = 0;
- break;
+ return put_v4l2_input32(parg, arg);
- case VIDIOC_G_EXT_CTRLS32:
- case VIDIOC_S_EXT_CTRLS32:
- case VIDIOC_TRY_EXT_CTRLS32:
- err = bufsize_v4l2_ext_controls(p32, &aux_space);
- if (!err)
- err = alloc_userspace(sizeof(struct v4l2_ext_controls),
- aux_space, &new_p64);
- if (!err) {
- aux_buf = new_p64 + sizeof(struct v4l2_ext_controls);
- err = get_v4l2_ext_controls32(file, new_p64, p32,
- aux_buf, aux_space);
- }
- compatible_arg = 0;
- break;
+ case VIDIOC_G_EDID32:
+ case VIDIOC_S_EDID32:
+ return put_v4l2_edid32(parg, arg);
#ifdef CONFIG_X86_64
case VIDIOC_DQEVENT32:
- err = alloc_userspace(sizeof(struct v4l2_event), 0, &new_p64);
- compatible_arg = 0;
- break;
+ return put_v4l2_event32(parg, arg);
+#ifdef CONFIG_COMPAT_32BIT_TIME
case VIDIOC_DQEVENT32_TIME32:
- err = alloc_userspace(sizeof(struct v4l2_event_time32), 0, &new_p64);
- compatible_arg = 0;
- break;
+ return put_v4l2_event32_time32(parg, arg);
+#endif
#endif
}
- if (err)
- return err;
-
- /*
- * 3. Calls the native 64-bits ioctl handler.
- *
- * For the functions where a conversion was not needed,
- * compatible_arg is true, and it will call it with the arguments
- * provided by userspace and stored at @p32 var.
- *
- * Otherwise, it will pass the newly allocated @new_p64 argument.
- */
- if (compatible_arg)
- err = native_ioctl(file, ncmd, (unsigned long)p32);
- else
- err = native_ioctl(file, ncmd, (unsigned long)new_p64);
-
- if (err == -ENOTTY)
- return err;
-
- /*
- * 4. Special case: even after an error we need to put the
- * results back for some ioctls.
- *
- * In the case of EXT_CTRLS, the error_idx will contain information
- * on which control failed.
- *
- * In the case of S_EDID, the driver can return E2BIG and set
- * the blocks to maximum allowed value.
- */
+ return 0;
+}
+
+int v4l2_compat_get_array_args(struct file *file, void *mbuf,
+ void __user *user_ptr, size_t array_size,
+ unsigned int cmd, void *arg)
+{
+ int err = 0;
+
switch (cmd) {
- case VIDIOC_G_EXT_CTRLS32:
- case VIDIOC_S_EXT_CTRLS32:
- case VIDIOC_TRY_EXT_CTRLS32:
- if (put_v4l2_ext_controls32(file, new_p64, p32))
- err = -EFAULT;
+ case VIDIOC_G_FMT32:
+ case VIDIOC_S_FMT32:
+ case VIDIOC_TRY_FMT32: {
+ struct v4l2_format *f64 = arg;
+ struct v4l2_clip *c64 = mbuf;
+ struct v4l2_clip32 __user *c32 = user_ptr;
+ u32 clipcount = f64->fmt.win.clipcount;
+
+ if ((f64->type != V4L2_BUF_TYPE_VIDEO_OVERLAY &&
+ f64->type != V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY) ||
+ clipcount == 0)
+ return 0;
+ if (clipcount > 2048)
+ return -EINVAL;
+ while (clipcount--) {
+ if (copy_from_user(c64, c32, sizeof(c64->c)))
+ return -EFAULT;
+ c64->next = NULL;
+ c64++;
+ c32++;
+ }
break;
- case VIDIOC_S_EDID32:
- if (put_v4l2_edid32(new_p64, p32))
- err = -EFAULT;
+ }
+#ifdef CONFIG_COMPAT_32BIT_TIME
+ case VIDIOC_QUERYBUF32_TIME32:
+ case VIDIOC_QBUF32_TIME32:
+ case VIDIOC_DQBUF32_TIME32:
+ case VIDIOC_PREPARE_BUF32_TIME32:
+#endif
+ case VIDIOC_QUERYBUF32:
+ case VIDIOC_QBUF32:
+ case VIDIOC_DQBUF32:
+ case VIDIOC_PREPARE_BUF32: {
+ struct v4l2_buffer *b64 = arg;
+ struct v4l2_plane *p64 = mbuf;
+ struct v4l2_plane32 __user *p32 = user_ptr;
+
+ if (V4L2_TYPE_IS_MULTIPLANAR(b64->type)) {
+ u32 num_planes = b64->length;
+
+ if (num_planes == 0)
+ return 0;
+
+ while (num_planes--) {
+ err = get_v4l2_plane32(p64, p32, b64->memory);
+ if (err)
+ return err;
+ ++p64;
+ ++p32;
+ }
+ }
break;
}
- if (err)
- return err;
+ case VIDIOC_G_EXT_CTRLS32:
+ case VIDIOC_S_EXT_CTRLS32:
+ case VIDIOC_TRY_EXT_CTRLS32: {
+ struct v4l2_ext_controls *ecs64 = arg;
+ struct v4l2_ext_control *ec64 = mbuf;
+ struct v4l2_ext_control32 __user *ec32 = user_ptr;
+ int n;
+
+ for (n = 0; n < ecs64->count; n++) {
+ if (copy_from_user(ec64, ec32, sizeof(*ec32)))
+ return -EFAULT;
- /*
- * 5. Copy the data returned at the 64 bits userspace pointer to
- * the original 32 bits structure.
- */
- switch (cmd) {
- case VIDIOC_S_INPUT32:
- case VIDIOC_S_OUTPUT32:
- case VIDIOC_G_INPUT32:
- case VIDIOC_G_OUTPUT32:
- if (assign_in_user((compat_uint_t __user *)p32,
- ((unsigned int __user *)new_p64)))
- err = -EFAULT;
- break;
+ if (ctrl_is_pointer(file, ec64->id)) {
+ compat_uptr_t p;
- case VIDIOC_G_FBUF32:
- err = put_v4l2_framebuffer32(new_p64, p32);
+ if (get_user(p, &ec32->string))
+ return -EFAULT;
+ ec64->string = compat_ptr(p);
+ }
+ ec32++;
+ ec64++;
+ }
break;
-
-#ifdef CONFIG_X86_64
- case VIDIOC_DQEVENT32:
- err = put_v4l2_event32(new_p64, p32);
+ }
+ default:
+ if (copy_from_user(mbuf, user_ptr, array_size))
+ err = -EFAULT;
break;
+ }
- case VIDIOC_DQEVENT32_TIME32:
- err = put_v4l2_event32_time32(new_p64, p32);
- break;
-#endif
+ return err;
+}
- case VIDIOC_G_EDID32:
- err = put_v4l2_edid32(new_p64, p32);
- break;
+int v4l2_compat_put_array_args(struct file *file, void __user *user_ptr,
+ void *mbuf, size_t array_size,
+ unsigned int cmd, void *arg)
+{
+ int err = 0;
+ switch (cmd) {
case VIDIOC_G_FMT32:
case VIDIOC_S_FMT32:
- case VIDIOC_TRY_FMT32:
- err = put_v4l2_format32(new_p64, p32);
- break;
-
- case VIDIOC_CREATE_BUFS32:
- err = put_v4l2_create32(new_p64, p32);
+ case VIDIOC_TRY_FMT32: {
+ struct v4l2_format *f64 = arg;
+ struct v4l2_clip *c64 = mbuf;
+ struct v4l2_clip32 __user *c32 = user_ptr;
+ u32 clipcount = f64->fmt.win.clipcount;
+
+ if ((f64->type != V4L2_BUF_TYPE_VIDEO_OVERLAY &&
+ f64->type != V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY) ||
+ clipcount == 0)
+ return 0;
+ if (clipcount > 2048)
+ return -EINVAL;
+ while (clipcount--) {
+ if (copy_to_user(c32, c64, sizeof(c64->c)))
+ return -EFAULT;
+ c64++;
+ c32++;
+ }
break;
-
- case VIDIOC_PREPARE_BUF32:
+ }
+#ifdef CONFIG_COMPAT_32BIT_TIME
+ case VIDIOC_QUERYBUF32_TIME32:
+ case VIDIOC_QBUF32_TIME32:
+ case VIDIOC_DQBUF32_TIME32:
+ case VIDIOC_PREPARE_BUF32_TIME32:
+#endif
case VIDIOC_QUERYBUF32:
case VIDIOC_QBUF32:
case VIDIOC_DQBUF32:
- err = put_v4l2_buffer32(new_p64, p32);
+ case VIDIOC_PREPARE_BUF32: {
+ struct v4l2_buffer *b64 = arg;
+ struct v4l2_plane *p64 = mbuf;
+ struct v4l2_plane32 __user *p32 = user_ptr;
+
+ if (V4L2_TYPE_IS_MULTIPLANAR(b64->type)) {
+ u32 num_planes = b64->length;
+
+ if (num_planes == 0)
+ return 0;
+
+ while (num_planes--) {
+ err = put_v4l2_plane32(p64, p32, b64->memory);
+ if (err)
+ return err;
+ ++p64;
+ ++p32;
+ }
+ }
break;
+ }
+ case VIDIOC_G_EXT_CTRLS32:
+ case VIDIOC_S_EXT_CTRLS32:
+ case VIDIOC_TRY_EXT_CTRLS32: {
+ struct v4l2_ext_controls *ecs64 = arg;
+ struct v4l2_ext_control *ec64 = mbuf;
+ struct v4l2_ext_control32 __user *ec32 = user_ptr;
+ int n;
+
+ for (n = 0; n < ecs64->count; n++) {
+ unsigned int size = sizeof(*ec32);
+ /*
+ * Do not modify the pointer when copying a pointer
+ * control. The contents of the pointer was changed,
+ * not the pointer itself.
+ * The structures are otherwise compatible.
+ */
+ if (ctrl_is_pointer(file, ec64->id))
+ size -= sizeof(ec32->value64);
- case VIDIOC_PREPARE_BUF32_TIME32:
- case VIDIOC_QUERYBUF32_TIME32:
- case VIDIOC_QBUF32_TIME32:
- case VIDIOC_DQBUF32_TIME32:
- err = put_v4l2_buffer32_time32(new_p64, p32);
- break;
+ if (copy_to_user(ec32, ec64, size))
+ return -EFAULT;
- case VIDIOC_ENUMSTD32:
- err = put_v4l2_standard32(new_p64, p32);
+ ec32++;
+ ec64++;
+ }
break;
-
- case VIDIOC_ENUMINPUT32:
- err = put_v4l2_input32(new_p64, p32);
+ }
+ default:
+ if (copy_to_user(user_ptr, mbuf, array_size))
+ err = -EFAULT;
break;
}
+
return err;
}
@@ -1787,7 +1245,8 @@ long v4l2_compat_ioctl32(struct file *file, unsigned int cmd, unsigned long arg)
return ret;
if (_IOC_TYPE(cmd) == 'V' && _IOC_NR(cmd) < BASE_VIDIOC_PRIVATE)
- ret = do_video_ioctl(file, cmd, arg);
+ ret = file->f_op->unlocked_ioctl(file, cmd,
+ (unsigned long)compat_ptr(arg));
else if (vdev->fops->compat_ioctl32)
ret = vdev->fops->compat_ioctl32(file, cmd, arg);
diff --git a/drivers/media/v4l2-core/v4l2-ctrls.c b/drivers/media/v4l2-core/v4l2-ctrls.c
index bd7f330c941c..5cbe0ffbf501 100644
--- a/drivers/media/v4l2-core/v4l2-ctrls.c
+++ b/drivers/media/v4l2-core/v4l2-ctrls.c
@@ -693,9 +693,9 @@ const char * const *v4l2_ctrl_get_menu(u32 id)
return h264_fp_arrangement_type;
case V4L2_CID_MPEG_VIDEO_H264_FMO_MAP_TYPE:
return h264_fmo_map_type;
- case V4L2_CID_MPEG_VIDEO_H264_DECODE_MODE:
+ case V4L2_CID_STATELESS_H264_DECODE_MODE:
return h264_decode_mode;
- case V4L2_CID_MPEG_VIDEO_H264_START_CODE:
+ case V4L2_CID_STATELESS_H264_START_CODE:
return h264_start_code;
case V4L2_CID_MPEG_VIDEO_MPEG2_LEVEL:
return mpeg_mpeg2_level;
@@ -830,7 +830,7 @@ const char *v4l2_ctrl_get_name(u32 id)
/* The MPEG controls are applicable to all codec controls
* and the 'MPEG' part of the define is historical */
/* Keep the order of the 'case's the same as in videodev2.h! */
- case V4L2_CID_MPEG_CLASS: return "Codec Controls";
+ case V4L2_CID_CODEC_CLASS: return "Codec Controls";
case V4L2_CID_MPEG_STREAM_TYPE: return "Stream Type";
case V4L2_CID_MPEG_STREAM_PID_PMT: return "Stream PMT Program ID";
case V4L2_CID_MPEG_STREAM_PID_AUDIO: return "Stream Audio Program ID";
@@ -920,14 +920,6 @@ const char *v4l2_ctrl_get_name(u32 id)
case V4L2_CID_MPEG_VIDEO_H264_I_FRAME_MAX_QP: return "H264 I-Frame Maximum QP Value";
case V4L2_CID_MPEG_VIDEO_H264_P_FRAME_MIN_QP: return "H264 P-Frame Minimum QP Value";
case V4L2_CID_MPEG_VIDEO_H264_P_FRAME_MAX_QP: return "H264 P-Frame Maximum QP Value";
- case V4L2_CID_MPEG_VIDEO_H264_SPS: return "H264 Sequence Parameter Set";
- case V4L2_CID_MPEG_VIDEO_H264_PPS: return "H264 Picture Parameter Set";
- case V4L2_CID_MPEG_VIDEO_H264_SCALING_MATRIX: return "H264 Scaling Matrix";
- case V4L2_CID_MPEG_VIDEO_H264_SLICE_PARAMS: return "H264 Slice Parameters";
- case V4L2_CID_MPEG_VIDEO_H264_DECODE_PARAMS: return "H264 Decode Parameters";
- case V4L2_CID_MPEG_VIDEO_H264_DECODE_MODE: return "H264 Decode Mode";
- case V4L2_CID_MPEG_VIDEO_H264_START_CODE: return "H264 Start Code";
- case V4L2_CID_MPEG_VIDEO_H264_PRED_WEIGHTS: return "H264 Prediction Weight Table";
case V4L2_CID_MPEG_VIDEO_MPEG2_LEVEL: return "MPEG2 Level";
case V4L2_CID_MPEG_VIDEO_MPEG2_PROFILE: return "MPEG2 Profile";
case V4L2_CID_MPEG_VIDEO_MPEG4_I_FRAME_QP: return "MPEG4 I-Frame QP Value";
@@ -951,7 +943,6 @@ const char *v4l2_ctrl_get_name(u32 id)
case V4L2_CID_MPEG_VIDEO_FORCE_KEY_FRAME: return "Force Key Frame";
case V4L2_CID_MPEG_VIDEO_MPEG2_SLICE_PARAMS: return "MPEG-2 Slice Parameters";
case V4L2_CID_MPEG_VIDEO_MPEG2_QUANTIZATION: return "MPEG-2 Quantization Matrices";
- case V4L2_CID_MPEG_VIDEO_FWHT_PARAMS: return "FWHT Stateless Parameters";
case V4L2_CID_FWHT_I_FRAME_QP: return "FWHT I-Frame QP Value";
case V4L2_CID_FWHT_P_FRAME_QP: return "FWHT P-Frame QP Value";
@@ -1181,6 +1172,19 @@ const char *v4l2_ctrl_get_name(u32 id)
case V4L2_CID_DETECT_MD_GLOBAL_THRESHOLD: return "MD Global Threshold";
case V4L2_CID_DETECT_MD_THRESHOLD_GRID: return "MD Threshold Grid";
case V4L2_CID_DETECT_MD_REGION_GRID: return "MD Region Grid";
+
+ /* Stateless Codec controls */
+ /* Keep the order of the 'case's the same as in v4l2-controls.h! */
+ case V4L2_CID_CODEC_STATELESS_CLASS: return "Stateless Codec Controls";
+ case V4L2_CID_STATELESS_H264_DECODE_MODE: return "H264 Decode Mode";
+ case V4L2_CID_STATELESS_H264_START_CODE: return "H264 Start Code";
+ case V4L2_CID_STATELESS_H264_SPS: return "H264 Sequence Parameter Set";
+ case V4L2_CID_STATELESS_H264_PPS: return "H264 Picture Parameter Set";
+ case V4L2_CID_STATELESS_H264_SCALING_MATRIX: return "H264 Scaling Matrix";
+ case V4L2_CID_STATELESS_H264_PRED_WEIGHTS: return "H264 Prediction Weight Table";
+ case V4L2_CID_STATELESS_H264_SLICE_PARAMS: return "H264 Slice Parameters";
+ case V4L2_CID_STATELESS_H264_DECODE_PARAMS: return "H264 Decode Parameters";
+ case V4L2_CID_STATELESS_FWHT_PARAMS: return "FWHT Stateless Parameters";
default:
return NULL;
}
@@ -1306,8 +1310,6 @@ void v4l2_ctrl_fill(u32 id, const char **name, enum v4l2_ctrl_type *type,
case V4L2_CID_MPEG_VIDEO_H264_VUI_SAR_IDC:
case V4L2_CID_MPEG_VIDEO_H264_SEI_FP_ARRANGEMENT_TYPE:
case V4L2_CID_MPEG_VIDEO_H264_FMO_MAP_TYPE:
- case V4L2_CID_MPEG_VIDEO_H264_DECODE_MODE:
- case V4L2_CID_MPEG_VIDEO_H264_START_CODE:
case V4L2_CID_MPEG_VIDEO_MPEG2_LEVEL:
case V4L2_CID_MPEG_VIDEO_MPEG2_PROFILE:
case V4L2_CID_MPEG_VIDEO_MPEG4_LEVEL:
@@ -1338,6 +1340,8 @@ void v4l2_ctrl_fill(u32 id, const char **name, enum v4l2_ctrl_type *type,
case V4L2_CID_MPEG_VIDEO_HEVC_LOOP_FILTER_MODE:
case V4L2_CID_MPEG_VIDEO_HEVC_DECODE_MODE:
case V4L2_CID_MPEG_VIDEO_HEVC_START_CODE:
+ case V4L2_CID_STATELESS_H264_DECODE_MODE:
+ case V4L2_CID_STATELESS_H264_START_CODE:
case V4L2_CID_CAMERA_ORIENTATION:
*type = V4L2_CTRL_TYPE_MENU;
break;
@@ -1358,7 +1362,7 @@ void v4l2_ctrl_fill(u32 id, const char **name, enum v4l2_ctrl_type *type,
break;
case V4L2_CID_USER_CLASS:
case V4L2_CID_CAMERA_CLASS:
- case V4L2_CID_MPEG_CLASS:
+ case V4L2_CID_CODEC_CLASS:
case V4L2_CID_FM_TX_CLASS:
case V4L2_CID_FLASH_CLASS:
case V4L2_CID_JPEG_CLASS:
@@ -1368,6 +1372,7 @@ void v4l2_ctrl_fill(u32 id, const char **name, enum v4l2_ctrl_type *type,
case V4L2_CID_FM_RX_CLASS:
case V4L2_CID_RF_TUNER_CLASS:
case V4L2_CID_DETECT_CLASS:
+ case V4L2_CID_CODEC_STATELESS_CLASS:
*type = V4L2_CTRL_TYPE_CTRL_CLASS;
/* You can neither read not write these */
*flags |= V4L2_CTRL_FLAG_READ_ONLY | V4L2_CTRL_FLAG_WRITE_ONLY;
@@ -1428,25 +1433,25 @@ void v4l2_ctrl_fill(u32 id, const char **name, enum v4l2_ctrl_type *type,
case V4L2_CID_MPEG_VIDEO_MPEG2_QUANTIZATION:
*type = V4L2_CTRL_TYPE_MPEG2_QUANTIZATION;
break;
- case V4L2_CID_MPEG_VIDEO_FWHT_PARAMS:
+ case V4L2_CID_STATELESS_FWHT_PARAMS:
*type = V4L2_CTRL_TYPE_FWHT_PARAMS;
break;
- case V4L2_CID_MPEG_VIDEO_H264_SPS:
+ case V4L2_CID_STATELESS_H264_SPS:
*type = V4L2_CTRL_TYPE_H264_SPS;
break;
- case V4L2_CID_MPEG_VIDEO_H264_PPS:
+ case V4L2_CID_STATELESS_H264_PPS:
*type = V4L2_CTRL_TYPE_H264_PPS;
break;
- case V4L2_CID_MPEG_VIDEO_H264_SCALING_MATRIX:
+ case V4L2_CID_STATELESS_H264_SCALING_MATRIX:
*type = V4L2_CTRL_TYPE_H264_SCALING_MATRIX;
break;
- case V4L2_CID_MPEG_VIDEO_H264_SLICE_PARAMS:
+ case V4L2_CID_STATELESS_H264_SLICE_PARAMS:
*type = V4L2_CTRL_TYPE_H264_SLICE_PARAMS;
break;
- case V4L2_CID_MPEG_VIDEO_H264_DECODE_PARAMS:
+ case V4L2_CID_STATELESS_H264_DECODE_PARAMS:
*type = V4L2_CTRL_TYPE_H264_DECODE_PARAMS;
break;
- case V4L2_CID_MPEG_VIDEO_H264_PRED_WEIGHTS:
+ case V4L2_CID_STATELESS_H264_PRED_WEIGHTS:
*type = V4L2_CTRL_TYPE_H264_PRED_WEIGHTS;
break;
case V4L2_CID_MPEG_VIDEO_VP8_FRAME_HEADER:
@@ -1621,6 +1626,8 @@ static void std_init_compound(const struct v4l2_ctrl *ctrl, u32 idx,
union v4l2_ctrl_ptr ptr)
{
struct v4l2_ctrl_mpeg2_slice_params *p_mpeg2_slice_params;
+ struct v4l2_ctrl_vp8_frame_header *p_vp8_frame_header;
+ struct v4l2_ctrl_fwht_params *p_fwht_params;
void *p = ptr.p + idx * ctrl->elem_size;
if (ctrl->p_def.p_const)
@@ -1643,6 +1650,16 @@ static void std_init_compound(const struct v4l2_ctrl *ctrl, u32 idx,
p_mpeg2_slice_params->picture.picture_coding_type =
V4L2_MPEG2_PICTURE_CODING_TYPE_I;
break;
+ case V4L2_CTRL_TYPE_VP8_FRAME_HEADER:
+ p_vp8_frame_header = p;
+ p_vp8_frame_header->num_dct_parts = 1;
+ break;
+ case V4L2_CTRL_TYPE_FWHT_PARAMS:
+ p_fwht_params = p;
+ p_fwht_params->version = V4L2_FWHT_VERSION;
+ p_fwht_params->width = 1280;
+ p_fwht_params->height = 720;
+ break;
}
}
@@ -1727,6 +1744,27 @@ static void std_log(const struct v4l2_ctrl *ctrl)
case V4L2_CTRL_TYPE_U32:
pr_cont("%u", (unsigned)*ptr.p_u32);
break;
+ case V4L2_CTRL_TYPE_H264_SPS:
+ pr_cont("H264_SPS");
+ break;
+ case V4L2_CTRL_TYPE_H264_PPS:
+ pr_cont("H264_PPS");
+ break;
+ case V4L2_CTRL_TYPE_H264_SCALING_MATRIX:
+ pr_cont("H264_SCALING_MATRIX");
+ break;
+ case V4L2_CTRL_TYPE_H264_SLICE_PARAMS:
+ pr_cont("H264_SLICE_PARAMS");
+ break;
+ case V4L2_CTRL_TYPE_H264_DECODE_PARAMS:
+ pr_cont("H264_DECODE_PARAMS");
+ break;
+ case V4L2_CTRL_TYPE_H264_PRED_WEIGHTS:
+ pr_cont("H264_PRED_WEIGHTS");
+ break;
+ case V4L2_CTRL_TYPE_FWHT_PARAMS:
+ pr_cont("FWHT_PARAMS");
+ break;
default:
pr_cont("unknown type %d", ctrl->type);
break;
@@ -1770,6 +1808,10 @@ static int std_validate_compound(const struct v4l2_ctrl *ctrl, u32 idx,
{
struct v4l2_ctrl_mpeg2_slice_params *p_mpeg2_slice_params;
struct v4l2_ctrl_vp8_frame_header *p_vp8_frame_header;
+ struct v4l2_ctrl_fwht_params *p_fwht_params;
+ struct v4l2_ctrl_h264_sps *p_h264_sps;
+ struct v4l2_ctrl_h264_pps *p_h264_pps;
+ struct v4l2_ctrl_h264_pred_weights *p_h264_pred_weights;
struct v4l2_ctrl_h264_slice_params *p_h264_slice_params;
struct v4l2_ctrl_h264_decode_params *p_h264_dec_params;
struct v4l2_ctrl_hevc_sps *p_hevc_sps;
@@ -1826,23 +1868,159 @@ static int std_validate_compound(const struct v4l2_ctrl *ctrl, u32 idx,
break;
case V4L2_CTRL_TYPE_FWHT_PARAMS:
+ p_fwht_params = p;
+ if (p_fwht_params->version < V4L2_FWHT_VERSION)
+ return -EINVAL;
+ if (!p_fwht_params->width || !p_fwht_params->height)
+ return -EINVAL;
break;
case V4L2_CTRL_TYPE_H264_SPS:
+ p_h264_sps = p;
+
+ /* Some syntax elements are only conditionally valid */
+ if (p_h264_sps->pic_order_cnt_type != 0) {
+ p_h264_sps->log2_max_pic_order_cnt_lsb_minus4 = 0;
+ } else if (p_h264_sps->pic_order_cnt_type != 1) {
+ p_h264_sps->num_ref_frames_in_pic_order_cnt_cycle = 0;
+ p_h264_sps->offset_for_non_ref_pic = 0;
+ p_h264_sps->offset_for_top_to_bottom_field = 0;
+ memset(&p_h264_sps->offset_for_ref_frame, 0,
+ sizeof(p_h264_sps->offset_for_ref_frame));
+ }
+
+ if (!V4L2_H264_SPS_HAS_CHROMA_FORMAT(p_h264_sps)) {
+ p_h264_sps->chroma_format_idc = 1;
+ p_h264_sps->bit_depth_luma_minus8 = 0;
+ p_h264_sps->bit_depth_chroma_minus8 = 0;
+
+ p_h264_sps->flags &=
+ ~V4L2_H264_SPS_FLAG_QPPRIME_Y_ZERO_TRANSFORM_BYPASS;
+
+ if (p_h264_sps->chroma_format_idc < 3)
+ p_h264_sps->flags &=
+ ~V4L2_H264_SPS_FLAG_SEPARATE_COLOUR_PLANE;
+ }
+
+ if (p_h264_sps->flags & V4L2_H264_SPS_FLAG_FRAME_MBS_ONLY)
+ p_h264_sps->flags &=
+ ~V4L2_H264_SPS_FLAG_MB_ADAPTIVE_FRAME_FIELD;
+
+ /*
+ * Chroma 4:2:2 format require at least High 4:2:2 profile.
+ *
+ * The H264 specification and well-known parser implementations
+ * use profile-idc values directly, as that is clearer and
+ * less ambiguous. We do the same here.
+ */
+ if (p_h264_sps->profile_idc < 122 &&
+ p_h264_sps->chroma_format_idc > 1)
+ return -EINVAL;
+ /* Chroma 4:4:4 format require at least High 4:2:2 profile */
+ if (p_h264_sps->profile_idc < 244 &&
+ p_h264_sps->chroma_format_idc > 2)
+ return -EINVAL;
+ if (p_h264_sps->chroma_format_idc > 3)
+ return -EINVAL;
+
+ if (p_h264_sps->bit_depth_luma_minus8 > 6)
+ return -EINVAL;
+ if (p_h264_sps->bit_depth_chroma_minus8 > 6)
+ return -EINVAL;
+ if (p_h264_sps->log2_max_frame_num_minus4 > 12)
+ return -EINVAL;
+ if (p_h264_sps->pic_order_cnt_type > 2)
+ return -EINVAL;
+ if (p_h264_sps->log2_max_pic_order_cnt_lsb_minus4 > 12)
+ return -EINVAL;
+ if (p_h264_sps->max_num_ref_frames > V4L2_H264_REF_LIST_LEN)
+ return -EINVAL;
+ break;
+
case V4L2_CTRL_TYPE_H264_PPS:
+ p_h264_pps = p;
+
+ if (p_h264_pps->num_slice_groups_minus1 > 7)
+ return -EINVAL;
+ if (p_h264_pps->num_ref_idx_l0_default_active_minus1 >
+ (V4L2_H264_REF_LIST_LEN - 1))
+ return -EINVAL;
+ if (p_h264_pps->num_ref_idx_l1_default_active_minus1 >
+ (V4L2_H264_REF_LIST_LEN - 1))
+ return -EINVAL;
+ if (p_h264_pps->weighted_bipred_idc > 2)
+ return -EINVAL;
+ /*
+ * pic_init_qp_minus26 shall be in the range of
+ * -(26 + QpBdOffset_y) to +25, inclusive,
+ * where QpBdOffset_y is 6 * bit_depth_luma_minus8
+ */
+ if (p_h264_pps->pic_init_qp_minus26 < -62 ||
+ p_h264_pps->pic_init_qp_minus26 > 25)
+ return -EINVAL;
+ if (p_h264_pps->pic_init_qs_minus26 < -26 ||
+ p_h264_pps->pic_init_qs_minus26 > 25)
+ return -EINVAL;
+ if (p_h264_pps->chroma_qp_index_offset < -12 ||
+ p_h264_pps->chroma_qp_index_offset > 12)
+ return -EINVAL;
+ if (p_h264_pps->second_chroma_qp_index_offset < -12 ||
+ p_h264_pps->second_chroma_qp_index_offset > 12)
+ return -EINVAL;
+ break;
+
case V4L2_CTRL_TYPE_H264_SCALING_MATRIX:
+ break;
+
case V4L2_CTRL_TYPE_H264_PRED_WEIGHTS:
+ p_h264_pred_weights = p;
+
+ if (p_h264_pred_weights->luma_log2_weight_denom > 7)
+ return -EINVAL;
+ if (p_h264_pred_weights->chroma_log2_weight_denom > 7)
+ return -EINVAL;
break;
case V4L2_CTRL_TYPE_H264_SLICE_PARAMS:
p_h264_slice_params = p;
+ if (p_h264_slice_params->slice_type != V4L2_H264_SLICE_TYPE_B)
+ p_h264_slice_params->flags &=
+ ~V4L2_H264_SLICE_FLAG_DIRECT_SPATIAL_MV_PRED;
+
+ if (p_h264_slice_params->colour_plane_id > 2)
+ return -EINVAL;
+ if (p_h264_slice_params->cabac_init_idc > 2)
+ return -EINVAL;
+ if (p_h264_slice_params->disable_deblocking_filter_idc > 2)
+ return -EINVAL;
+ if (p_h264_slice_params->slice_alpha_c0_offset_div2 < -6 ||
+ p_h264_slice_params->slice_alpha_c0_offset_div2 > 6)
+ return -EINVAL;
+ if (p_h264_slice_params->slice_beta_offset_div2 < -6 ||
+ p_h264_slice_params->slice_beta_offset_div2 > 6)
+ return -EINVAL;
+
+ if (p_h264_slice_params->slice_type == V4L2_H264_SLICE_TYPE_I ||
+ p_h264_slice_params->slice_type == V4L2_H264_SLICE_TYPE_SI)
+ p_h264_slice_params->num_ref_idx_l0_active_minus1 = 0;
+ if (p_h264_slice_params->slice_type != V4L2_H264_SLICE_TYPE_B)
+ p_h264_slice_params->num_ref_idx_l1_active_minus1 = 0;
+
+ if (p_h264_slice_params->num_ref_idx_l0_active_minus1 >
+ (V4L2_H264_REF_LIST_LEN - 1))
+ return -EINVAL;
+ if (p_h264_slice_params->num_ref_idx_l1_active_minus1 >
+ (V4L2_H264_REF_LIST_LEN - 1))
+ return -EINVAL;
zero_reserved(*p_h264_slice_params);
break;
case V4L2_CTRL_TYPE_H264_DECODE_PARAMS:
p_h264_dec_params = p;
+ if (p_h264_dec_params->nal_ref_idc > 3)
+ return -EINVAL;
for (i = 0; i < V4L2_H264_NUM_DPB_ENTRIES; i++) {
struct v4l2_h264_dpb_entry *dpb_entry =
&p_h264_dec_params->dpb[i];
@@ -3363,9 +3541,6 @@ static int v4l2_ctrl_request_clone(struct v4l2_ctrl_handler *hdl,
/* Skip refs inherited from other devices */
if (ref->from_other_dev)
continue;
- /* And buttons */
- if (ctrl->type == V4L2_CTRL_TYPE_BUTTON)
- continue;
err = handler_new_ref(hdl, ctrl, &new_ref, false, true);
if (err)
break;
@@ -4110,8 +4285,13 @@ static int try_set_ext_ctrls_common(struct v4l2_fh *fh,
struct v4l2_ctrl *ctrl = helpers[idx].ref->ctrl;
ret = user_to_new(cs->controls + idx, ctrl);
- if (!ret && ctrl->is_ptr)
+ if (!ret && ctrl->is_ptr) {
ret = validate_new(ctrl, ctrl->p_new);
+ if (ret)
+ dprintk(vdev,
+ "failed to validate control %s (%d)\n",
+ v4l2_ctrl_get_name(ctrl->id), ret);
+ }
idx = helpers[idx].next;
} while (!ret && idx);
@@ -4447,8 +4627,7 @@ int v4l2_ctrl_request_setup(struct media_request *req,
* Skip if this control was already handled by a cluster.
* Skip button controls and read-only controls.
*/
- if (ref->req_done || ctrl->type == V4L2_CTRL_TYPE_BUTTON ||
- (ctrl->flags & V4L2_CTRL_FLAG_READ_ONLY))
+ if (ref->req_done || (ctrl->flags & V4L2_CTRL_FLAG_READ_ONLY))
continue;
v4l2_ctrl_lock(master);
diff --git a/drivers/media/v4l2-core/v4l2-device.c b/drivers/media/v4l2-core/v4l2-device.c
index de4287251a89..d2e58ae91f9b 100644
--- a/drivers/media/v4l2-core/v4l2-device.c
+++ b/drivers/media/v4l2-core/v4l2-device.c
@@ -218,13 +218,14 @@ int __v4l2_device_register_subdev_nodes(struct v4l2_device *v4l2_dev,
vdev->ctrl_handler = sd->ctrl_handler;
if (read_only)
set_bit(V4L2_FL_SUBDEV_RO_DEVNODE, &vdev->flags);
+ sd->devnode = vdev;
err = __video_register_device(vdev, VFL_TYPE_SUBDEV, -1, 1,
sd->owner);
if (err < 0) {
+ sd->devnode = NULL;
kfree(vdev);
goto clean_up;
}
- sd->devnode = vdev;
#if defined(CONFIG_MEDIA_CONTROLLER)
sd->entity.info.dev.major = VIDEO_MAJOR;
sd->entity.info.dev.minor = vdev->minor;
diff --git a/drivers/media/v4l2-core/v4l2-fwnode.c b/drivers/media/v4l2-core/v4l2-fwnode.c
index d7bbe33840cb..5353e37eb950 100644
--- a/drivers/media/v4l2-core/v4l2-fwnode.c
+++ b/drivers/media/v4l2-core/v4l2-fwnode.c
@@ -93,7 +93,7 @@ v4l2_fwnode_bus_type_to_mbus(enum v4l2_fwnode_bus_type type)
const struct v4l2_fwnode_bus_conv *conv =
get_v4l2_fwnode_bus_conv_by_fwnode_bus(type);
- return conv ? conv->mbus_type : V4L2_MBUS_UNKNOWN;
+ return conv ? conv->mbus_type : V4L2_MBUS_INVALID;
}
static const char *
@@ -416,26 +416,18 @@ static int __v4l2_fwnode_endpoint_parse(struct fwnode_handle *fwnode,
enum v4l2_mbus_type mbus_type;
int rval;
- if (vep->bus_type == V4L2_MBUS_UNKNOWN) {
- /* Zero fields from bus union to until the end */
- memset(&vep->bus, 0,
- sizeof(*vep) - offsetof(typeof(*vep), bus));
- }
-
pr_debug("===== begin parsing endpoint %pfw\n", fwnode);
- /*
- * Zero the fwnode graph endpoint memory in case we don't end up parsing
- * the endpoint.
- */
- memset(&vep->base, 0, sizeof(vep->base));
-
fwnode_property_read_u32(fwnode, "bus-type", &bus_type);
pr_debug("fwnode video bus type %s (%u), mbus type %s (%u)\n",
v4l2_fwnode_bus_type_to_string(bus_type), bus_type,
v4l2_fwnode_mbus_type_to_string(vep->bus_type),
vep->bus_type);
mbus_type = v4l2_fwnode_bus_type_to_mbus(bus_type);
+ if (mbus_type == V4L2_MBUS_INVALID) {
+ pr_debug("unsupported bus type %u\n", bus_type);
+ return -EINVAL;
+ }
if (vep->bus_type != V4L2_MBUS_UNKNOWN) {
if (mbus_type != V4L2_MBUS_UNKNOWN &&
@@ -919,20 +911,6 @@ v4l2_async_notifier_parse_fwnode_endpoints(struct device *dev,
}
EXPORT_SYMBOL_GPL(v4l2_async_notifier_parse_fwnode_endpoints);
-int
-v4l2_async_notifier_parse_fwnode_endpoints_by_port(struct device *dev,
- struct v4l2_async_notifier *notifier,
- size_t asd_struct_size,
- unsigned int port,
- parse_endpoint_func parse_endpoint)
-{
- return __v4l2_async_notifier_parse_fwnode_ep(dev, notifier,
- asd_struct_size,
- port, true,
- parse_endpoint);
-}
-EXPORT_SYMBOL_GPL(v4l2_async_notifier_parse_fwnode_endpoints_by_port);
-
/*
* v4l2_fwnode_reference_parse - parse references for async sub-devices
* @dev: the device node the properties of which are parsed for references
diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c
index eeff398fbdcc..3198abdd538c 100644
--- a/drivers/media/v4l2-core/v4l2-ioctl.c
+++ b/drivers/media/v4l2-core/v4l2-ioctl.c
@@ -8,6 +8,7 @@
* Mauro Carvalho Chehab <mchehab@kernel.org> (version 2)
*/
+#include <linux/compat.h>
#include <linux/mm.h>
#include <linux/module.h>
#include <linux/slab.h>
@@ -1402,6 +1403,8 @@ static void v4l_fill_fmtdesc(struct v4l2_fmtdesc *fmt)
case V4L2_META_FMT_UVC: descr = "UVC Payload Header Metadata"; break;
case V4L2_META_FMT_D4XX: descr = "Intel D4xx UVC Metadata"; break;
case V4L2_META_FMT_VIVID: descr = "Vivid Metadata"; break;
+ case V4L2_META_FMT_RK_ISP1_PARAMS: descr = "Rockchip ISP1 3A Parameters"; break;
+ case V4L2_META_FMT_RK_ISP1_STAT_3A: descr = "Rockchip ISP1 3A Statistics"; break;
default:
/* Compressed formats */
@@ -1581,7 +1584,7 @@ static int v4l_g_fmt(const struct v4l2_ioctl_ops *ops,
switch (p->type) {
case V4L2_BUF_TYPE_VIDEO_OVERLAY:
case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY: {
- struct v4l2_clip __user *clips = p->fmt.win.clips;
+ struct v4l2_clip *clips = p->fmt.win.clips;
u32 clipcount = p->fmt.win.clipcount;
void __user *bitmap = p->fmt.win.bitmap;
@@ -3083,6 +3086,27 @@ static int check_array_args(unsigned int cmd, void *parg, size_t *array_size,
}
break;
}
+ case VIDIOC_G_FMT:
+ case VIDIOC_S_FMT:
+ case VIDIOC_TRY_FMT: {
+ struct v4l2_format *fmt = parg;
+
+ if (fmt->type != V4L2_BUF_TYPE_VIDEO_OVERLAY &&
+ fmt->type != V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY)
+ break;
+ if (fmt->fmt.win.clipcount > 2048)
+ return -EINVAL;
+ if (!fmt->fmt.win.clipcount)
+ break;
+
+ *user_ptr = (void __user *)fmt->fmt.win.clips;
+ *kernel_ptr = (void **)&fmt->fmt.win.clips;
+ *array_size = sizeof(struct v4l2_clip)
+ * fmt->fmt.win.clipcount;
+
+ ret = 1;
+ break;
+ }
}
return ret;
@@ -3104,14 +3128,18 @@ static unsigned int video_translate_cmd(unsigned int cmd)
return VIDIOC_PREPARE_BUF;
#endif
}
+ if (in_compat_syscall())
+ return v4l2_compat_translate_cmd(cmd);
return cmd;
}
-static int video_get_user(void __user *arg, void *parg, unsigned int cmd,
+static int video_get_user(void __user *arg, void *parg,
+ unsigned int real_cmd, unsigned int cmd,
bool *always_copy)
{
- unsigned int n = _IOC_SIZE(cmd);
+ unsigned int n = _IOC_SIZE(real_cmd);
+ int err = 0;
if (!(_IOC_DIR(cmd) & _IOC_WRITE)) {
/* read-only ioctl */
@@ -3119,73 +3147,82 @@ static int video_get_user(void __user *arg, void *parg, unsigned int cmd,
return 0;
}
- switch (cmd) {
-#ifdef CONFIG_COMPAT_32BIT_TIME
- case VIDIOC_QUERYBUF_TIME32:
- case VIDIOC_QBUF_TIME32:
- case VIDIOC_DQBUF_TIME32:
- case VIDIOC_PREPARE_BUF_TIME32: {
- struct v4l2_buffer_time32 vb32;
- struct v4l2_buffer *vb = parg;
-
- if (copy_from_user(&vb32, arg, sizeof(vb32)))
- return -EFAULT;
-
- *vb = (struct v4l2_buffer) {
- .index = vb32.index,
- .type = vb32.type,
- .bytesused = vb32.bytesused,
- .flags = vb32.flags,
- .field = vb32.field,
- .timestamp.tv_sec = vb32.timestamp.tv_sec,
- .timestamp.tv_usec = vb32.timestamp.tv_usec,
- .timecode = vb32.timecode,
- .sequence = vb32.sequence,
- .memory = vb32.memory,
- .m.userptr = vb32.m.userptr,
- .length = vb32.length,
- .request_fd = vb32.request_fd,
- };
-
- if (cmd == VIDIOC_QUERYBUF_TIME32)
- vb->request_fd = 0;
+ /*
+ * In some cases, only a few fields are used as input,
+ * i.e. when the app sets "index" and then the driver
+ * fills in the rest of the structure for the thing
+ * with that index. We only need to copy up the first
+ * non-input field.
+ */
+ if (v4l2_is_known_ioctl(real_cmd)) {
+ u32 flags = v4l2_ioctls[_IOC_NR(real_cmd)].flags;
- break;
+ if (flags & INFO_FL_CLEAR_MASK)
+ n = (flags & INFO_FL_CLEAR_MASK) >> 16;
+ *always_copy = flags & INFO_FL_ALWAYS_COPY;
}
-#endif
- default:
- /*
- * In some cases, only a few fields are used as input,
- * i.e. when the app sets "index" and then the driver
- * fills in the rest of the structure for the thing
- * with that index. We only need to copy up the first
- * non-input field.
- */
- if (v4l2_is_known_ioctl(cmd)) {
- u32 flags = v4l2_ioctls[_IOC_NR(cmd)].flags;
-
- if (flags & INFO_FL_CLEAR_MASK)
- n = (flags & INFO_FL_CLEAR_MASK) >> 16;
- *always_copy = flags & INFO_FL_ALWAYS_COPY;
- }
+ if (cmd == real_cmd) {
if (copy_from_user(parg, (void __user *)arg, n))
- return -EFAULT;
-
- /* zero out anything we don't copy from userspace */
- if (n < _IOC_SIZE(cmd))
- memset((u8 *)parg + n, 0, _IOC_SIZE(cmd) - n);
- break;
+ err = -EFAULT;
+ } else if (in_compat_syscall()) {
+ err = v4l2_compat_get_user(arg, parg, cmd);
+ } else {
+ switch (cmd) {
+#ifdef CONFIG_COMPAT_32BIT_TIME
+ case VIDIOC_QUERYBUF_TIME32:
+ case VIDIOC_QBUF_TIME32:
+ case VIDIOC_DQBUF_TIME32:
+ case VIDIOC_PREPARE_BUF_TIME32: {
+ struct v4l2_buffer_time32 vb32;
+ struct v4l2_buffer *vb = parg;
+
+ if (copy_from_user(&vb32, arg, sizeof(vb32)))
+ return -EFAULT;
+
+ *vb = (struct v4l2_buffer) {
+ .index = vb32.index,
+ .type = vb32.type,
+ .bytesused = vb32.bytesused,
+ .flags = vb32.flags,
+ .field = vb32.field,
+ .timestamp.tv_sec = vb32.timestamp.tv_sec,
+ .timestamp.tv_usec = vb32.timestamp.tv_usec,
+ .timecode = vb32.timecode,
+ .sequence = vb32.sequence,
+ .memory = vb32.memory,
+ .m.userptr = vb32.m.userptr,
+ .length = vb32.length,
+ .request_fd = vb32.request_fd,
+ };
+ break;
+ }
+#endif
+ }
}
- return 0;
+ /* zero out anything we don't copy from userspace */
+ if (!err && n < _IOC_SIZE(real_cmd))
+ memset((u8 *)parg + n, 0, _IOC_SIZE(real_cmd) - n);
+ return err;
}
-static int video_put_user(void __user *arg, void *parg, unsigned int cmd)
+static int video_put_user(void __user *arg, void *parg,
+ unsigned int real_cmd, unsigned int cmd)
{
if (!(_IOC_DIR(cmd) & _IOC_READ))
return 0;
+ if (cmd == real_cmd) {
+ /* Copy results into user buffer */
+ if (copy_to_user(arg, parg, _IOC_SIZE(cmd)))
+ return -EFAULT;
+ return 0;
+ }
+
+ if (in_compat_syscall())
+ return v4l2_compat_put_user(arg, parg, cmd);
+
switch (cmd) {
#ifdef CONFIG_COMPAT_32BIT_TIME
case VIDIOC_DQEVENT_TIME32: {
@@ -3236,11 +3273,6 @@ static int video_put_user(void __user *arg, void *parg, unsigned int cmd)
break;
}
#endif
- default:
- /* Copy results into user buffer */
- if (copy_to_user(arg, parg, _IOC_SIZE(cmd)))
- return -EFAULT;
- break;
}
return 0;
@@ -3274,8 +3306,8 @@ video_usercopy(struct file *file, unsigned int orig_cmd, unsigned long arg,
parg = mbuf;
}
- err = video_get_user((void __user *)arg, parg, orig_cmd,
- &always_copy);
+ err = video_get_user((void __user *)arg, parg, cmd,
+ orig_cmd, &always_copy);
if (err)
goto out;
}
@@ -3297,7 +3329,14 @@ video_usercopy(struct file *file, unsigned int orig_cmd, unsigned long arg,
if (NULL == mbuf)
goto out_array_args;
err = -EFAULT;
- if (copy_from_user(mbuf, user_ptr, array_size))
+ if (in_compat_syscall())
+ err = v4l2_compat_get_array_args(file, mbuf, user_ptr,
+ array_size, orig_cmd,
+ parg);
+ else
+ err = copy_from_user(mbuf, user_ptr, array_size) ?
+ -EFAULT : 0;
+ if (err)
goto out_array_args;
*kernel_ptr = mbuf;
}
@@ -3318,8 +3357,17 @@ video_usercopy(struct file *file, unsigned int orig_cmd, unsigned long arg,
if (has_array_args) {
*kernel_ptr = (void __force *)user_ptr;
- if (copy_to_user(user_ptr, mbuf, array_size))
+ if (in_compat_syscall()) {
+ int put_err;
+
+ put_err = v4l2_compat_put_array_args(file, user_ptr, mbuf,
+ array_size, orig_cmd,
+ parg);
+ if (put_err)
+ err = put_err;
+ } else if (copy_to_user(user_ptr, mbuf, array_size)) {
err = -EFAULT;
+ }
goto out_array_args;
}
/*
@@ -3330,7 +3378,7 @@ video_usercopy(struct file *file, unsigned int orig_cmd, unsigned long arg,
goto out;
out_array_args:
- if (video_put_user((void __user *)arg, parg, orig_cmd))
+ if (video_put_user((void __user *)arg, parg, cmd, orig_cmd))
err = -EFAULT;
out:
kvfree(mbuf);
diff --git a/drivers/media/v4l2-core/v4l2-subdev.c b/drivers/media/v4l2-core/v4l2-subdev.c
index a7d508e74d6b..956dafab43d4 100644
--- a/drivers/media/v4l2-core/v4l2-subdev.c
+++ b/drivers/media/v4l2-core/v4l2-subdev.c
@@ -792,21 +792,55 @@ int v4l2_subdev_link_validate_default(struct v4l2_subdev *sd,
struct v4l2_subdev_format *source_fmt,
struct v4l2_subdev_format *sink_fmt)
{
+ bool pass = true;
+
/* The width, height and code must match. */
- if (source_fmt->format.width != sink_fmt->format.width
- || source_fmt->format.height != sink_fmt->format.height
- || source_fmt->format.code != sink_fmt->format.code)
- return -EPIPE;
+ if (source_fmt->format.width != sink_fmt->format.width) {
+ dev_dbg(sd->entity.graph_obj.mdev->dev,
+ "%s: width does not match (source %u, sink %u)\n",
+ __func__,
+ source_fmt->format.width, sink_fmt->format.width);
+ pass = false;
+ }
+
+ if (source_fmt->format.height != sink_fmt->format.height) {
+ dev_dbg(sd->entity.graph_obj.mdev->dev,
+ "%s: height does not match (source %u, sink %u)\n",
+ __func__,
+ source_fmt->format.height, sink_fmt->format.height);
+ pass = false;
+ }
+
+ if (source_fmt->format.code != sink_fmt->format.code) {
+ dev_dbg(sd->entity.graph_obj.mdev->dev,
+ "%s: media bus code does not match (source 0x%8.8x, sink 0x%8.8x)\n",
+ __func__,
+ source_fmt->format.code, sink_fmt->format.code);
+ pass = false;
+ }
/* The field order must match, or the sink field order must be NONE
* to support interlaced hardware connected to bridges that support
* progressive formats only.
*/
if (source_fmt->format.field != sink_fmt->format.field &&
- sink_fmt->format.field != V4L2_FIELD_NONE)
- return -EPIPE;
+ sink_fmt->format.field != V4L2_FIELD_NONE) {
+ dev_dbg(sd->entity.graph_obj.mdev->dev,
+ "%s: field does not match (source %u, sink %u)\n",
+ __func__,
+ source_fmt->format.field, sink_fmt->format.field);
+ pass = false;
+ }
- return 0;
+ if (pass)
+ return 0;
+
+ dev_dbg(sd->entity.graph_obj.mdev->dev,
+ "%s: link was \"%s\":%u -> \"%s\":%u\n", __func__,
+ link->source->entity->name, link->source->index,
+ link->sink->entity->name, link->sink->index);
+
+ return -EPIPE;
}
EXPORT_SYMBOL_GPL(v4l2_subdev_link_validate_default);
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.