From 39cbc3ab246f283e64becc7e9d3bc9af39560887 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 15 Dec 2020 13:30:57 +0100 Subject: [PATCH] Revert "ANDROID: v4l2-compat-ioctl32.c: copy reserved fields" This reverts commit 584739f5dd25829e2aa0cd19f546cae86b7a2999. Upstream has reworked the copy to/from user logic for the v4l drivers, fixing loads of compatibility issues. To be copying "reserved" fields from the v4l structures seems like a big userspace violation, and as such, the new logic does not allow that. If vendors still require this for their out-of-tree drivers, they can resubmit this patch in the correct format, after discussing it with upstream about if this is allowed or not. Bug: 143160749 Cc: Maheshwar Ajja Signed-off-by: Greg Kroah-Hartman Change-Id: I58fab8345114bf951eb202e39303544ae71b50b7 --- drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 13 ++----------- include/uapi/linux/videodev2.h | 5 +---- 2 files changed, 3 insertions(+), 15 deletions(-) diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c index cd8927eabc33..a99e82ec9ab6 100644 --- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c +++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c @@ -465,11 +465,6 @@ struct v4l2_plane32 { __s32 fd; } m; __u32 data_offset; - /* - * few userspace clients and drivers use reserved fields - * and it is up to them how these fields are used. v4l2 - * simply copy reserved fields between them. - */ __u32 reserved[11]; }; @@ -534,9 +529,7 @@ static int get_v4l2_plane32(struct v4l2_plane __user *p64, if (copy_in_user(p64, p32, 2 * sizeof(__u32)) || copy_in_user(&p64->data_offset, &p32->data_offset, - sizeof(p64->data_offset)) || - copy_in_user(p64->reserved, p32->reserved, - sizeof(p64->reserved))) + sizeof(p64->data_offset))) return -EFAULT; switch (memory) { @@ -568,9 +561,7 @@ static int put_v4l2_plane32(struct v4l2_plane __user *p64, if (copy_in_user(p32, p64, 2 * sizeof(__u32)) || copy_in_user(&p32->data_offset, &p64->data_offset, - sizeof(p64->data_offset)) || - copy_in_user(p32->reserved, p64->reserved, - sizeof(p32->reserved))) + sizeof(p64->data_offset))) return -EFAULT; switch (memory) { diff --git a/include/uapi/linux/videodev2.h b/include/uapi/linux/videodev2.h index 2c75f915fb58..8dd4a5173ba1 100644 --- a/include/uapi/linux/videodev2.h +++ b/include/uapi/linux/videodev2.h @@ -978,9 +978,7 @@ struct v4l2_requestbuffers { * descriptor associated with this plane * @data_offset: offset in the plane to the start of data; usually 0, * unless there is a header in front of the data - * @reserved: few userspace clients and drivers use reserved fields - * and it is up to them how these fields are used. v4l2 - * simply copy reserved fields between them. + * * Multi-planar buffers consist of one or more planes, e.g. an YCbCr buffer * with two planes can have one plane for Y, and another for interleaved CbCr * components. Each plane can reside in a separate memory buffer, or even in @@ -995,7 +993,6 @@ struct v4l2_plane { __s32 fd; } m; __u32 data_offset; - /* reserved fields used by few userspace clients and drivers */ __u32 reserved[11]; };