Commit 9f1a693f authored by Hans Verkuil's avatar Hans Verkuil Committed by Mauro Carvalho Chehab

V4L/DVB (10920): v4l2-ioctl: fix partial-copy code.

The code to optimize the usercopy only checked the ioctl NR field. However,
this code is also called for non-V4L2 ioctls (either private or ioctls from
linux/dvb/audio.h and linux/dvb/video.h for decoder drivers like ivtv).

If such an ioctl has the same NR as a V4L2 ioctl, then disaster strikes.

Modified the code to check on the full command ID.

Thanks to Martin Dauskardt for tracing the ivtv breakage to this particular
change.
Signed-off-by: default avatarHans Verkuil <hverkuil@xs4all.nl>
Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@redhat.com>
parent 501cd11a
...@@ -1796,11 +1796,12 @@ static long __video_do_ioctl(struct file *file, ...@@ -1796,11 +1796,12 @@ static long __video_do_ioctl(struct file *file,
static unsigned long cmd_input_size(unsigned int cmd) static unsigned long cmd_input_size(unsigned int cmd)
{ {
/* Size of structure up to and including 'field' */ /* Size of structure up to and including 'field' */
#define CMDINSIZE(cmd, type, field) case _IOC_NR(VIDIOC_##cmd): return \ #define CMDINSIZE(cmd, type, field) \
offsetof(struct v4l2_##type, field) + \ case VIDIOC_##cmd: \
return offsetof(struct v4l2_##type, field) + \
sizeof(((struct v4l2_##type *)0)->field); sizeof(((struct v4l2_##type *)0)->field);
switch (_IOC_NR(cmd)) { switch (cmd) {
CMDINSIZE(ENUM_FMT, fmtdesc, type); CMDINSIZE(ENUM_FMT, fmtdesc, type);
CMDINSIZE(G_FMT, format, type); CMDINSIZE(G_FMT, format, type);
CMDINSIZE(QUERYBUF, buffer, type); CMDINSIZE(QUERYBUF, buffer, type);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment