1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * ioctl32.c: Conversion between 32bit and 64bit native ioctls.
4 * Separated from fs stuff by Arnd Bergmann <arnd@arndb.de>
5 *
6 * Copyright (C) 1997-2000 Jakub Jelinek (jakub@redhat.com)
7 * Copyright (C) 1998 Eddie C. Dost (ecd@skynet.be)
8 * Copyright (C) 2001,2002 Andi Kleen, SuSE Labs
9 * Copyright (C) 2003 Pavel Machek (pavel@ucw.cz)
10 * Copyright (C) 2005 Philippe De Muyter (phdm@macqel.be)
11 * Copyright (C) 2008 Hans Verkuil <hverkuil@xs4all.nl>
12 *
13 * These routines maintain argument size conversion between 32bit and 64bit
14 * ioctls.
15 */
16
17 #include <linux/compat.h>
18 #include <linux/module.h>
19 #include <linux/videodev2.h>
20 #include <linux/v4l2-subdev.h>
21 #include <media/v4l2-dev.h>
22 #include <media/v4l2-fh.h>
23 #include <media/v4l2-ctrls.h>
24 #include <media/v4l2-ioctl.h>
25
26 /*
27 * Per-ioctl data copy handlers.
28 *
29 * Those come in pairs, with a get_v4l2_foo() and a put_v4l2_foo() routine,
30 * where "v4l2_foo" is the name of the V4L2 struct.
31 *
32 * They basically get two __user pointers, one with a 32-bits struct that
33 * came from the userspace call and a 64-bits struct, also allocated as
34 * userspace, but filled internally by do_video_ioctl().
35 *
36 * For ioctls that have pointers inside it, the functions will also
37 * receive an ancillary buffer with extra space, used to pass extra
38 * data to the routine.
39 */
40
41 struct v4l2_clip32 {
42 struct v4l2_rect c;
43 compat_caddr_t next;
44 };
45
46 struct v4l2_window32 {
47 struct v4l2_rect w;
48 __u32 field; /* enum v4l2_field */
49 __u32 chromakey;
50 compat_caddr_t clips; /* actually struct v4l2_clip32 * */
51 __u32 clipcount;
52 compat_caddr_t bitmap;
53 __u8 global_alpha;
54 };
55
get_v4l2_window32(struct v4l2_window * p64,struct v4l2_window32 __user * p32)56 static int get_v4l2_window32(struct v4l2_window *p64,
57 struct v4l2_window32 __user *p32)
58 {
59 struct v4l2_window32 w32;
60
61 if (copy_from_user(&w32, p32, sizeof(w32)))
62 return -EFAULT;
63
64 *p64 = (struct v4l2_window) {
65 .w = w32.w,
66 .field = w32.field,
67 .chromakey = w32.chromakey,
68 .clips = (void __force *)compat_ptr(w32.clips),
69 .clipcount = w32.clipcount,
70 .bitmap = compat_ptr(w32.bitmap),
71 .global_alpha = w32.global_alpha,
72 };
73
74 if (p64->clipcount > 2048)
75 return -EINVAL;
76 if (!p64->clipcount)
77 p64->clips = NULL;
78
79 return 0;
80 }
81
put_v4l2_window32(struct v4l2_window * p64,struct v4l2_window32 __user * p32)82 static int put_v4l2_window32(struct v4l2_window *p64,
83 struct v4l2_window32 __user *p32)
84 {
85 struct v4l2_window32 w32;
86
87 memset(&w32, 0, sizeof(w32));
88 w32 = (struct v4l2_window32) {
89 .w = p64->w,
90 .field = p64->field,
91 .chromakey = p64->chromakey,
92 .clips = (uintptr_t)p64->clips,
93 .clipcount = p64->clipcount,
94 .bitmap = ptr_to_compat(p64->bitmap),
95 .global_alpha = p64->global_alpha,
96 };
97
98 /* copy everything except the clips pointer */
99 if (copy_to_user(p32, &w32, offsetof(struct v4l2_window32, clips)) ||
100 copy_to_user(&p32->clipcount, &w32.clipcount,
101 sizeof(w32) - offsetof(struct v4l2_window32, clipcount)))
102 return -EFAULT;
103
104 return 0;
105 }
106
107 struct v4l2_format32 {
108 __u32 type; /* enum v4l2_buf_type */
109 union {
110 struct v4l2_pix_format pix;
111 struct v4l2_pix_format_mplane pix_mp;
112 struct v4l2_window32 win;
113 struct v4l2_vbi_format vbi;
114 struct v4l2_sliced_vbi_format sliced;
115 struct v4l2_sdr_format sdr;
116 struct v4l2_meta_format meta;
117 __u8 raw_data[200]; /* user-defined */
118 } fmt;
119 };
120
121 /**
122 * struct v4l2_create_buffers32 - VIDIOC_CREATE_BUFS32 argument
123 * @index: on return, index of the first created buffer
124 * @count: entry: number of requested buffers,
125 * return: number of created buffers
126 * @memory: buffer memory type
127 * @format: frame format, for which buffers are requested
128 * @capabilities: capabilities of this buffer type.
129 * @flags: additional buffer management attributes (ignored unless the
130 * queue has V4L2_BUF_CAP_SUPPORTS_MMAP_CACHE_HINTS capability and
131 * configured for MMAP streaming I/O).
132 * @reserved: future extensions
133 */
134 struct v4l2_create_buffers32 {
135 __u32 index;
136 __u32 count;
137 __u32 memory; /* enum v4l2_memory */
138 struct v4l2_format32 format;
139 __u32 capabilities;
140 __u32 flags;
141 __u32 reserved[6];
142 };
143
get_v4l2_format32(struct v4l2_format * p64,struct v4l2_format32 __user * p32)144 static int get_v4l2_format32(struct v4l2_format *p64,
145 struct v4l2_format32 __user *p32)
146 {
147 if (get_user(p64->type, &p32->type))
148 return -EFAULT;
149
150 switch (p64->type) {
151 case V4L2_BUF_TYPE_VIDEO_CAPTURE:
152 case V4L2_BUF_TYPE_VIDEO_OUTPUT:
153 return copy_from_user(&p64->fmt.pix, &p32->fmt.pix,
154 sizeof(p64->fmt.pix)) ? -EFAULT : 0;
155 case V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE:
156 case V4L2_BUF_TYPE_VIDEO_OUTPUT_MPLANE:
157 return copy_from_user(&p64->fmt.pix_mp, &p32->fmt.pix_mp,
158 sizeof(p64->fmt.pix_mp)) ? -EFAULT : 0;
159 case V4L2_BUF_TYPE_VIDEO_OVERLAY:
160 case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY:
161 return get_v4l2_window32(&p64->fmt.win, &p32->fmt.win);
162 case V4L2_BUF_TYPE_VBI_CAPTURE:
163 case V4L2_BUF_TYPE_VBI_OUTPUT:
164 return copy_from_user(&p64->fmt.vbi, &p32->fmt.vbi,
165 sizeof(p64->fmt.vbi)) ? -EFAULT : 0;
166 case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE:
167 case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT:
168 return copy_from_user(&p64->fmt.sliced, &p32->fmt.sliced,
169 sizeof(p64->fmt.sliced)) ? -EFAULT : 0;
170 case V4L2_BUF_TYPE_SDR_CAPTURE:
171 case V4L2_BUF_TYPE_SDR_OUTPUT:
172 return copy_from_user(&p64->fmt.sdr, &p32->fmt.sdr,
173 sizeof(p64->fmt.sdr)) ? -EFAULT : 0;
174 case V4L2_BUF_TYPE_META_CAPTURE:
175 case V4L2_BUF_TYPE_META_OUTPUT:
176 return copy_from_user(&p64->fmt.meta, &p32->fmt.meta,
177 sizeof(p64->fmt.meta)) ? -EFAULT : 0;
178 default:
179 return -EINVAL;
180 }
181 }
182
get_v4l2_create32(struct v4l2_create_buffers * p64,struct v4l2_create_buffers32 __user * p32)183 static int get_v4l2_create32(struct v4l2_create_buffers *p64,
184 struct v4l2_create_buffers32 __user *p32)
185 {
186 if (copy_from_user(p64, p32,
187 offsetof(struct v4l2_create_buffers32, format)))
188 return -EFAULT;
189 if (copy_from_user(&p64->flags, &p32->flags, sizeof(p32->flags)))
190 return -EFAULT;
191 return get_v4l2_format32(&p64->format, &p32->format);
192 }
193
put_v4l2_format32(struct v4l2_format * p64,struct v4l2_format32 __user * p32)194 static int put_v4l2_format32(struct v4l2_format *p64,
195 struct v4l2_format32 __user *p32)
196 {
197 switch (p64->type) {
198 case V4L2_BUF_TYPE_VIDEO_CAPTURE:
199 case V4L2_BUF_TYPE_VIDEO_OUTPUT:
200 return copy_to_user(&p32->fmt.pix, &p64->fmt.pix,
201 sizeof(p64->fmt.pix)) ? -EFAULT : 0;
202 case V4L2_BUF_TYPE_VIDEO_CAPTURE_MPLANE:
203 case V4L2_BUF_TYPE_VIDEO_OUTPUT_MPLANE:
204 return copy_to_user(&p32->fmt.pix_mp, &p64->fmt.pix_mp,
205 sizeof(p64->fmt.pix_mp)) ? -EFAULT : 0;
206 case V4L2_BUF_TYPE_VIDEO_OVERLAY:
207 case V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY:
208 return put_v4l2_window32(&p64->fmt.win, &p32->fmt.win);
209 case V4L2_BUF_TYPE_VBI_CAPTURE:
210 case V4L2_BUF_TYPE_VBI_OUTPUT:
211 return copy_to_user(&p32->fmt.vbi, &p64->fmt.vbi,
212 sizeof(p64->fmt.vbi)) ? -EFAULT : 0;
213 case V4L2_BUF_TYPE_SLICED_VBI_CAPTURE:
214 case V4L2_BUF_TYPE_SLICED_VBI_OUTPUT:
215 return copy_to_user(&p32->fmt.sliced, &p64->fmt.sliced,
216 sizeof(p64->fmt.sliced)) ? -EFAULT : 0;
217 case V4L2_BUF_TYPE_SDR_CAPTURE:
218 case V4L2_BUF_TYPE_SDR_OUTPUT:
219 return copy_to_user(&p32->fmt.sdr, &p64->fmt.sdr,
220 sizeof(p64->fmt.sdr)) ? -EFAULT : 0;
221 case V4L2_BUF_TYPE_META_CAPTURE:
222 case V4L2_BUF_TYPE_META_OUTPUT:
223 return copy_to_user(&p32->fmt.meta, &p64->fmt.meta,
224 sizeof(p64->fmt.meta)) ? -EFAULT : 0;
225 default:
226 return -EINVAL;
227 }
228 }
229
put_v4l2_create32(struct v4l2_create_buffers * p64,struct v4l2_create_buffers32 __user * p32)230 static int put_v4l2_create32(struct v4l2_create_buffers *p64,
231 struct v4l2_create_buffers32 __user *p32)
232 {
233 if (copy_to_user(p32, p64,
234 offsetof(struct v4l2_create_buffers32, format)) ||
235 put_user(p64->capabilities, &p32->capabilities) ||
236 put_user(p64->flags, &p32->flags) ||
237 copy_to_user(p32->reserved, p64->reserved, sizeof(p64->reserved)))
238 return -EFAULT;
239 return put_v4l2_format32(&p64->format, &p32->format);
240 }
241
242 struct v4l2_standard32 {
243 __u32 index;
244 compat_u64 id;
245 __u8 name[24];
246 struct v4l2_fract frameperiod; /* Frames, not fields */
247 __u32 framelines;
248 __u32 reserved[4];
249 };
250
get_v4l2_standard32(struct v4l2_standard * p64,struct v4l2_standard32 __user * p32)251 static int get_v4l2_standard32(struct v4l2_standard *p64,
252 struct v4l2_standard32 __user *p32)
253 {
254 /* other fields are not set by the user, nor used by the driver */
255 return get_user(p64->index, &p32->index);
256 }
257
put_v4l2_standard32(struct v4l2_standard * p64,struct v4l2_standard32 __user * p32)258 static int put_v4l2_standard32(struct v4l2_standard *p64,
259 struct v4l2_standard32 __user *p32)
260 {
261 if (put_user(p64->index, &p32->index) ||
262 put_user(p64->id, &p32->id) ||
263 copy_to_user(p32->name, p64->name, sizeof(p32->name)) ||
264 copy_to_user(&p32->frameperiod, &p64->frameperiod,
265 sizeof(p32->frameperiod)) ||
266 put_user(p64->framelines, &p32->framelines) ||
267 copy_to_user(p32->reserved, p64->reserved, sizeof(p32->reserved)))
268 return -EFAULT;
269 return 0;
270 }
271
272 struct v4l2_plane32 {
273 __u32 bytesused;
274 __u32 length;
275 union {
276 __u32 mem_offset;
277 compat_long_t userptr;
278 __s32 fd;
279 } m;
280 __u32 data_offset;
281 __u32 reserved[11];
282 };
283
284 /*
285 * This is correct for all architectures including i386, but not x32,
286 * which has different alignment requirements for timestamp
287 */
288 struct v4l2_buffer32 {
289 __u32 index;
290 __u32 type; /* enum v4l2_buf_type */
291 __u32 bytesused;
292 __u32 flags;
293 __u32 field; /* enum v4l2_field */
294 struct {
295 compat_s64 tv_sec;
296 compat_s64 tv_usec;
297 } timestamp;
298 struct v4l2_timecode timecode;
299 __u32 sequence;
300
301 /* memory location */
302 __u32 memory; /* enum v4l2_memory */
303 union {
304 __u32 offset;
305 compat_long_t userptr;
306 compat_caddr_t planes;
307 __s32 fd;
308 } m;
309 __u32 length;
310 __u32 reserved2;
311 __s32 request_fd;
312 };
313
314 #ifdef CONFIG_COMPAT_32BIT_TIME
315 struct v4l2_buffer32_time32 {
316 __u32 index;
317 __u32 type; /* enum v4l2_buf_type */
318 __u32 bytesused;
319 __u32 flags;
320 __u32 field; /* enum v4l2_field */
321 struct old_timeval32 timestamp;
322 struct v4l2_timecode timecode;
323 __u32 sequence;
324
325 /* memory location */
326 __u32 memory; /* enum v4l2_memory */
327 union {
328 __u32 offset;
329 compat_long_t userptr;
330 compat_caddr_t planes;
331 __s32 fd;
332 } m;
333 __u32 length;
334 __u32 reserved2;
335 __s32 request_fd;
336 };
337 #endif
338
get_v4l2_plane32(struct v4l2_plane * p64,struct v4l2_plane32 __user * p32,enum v4l2_memory memory)339 static int get_v4l2_plane32(struct v4l2_plane *p64,
340 struct v4l2_plane32 __user *p32,
341 enum v4l2_memory memory)
342 {
343 struct v4l2_plane32 plane32;
344 typeof(p64->m) m = {};
345
346 if (copy_from_user(&plane32, p32, sizeof(plane32)))
347 return -EFAULT;
348
349 switch (memory) {
350 case V4L2_MEMORY_MMAP:
351 case V4L2_MEMORY_OVERLAY:
352 m.mem_offset = plane32.m.mem_offset;
353 break;
354 case V4L2_MEMORY_USERPTR:
355 m.userptr = (unsigned long)compat_ptr(plane32.m.userptr);
356 break;
357 case V4L2_MEMORY_DMABUF:
358 m.fd = plane32.m.fd;
359 break;
360 }
361
362 memset(p64, 0, sizeof(*p64));
363 *p64 = (struct v4l2_plane) {
364 .bytesused = plane32.bytesused,
365 .length = plane32.length,
366 .m = m,
367 .data_offset = plane32.data_offset,
368 };
369
370 return 0;
371 }
372
put_v4l2_plane32(struct v4l2_plane * p64,struct v4l2_plane32 __user * p32,enum v4l2_memory memory)373 static int put_v4l2_plane32(struct v4l2_plane *p64,
374 struct v4l2_plane32 __user *p32,
375 enum v4l2_memory memory)
376 {
377 struct v4l2_plane32 plane32;
378
379 memset(&plane32, 0, sizeof(plane32));
380 plane32 = (struct v4l2_plane32) {
381 .bytesused = p64->bytesused,
382 .length = p64->length,
383 .data_offset = p64->data_offset,
384 };
385
386 switch (memory) {
387 case V4L2_MEMORY_MMAP:
388 case V4L2_MEMORY_OVERLAY:
389 plane32.m.mem_offset = p64->m.mem_offset;
390 break;
391 case V4L2_MEMORY_USERPTR:
392 plane32.m.userptr = (uintptr_t)(p64->m.userptr);
393 break;
394 case V4L2_MEMORY_DMABUF:
395 plane32.m.fd = p64->m.fd;
396 break;
397 }
398
399 if (copy_to_user(p32, &plane32, sizeof(plane32)))
400 return -EFAULT;
401
402 return 0;
403 }
404
get_v4l2_buffer32(struct v4l2_buffer * vb,struct v4l2_buffer32 __user * arg)405 static int get_v4l2_buffer32(struct v4l2_buffer *vb,
406 struct v4l2_buffer32 __user *arg)
407 {
408 struct v4l2_buffer32 vb32;
409
410 if (copy_from_user(&vb32, arg, sizeof(vb32)))
411 return -EFAULT;
412
413 memset(vb, 0, sizeof(*vb));
414 *vb = (struct v4l2_buffer) {
415 .index = vb32.index,
416 .type = vb32.type,
417 .bytesused = vb32.bytesused,
418 .flags = vb32.flags,
419 .field = vb32.field,
420 .timestamp.tv_sec = vb32.timestamp.tv_sec,
421 .timestamp.tv_usec = vb32.timestamp.tv_usec,
422 .timecode = vb32.timecode,
423 .sequence = vb32.sequence,
424 .memory = vb32.memory,
425 .m.offset = vb32.m.offset,
426 .length = vb32.length,
427 .request_fd = vb32.request_fd,
428 };
429
430 switch (vb->memory) {
431 case V4L2_MEMORY_MMAP:
432 case V4L2_MEMORY_OVERLAY:
433 vb->m.offset = vb32.m.offset;
434 break;
435 case V4L2_MEMORY_USERPTR:
436 vb->m.userptr = (unsigned long)compat_ptr(vb32.m.userptr);
437 break;
438 case V4L2_MEMORY_DMABUF:
439 vb->m.fd = vb32.m.fd;
440 break;
441 }
442
443 if (V4L2_TYPE_IS_MULTIPLANAR(vb->type))
444 vb->m.planes = (void __force *)
445 compat_ptr(vb32.m.planes);
446
447 return 0;
448 }
449
450 #ifdef CONFIG_COMPAT_32BIT_TIME
get_v4l2_buffer32_time32(struct v4l2_buffer * vb,struct v4l2_buffer32_time32 __user * arg)451 static int get_v4l2_buffer32_time32(struct v4l2_buffer *vb,
452 struct v4l2_buffer32_time32 __user *arg)
453 {
454 struct v4l2_buffer32_time32 vb32;
455
456 if (copy_from_user(&vb32, arg, sizeof(vb32)))
457 return -EFAULT;
458
459 *vb = (struct v4l2_buffer) {
460 .index = vb32.index,
461 .type = vb32.type,
462 .bytesused = vb32.bytesused,
463 .flags = vb32.flags,
464 .field = vb32.field,
465 .timestamp.tv_sec = vb32.timestamp.tv_sec,
466 .timestamp.tv_usec = vb32.timestamp.tv_usec,
467 .timecode = vb32.timecode,
468 .sequence = vb32.sequence,
469 .memory = vb32.memory,
470 .m.offset = vb32.m.offset,
471 .length = vb32.length,
472 .request_fd = vb32.request_fd,
473 };
474 switch (vb->memory) {
475 case V4L2_MEMORY_MMAP:
476 case V4L2_MEMORY_OVERLAY:
477 vb->m.offset = vb32.m.offset;
478 break;
479 case V4L2_MEMORY_USERPTR:
480 vb->m.userptr = (unsigned long)compat_ptr(vb32.m.userptr);
481 break;
482 case V4L2_MEMORY_DMABUF:
483 vb->m.fd = vb32.m.fd;
484 break;
485 }
486
487 if (V4L2_TYPE_IS_MULTIPLANAR(vb->type))
488 vb->m.planes = (void __force *)
489 compat_ptr(vb32.m.planes);
490
491 return 0;
492 }
493 #endif
494
put_v4l2_buffer32(struct v4l2_buffer * vb,struct v4l2_buffer32 __user * arg)495 static int put_v4l2_buffer32(struct v4l2_buffer *vb,
496 struct v4l2_buffer32 __user *arg)
497 {
498 struct v4l2_buffer32 vb32;
499
500 memset(&vb32, 0, sizeof(vb32));
501 vb32 = (struct v4l2_buffer32) {
502 .index = vb->index,
503 .type = vb->type,
504 .bytesused = vb->bytesused,
505 .flags = vb->flags,
506 .field = vb->field,
507 .timestamp.tv_sec = vb->timestamp.tv_sec,
508 .timestamp.tv_usec = vb->timestamp.tv_usec,
509 .timecode = vb->timecode,
510 .sequence = vb->sequence,
511 .memory = vb->memory,
512 .m.offset = vb->m.offset,
513 .length = vb->length,
514 .request_fd = vb->request_fd,
515 };
516
517 switch (vb->memory) {
518 case V4L2_MEMORY_MMAP:
519 case V4L2_MEMORY_OVERLAY:
520 vb32.m.offset = vb->m.offset;
521 break;
522 case V4L2_MEMORY_USERPTR:
523 vb32.m.userptr = (uintptr_t)(vb->m.userptr);
524 break;
525 case V4L2_MEMORY_DMABUF:
526 vb32.m.fd = vb->m.fd;
527 break;
528 }
529
530 if (V4L2_TYPE_IS_MULTIPLANAR(vb->type))
531 vb32.m.planes = (uintptr_t)vb->m.planes;
532
533 if (copy_to_user(arg, &vb32, sizeof(vb32)))
534 return -EFAULT;
535
536 return 0;
537 }
538
539 #ifdef CONFIG_COMPAT_32BIT_TIME
put_v4l2_buffer32_time32(struct v4l2_buffer * vb,struct v4l2_buffer32_time32 __user * arg)540 static int put_v4l2_buffer32_time32(struct v4l2_buffer *vb,
541 struct v4l2_buffer32_time32 __user *arg)
542 {
543 struct v4l2_buffer32_time32 vb32;
544
545 memset(&vb32, 0, sizeof(vb32));
546 vb32 = (struct v4l2_buffer32_time32) {
547 .index = vb->index,
548 .type = vb->type,
549 .bytesused = vb->bytesused,
550 .flags = vb->flags,
551 .field = vb->field,
552 .timestamp.tv_sec = vb->timestamp.tv_sec,
553 .timestamp.tv_usec = vb->timestamp.tv_usec,
554 .timecode = vb->timecode,
555 .sequence = vb->sequence,
556 .memory = vb->memory,
557 .m.offset = vb->m.offset,
558 .length = vb->length,
559 .request_fd = vb->request_fd,
560 };
561 switch (vb->memory) {
562 case V4L2_MEMORY_MMAP:
563 case V4L2_MEMORY_OVERLAY:
564 vb32.m.offset = vb->m.offset;
565 break;
566 case V4L2_MEMORY_USERPTR:
567 vb32.m.userptr = (uintptr_t)(vb->m.userptr);
568 break;
569 case V4L2_MEMORY_DMABUF:
570 vb32.m.fd = vb->m.fd;
571 break;
572 }
573
574 if (V4L2_TYPE_IS_MULTIPLANAR(vb->type))
575 vb32.m.planes = (uintptr_t)vb->m.planes;
576
577 if (copy_to_user(arg, &vb32, sizeof(vb32)))
578 return -EFAULT;
579
580 return 0;
581 }
582 #endif
583
584 struct v4l2_framebuffer32 {
585 __u32 capability;
586 __u32 flags;
587 compat_caddr_t base;
588 struct {
589 __u32 width;
590 __u32 height;
591 __u32 pixelformat;
592 __u32 field;
593 __u32 bytesperline;
594 __u32 sizeimage;
595 __u32 colorspace;
596 __u32 priv;
597 } fmt;
598 };
599
get_v4l2_framebuffer32(struct v4l2_framebuffer * p64,struct v4l2_framebuffer32 __user * p32)600 static int get_v4l2_framebuffer32(struct v4l2_framebuffer *p64,
601 struct v4l2_framebuffer32 __user *p32)
602 {
603 compat_caddr_t tmp;
604
605 if (get_user(tmp, &p32->base) ||
606 get_user(p64->capability, &p32->capability) ||
607 get_user(p64->flags, &p32->flags) ||
608 copy_from_user(&p64->fmt, &p32->fmt, sizeof(p64->fmt)))
609 return -EFAULT;
610 p64->base = (void __force *)compat_ptr(tmp);
611
612 return 0;
613 }
614
put_v4l2_framebuffer32(struct v4l2_framebuffer * p64,struct v4l2_framebuffer32 __user * p32)615 static int put_v4l2_framebuffer32(struct v4l2_framebuffer *p64,
616 struct v4l2_framebuffer32 __user *p32)
617 {
618 if (put_user((uintptr_t)p64->base, &p32->base) ||
619 put_user(p64->capability, &p32->capability) ||
620 put_user(p64->flags, &p32->flags) ||
621 copy_to_user(&p32->fmt, &p64->fmt, sizeof(p64->fmt)))
622 return -EFAULT;
623
624 return 0;
625 }
626
627 struct v4l2_input32 {
628 __u32 index; /* Which input */
629 __u8 name[32]; /* Label */
630 __u32 type; /* Type of input */
631 __u32 audioset; /* Associated audios (bitfield) */
632 __u32 tuner; /* Associated tuner */
633 compat_u64 std;
634 __u32 status;
635 __u32 capabilities;
636 __u32 reserved[3];
637 };
638
639 /*
640 * The 64-bit v4l2_input struct has extra padding at the end of the struct.
641 * Otherwise it is identical to the 32-bit version.
642 */
get_v4l2_input32(struct v4l2_input * p64,struct v4l2_input32 __user * p32)643 static inline int get_v4l2_input32(struct v4l2_input *p64,
644 struct v4l2_input32 __user *p32)
645 {
646 if (copy_from_user(p64, p32, sizeof(*p32)))
647 return -EFAULT;
648 return 0;
649 }
650
put_v4l2_input32(struct v4l2_input * p64,struct v4l2_input32 __user * p32)651 static inline int put_v4l2_input32(struct v4l2_input *p64,
652 struct v4l2_input32 __user *p32)
653 {
654 if (copy_to_user(p32, p64, sizeof(*p32)))
655 return -EFAULT;
656 return 0;
657 }
658
659 struct v4l2_ext_controls32 {
660 __u32 which;
661 __u32 count;
662 __u32 error_idx;
663 __s32 request_fd;
664 __u32 reserved[1];
665 compat_caddr_t controls; /* actually struct v4l2_ext_control32 * */
666 };
667
668 struct v4l2_ext_control32 {
669 __u32 id;
670 __u32 size;
671 __u32 reserved2[1];
672 union {
673 __s32 value;
674 __s64 value64;
675 compat_caddr_t string; /* actually char * */
676 };
677 } __attribute__ ((packed));
678
679 /* Return true if this control is a pointer type. */
ctrl_is_pointer(struct file * file,u32 id)680 static inline bool ctrl_is_pointer(struct file *file, u32 id)
681 {
682 struct video_device *vdev = video_devdata(file);
683 struct v4l2_fh *fh = NULL;
684 struct v4l2_ctrl_handler *hdl = NULL;
685 struct v4l2_query_ext_ctrl qec = { id };
686 const struct v4l2_ioctl_ops *ops = vdev->ioctl_ops;
687
688 if (test_bit(V4L2_FL_USES_V4L2_FH, &vdev->flags))
689 fh = file->private_data;
690
691 if (fh && fh->ctrl_handler)
692 hdl = fh->ctrl_handler;
693 else if (vdev->ctrl_handler)
694 hdl = vdev->ctrl_handler;
695
696 if (hdl) {
697 struct v4l2_ctrl *ctrl = v4l2_ctrl_find(hdl, id);
698
699 return ctrl && ctrl->is_ptr;
700 }
701
702 if (!ops || !ops->vidioc_query_ext_ctrl)
703 return false;
704
705 return !ops->vidioc_query_ext_ctrl(file, fh, &qec) &&
706 (qec.flags & V4L2_CTRL_FLAG_HAS_PAYLOAD);
707 }
708
get_v4l2_ext_controls32(struct v4l2_ext_controls * p64,struct v4l2_ext_controls32 __user * p32)709 static int get_v4l2_ext_controls32(struct v4l2_ext_controls *p64,
710 struct v4l2_ext_controls32 __user *p32)
711 {
712 struct v4l2_ext_controls32 ec32;
713
714 if (copy_from_user(&ec32, p32, sizeof(ec32)))
715 return -EFAULT;
716
717 *p64 = (struct v4l2_ext_controls) {
718 .which = ec32.which,
719 .count = ec32.count,
720 .error_idx = ec32.error_idx,
721 .request_fd = ec32.request_fd,
722 .reserved[0] = ec32.reserved[0],
723 .controls = (void __force *)compat_ptr(ec32.controls),
724 };
725
726 return 0;
727 }
728
put_v4l2_ext_controls32(struct v4l2_ext_controls * p64,struct v4l2_ext_controls32 __user * p32)729 static int put_v4l2_ext_controls32(struct v4l2_ext_controls *p64,
730 struct v4l2_ext_controls32 __user *p32)
731 {
732 struct v4l2_ext_controls32 ec32;
733
734 memset(&ec32, 0, sizeof(ec32));
735 ec32 = (struct v4l2_ext_controls32) {
736 .which = p64->which,
737 .count = p64->count,
738 .error_idx = p64->error_idx,
739 .request_fd = p64->request_fd,
740 .reserved[0] = p64->reserved[0],
741 .controls = (uintptr_t)p64->controls,
742 };
743
744 if (copy_to_user(p32, &ec32, sizeof(ec32)))
745 return -EFAULT;
746
747 return 0;
748 }
749
750 #ifdef CONFIG_X86_64
751 /*
752 * x86 is the only compat architecture with different struct alignment
753 * between 32-bit and 64-bit tasks.
754 */
755 struct v4l2_event32 {
756 __u32 type;
757 union {
758 compat_s64 value64;
759 __u8 data[64];
760 } u;
761 __u32 pending;
762 __u32 sequence;
763 struct {
764 compat_s64 tv_sec;
765 compat_s64 tv_nsec;
766 } timestamp;
767 __u32 id;
768 __u32 reserved[8];
769 };
770
put_v4l2_event32(struct v4l2_event * p64,struct v4l2_event32 __user * p32)771 static int put_v4l2_event32(struct v4l2_event *p64,
772 struct v4l2_event32 __user *p32)
773 {
774 if (put_user(p64->type, &p32->type) ||
775 copy_to_user(&p32->u, &p64->u, sizeof(p64->u)) ||
776 put_user(p64->pending, &p32->pending) ||
777 put_user(p64->sequence, &p32->sequence) ||
778 put_user(p64->timestamp.tv_sec, &p32->timestamp.tv_sec) ||
779 put_user(p64->timestamp.tv_nsec, &p32->timestamp.tv_nsec) ||
780 put_user(p64->id, &p32->id) ||
781 copy_to_user(p32->reserved, p64->reserved, sizeof(p32->reserved)))
782 return -EFAULT;
783 return 0;
784 }
785
786 #endif
787
788 #ifdef CONFIG_COMPAT_32BIT_TIME
789 struct v4l2_event32_time32 {
790 __u32 type;
791 union {
792 compat_s64 value64;
793 __u8 data[64];
794 } u;
795 __u32 pending;
796 __u32 sequence;
797 struct old_timespec32 timestamp;
798 __u32 id;
799 __u32 reserved[8];
800 };
801
put_v4l2_event32_time32(struct v4l2_event * p64,struct v4l2_event32_time32 __user * p32)802 static int put_v4l2_event32_time32(struct v4l2_event *p64,
803 struct v4l2_event32_time32 __user *p32)
804 {
805 if (put_user(p64->type, &p32->type) ||
806 copy_to_user(&p32->u, &p64->u, sizeof(p64->u)) ||
807 put_user(p64->pending, &p32->pending) ||
808 put_user(p64->sequence, &p32->sequence) ||
809 put_user(p64->timestamp.tv_sec, &p32->timestamp.tv_sec) ||
810 put_user(p64->timestamp.tv_nsec, &p32->timestamp.tv_nsec) ||
811 put_user(p64->id, &p32->id) ||
812 copy_to_user(p32->reserved, p64->reserved, sizeof(p32->reserved)))
813 return -EFAULT;
814 return 0;
815 }
816 #endif
817
818 struct v4l2_edid32 {
819 __u32 pad;
820 __u32 start_block;
821 __u32 blocks;
822 __u32 reserved[5];
823 compat_caddr_t edid;
824 };
825
get_v4l2_edid32(struct v4l2_edid * p64,struct v4l2_edid32 __user * p32)826 static int get_v4l2_edid32(struct v4l2_edid *p64,
827 struct v4l2_edid32 __user *p32)
828 {
829 compat_uptr_t edid;
830
831 if (copy_from_user(p64, p32, offsetof(struct v4l2_edid32, edid)) ||
832 get_user(edid, &p32->edid))
833 return -EFAULT;
834
835 p64->edid = (void __force *)compat_ptr(edid);
836 return 0;
837 }
838
put_v4l2_edid32(struct v4l2_edid * p64,struct v4l2_edid32 __user * p32)839 static int put_v4l2_edid32(struct v4l2_edid *p64,
840 struct v4l2_edid32 __user *p32)
841 {
842 if (copy_to_user(p32, p64, offsetof(struct v4l2_edid32, edid)))
843 return -EFAULT;
844 return 0;
845 }
846
847 /*
848 * List of ioctls that require 32-bits/64-bits conversion
849 *
850 * The V4L2 ioctls that aren't listed there don't have pointer arguments
851 * and the struct size is identical for both 32 and 64 bits versions, so
852 * they don't need translations.
853 */
854
855 #define VIDIOC_G_FMT32 _IOWR('V', 4, struct v4l2_format32)
856 #define VIDIOC_S_FMT32 _IOWR('V', 5, struct v4l2_format32)
857 #define VIDIOC_QUERYBUF32 _IOWR('V', 9, struct v4l2_buffer32)
858 #define VIDIOC_G_FBUF32 _IOR ('V', 10, struct v4l2_framebuffer32)
859 #define VIDIOC_S_FBUF32 _IOW ('V', 11, struct v4l2_framebuffer32)
860 #define VIDIOC_QBUF32 _IOWR('V', 15, struct v4l2_buffer32)
861 #define VIDIOC_DQBUF32 _IOWR('V', 17, struct v4l2_buffer32)
862 #define VIDIOC_ENUMSTD32 _IOWR('V', 25, struct v4l2_standard32)
863 #define VIDIOC_ENUMINPUT32 _IOWR('V', 26, struct v4l2_input32)
864 #define VIDIOC_G_EDID32 _IOWR('V', 40, struct v4l2_edid32)
865 #define VIDIOC_S_EDID32 _IOWR('V', 41, struct v4l2_edid32)
866 #define VIDIOC_TRY_FMT32 _IOWR('V', 64, struct v4l2_format32)
867 #define VIDIOC_G_EXT_CTRLS32 _IOWR('V', 71, struct v4l2_ext_controls32)
868 #define VIDIOC_S_EXT_CTRLS32 _IOWR('V', 72, struct v4l2_ext_controls32)
869 #define VIDIOC_TRY_EXT_CTRLS32 _IOWR('V', 73, struct v4l2_ext_controls32)
870 #define VIDIOC_DQEVENT32 _IOR ('V', 89, struct v4l2_event32)
871 #define VIDIOC_CREATE_BUFS32 _IOWR('V', 92, struct v4l2_create_buffers32)
872 #define VIDIOC_PREPARE_BUF32 _IOWR('V', 93, struct v4l2_buffer32)
873
874 #ifdef CONFIG_COMPAT_32BIT_TIME
875 #define VIDIOC_QUERYBUF32_TIME32 _IOWR('V', 9, struct v4l2_buffer32_time32)
876 #define VIDIOC_QBUF32_TIME32 _IOWR('V', 15, struct v4l2_buffer32_time32)
877 #define VIDIOC_DQBUF32_TIME32 _IOWR('V', 17, struct v4l2_buffer32_time32)
878 #define VIDIOC_DQEVENT32_TIME32 _IOR ('V', 89, struct v4l2_event32_time32)
879 #define VIDIOC_PREPARE_BUF32_TIME32 _IOWR('V', 93, struct v4l2_buffer32_time32)
880 #endif
881
v4l2_compat_translate_cmd(unsigned int cmd)882 unsigned int v4l2_compat_translate_cmd(unsigned int cmd)
883 {
884 switch (cmd) {
885 case VIDIOC_G_FMT32:
886 return VIDIOC_G_FMT;
887 case VIDIOC_S_FMT32:
888 return VIDIOC_S_FMT;
889 case VIDIOC_TRY_FMT32:
890 return VIDIOC_TRY_FMT;
891 case VIDIOC_G_FBUF32:
892 return VIDIOC_G_FBUF;
893 case VIDIOC_S_FBUF32:
894 return VIDIOC_S_FBUF;
895 #ifdef CONFIG_COMPAT_32BIT_TIME
896 case VIDIOC_QUERYBUF32_TIME32:
897 return VIDIOC_QUERYBUF;
898 case VIDIOC_QBUF32_TIME32:
899 return VIDIOC_QBUF;
900 case VIDIOC_DQBUF32_TIME32:
901 return VIDIOC_DQBUF;
902 case VIDIOC_PREPARE_BUF32_TIME32:
903 return VIDIOC_PREPARE_BUF;
904 #endif
905 case VIDIOC_QUERYBUF32:
906 return VIDIOC_QUERYBUF;
907 case VIDIOC_QBUF32:
908 return VIDIOC_QBUF;
909 case VIDIOC_DQBUF32:
910 return VIDIOC_DQBUF;
911 case VIDIOC_CREATE_BUFS32:
912 return VIDIOC_CREATE_BUFS;
913 case VIDIOC_G_EXT_CTRLS32:
914 return VIDIOC_G_EXT_CTRLS;
915 case VIDIOC_S_EXT_CTRLS32:
916 return VIDIOC_S_EXT_CTRLS;
917 case VIDIOC_TRY_EXT_CTRLS32:
918 return VIDIOC_TRY_EXT_CTRLS;
919 case VIDIOC_PREPARE_BUF32:
920 return VIDIOC_PREPARE_BUF;
921 case VIDIOC_ENUMSTD32:
922 return VIDIOC_ENUMSTD;
923 case VIDIOC_ENUMINPUT32:
924 return VIDIOC_ENUMINPUT;
925 case VIDIOC_G_EDID32:
926 return VIDIOC_G_EDID;
927 case VIDIOC_S_EDID32:
928 return VIDIOC_S_EDID;
929 #ifdef CONFIG_X86_64
930 case VIDIOC_DQEVENT32:
931 return VIDIOC_DQEVENT;
932 #endif
933 #ifdef CONFIG_COMPAT_32BIT_TIME
934 case VIDIOC_DQEVENT32_TIME32:
935 return VIDIOC_DQEVENT;
936 #endif
937 }
938 return cmd;
939 }
940
v4l2_compat_get_user(void __user * arg,void * parg,unsigned int cmd)941 int v4l2_compat_get_user(void __user *arg, void *parg, unsigned int cmd)
942 {
943 switch (cmd) {
944 case VIDIOC_G_FMT32:
945 case VIDIOC_S_FMT32:
946 case VIDIOC_TRY_FMT32:
947 return get_v4l2_format32(parg, arg);
948
949 case VIDIOC_S_FBUF32:
950 return get_v4l2_framebuffer32(parg, arg);
951 #ifdef CONFIG_COMPAT_32BIT_TIME
952 case VIDIOC_QUERYBUF32_TIME32:
953 case VIDIOC_QBUF32_TIME32:
954 case VIDIOC_DQBUF32_TIME32:
955 case VIDIOC_PREPARE_BUF32_TIME32:
956 return get_v4l2_buffer32_time32(parg, arg);
957 #endif
958 case VIDIOC_QUERYBUF32:
959 case VIDIOC_QBUF32:
960 case VIDIOC_DQBUF32:
961 case VIDIOC_PREPARE_BUF32:
962 return get_v4l2_buffer32(parg, arg);
963
964 case VIDIOC_G_EXT_CTRLS32:
965 case VIDIOC_S_EXT_CTRLS32:
966 case VIDIOC_TRY_EXT_CTRLS32:
967 return get_v4l2_ext_controls32(parg, arg);
968
969 case VIDIOC_CREATE_BUFS32:
970 return get_v4l2_create32(parg, arg);
971
972 case VIDIOC_ENUMSTD32:
973 return get_v4l2_standard32(parg, arg);
974
975 case VIDIOC_ENUMINPUT32:
976 return get_v4l2_input32(parg, arg);
977
978 case VIDIOC_G_EDID32:
979 case VIDIOC_S_EDID32:
980 return get_v4l2_edid32(parg, arg);
981 }
982 return 0;
983 }
984
v4l2_compat_put_user(void __user * arg,void * parg,unsigned int cmd)985 int v4l2_compat_put_user(void __user *arg, void *parg, unsigned int cmd)
986 {
987 switch (cmd) {
988 case VIDIOC_G_FMT32:
989 case VIDIOC_S_FMT32:
990 case VIDIOC_TRY_FMT32:
991 return put_v4l2_format32(parg, arg);
992
993 case VIDIOC_G_FBUF32:
994 return put_v4l2_framebuffer32(parg, arg);
995 #ifdef CONFIG_COMPAT_32BIT_TIME
996 case VIDIOC_QUERYBUF32_TIME32:
997 case VIDIOC_QBUF32_TIME32:
998 case VIDIOC_DQBUF32_TIME32:
999 case VIDIOC_PREPARE_BUF32_TIME32:
1000 return put_v4l2_buffer32_time32(parg, arg);
1001 #endif
1002 case VIDIOC_QUERYBUF32:
1003 case VIDIOC_QBUF32:
1004 case VIDIOC_DQBUF32:
1005 case VIDIOC_PREPARE_BUF32:
1006 return put_v4l2_buffer32(parg, arg);
1007
1008 case VIDIOC_G_EXT_CTRLS32:
1009 case VIDIOC_S_EXT_CTRLS32:
1010 case VIDIOC_TRY_EXT_CTRLS32:
1011 return put_v4l2_ext_controls32(parg, arg);
1012
1013 case VIDIOC_CREATE_BUFS32:
1014 return put_v4l2_create32(parg, arg);
1015
1016 case VIDIOC_ENUMSTD32:
1017 return put_v4l2_standard32(parg, arg);
1018
1019 case VIDIOC_ENUMINPUT32:
1020 return put_v4l2_input32(parg, arg);
1021
1022 case VIDIOC_G_EDID32:
1023 case VIDIOC_S_EDID32:
1024 return put_v4l2_edid32(parg, arg);
1025 #ifdef CONFIG_X86_64
1026 case VIDIOC_DQEVENT32:
1027 return put_v4l2_event32(parg, arg);
1028 #endif
1029 #ifdef CONFIG_COMPAT_32BIT_TIME
1030 case VIDIOC_DQEVENT32_TIME32:
1031 return put_v4l2_event32_time32(parg, arg);
1032 #endif
1033 }
1034 return 0;
1035 }
1036
v4l2_compat_get_array_args(struct file * file,void * mbuf,void __user * user_ptr,size_t array_size,unsigned int cmd,void * arg)1037 int v4l2_compat_get_array_args(struct file *file, void *mbuf,
1038 void __user *user_ptr, size_t array_size,
1039 unsigned int cmd, void *arg)
1040 {
1041 int err = 0;
1042
1043 memset(mbuf, 0, array_size);
1044
1045 switch (cmd) {
1046 case VIDIOC_G_FMT32:
1047 case VIDIOC_S_FMT32:
1048 case VIDIOC_TRY_FMT32: {
1049 struct v4l2_format *f64 = arg;
1050 struct v4l2_clip *c64 = mbuf;
1051 struct v4l2_clip32 __user *c32 = user_ptr;
1052 u32 clipcount = f64->fmt.win.clipcount;
1053
1054 if ((f64->type != V4L2_BUF_TYPE_VIDEO_OVERLAY &&
1055 f64->type != V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY) ||
1056 clipcount == 0)
1057 return 0;
1058 if (clipcount > 2048)
1059 return -EINVAL;
1060 while (clipcount--) {
1061 if (copy_from_user(c64, c32, sizeof(c64->c)))
1062 return -EFAULT;
1063 c64->next = NULL;
1064 c64++;
1065 c32++;
1066 }
1067 break;
1068 }
1069 #ifdef CONFIG_COMPAT_32BIT_TIME
1070 case VIDIOC_QUERYBUF32_TIME32:
1071 case VIDIOC_QBUF32_TIME32:
1072 case VIDIOC_DQBUF32_TIME32:
1073 case VIDIOC_PREPARE_BUF32_TIME32:
1074 #endif
1075 case VIDIOC_QUERYBUF32:
1076 case VIDIOC_QBUF32:
1077 case VIDIOC_DQBUF32:
1078 case VIDIOC_PREPARE_BUF32: {
1079 struct v4l2_buffer *b64 = arg;
1080 struct v4l2_plane *p64 = mbuf;
1081 struct v4l2_plane32 __user *p32 = user_ptr;
1082
1083 if (V4L2_TYPE_IS_MULTIPLANAR(b64->type)) {
1084 u32 num_planes = b64->length;
1085
1086 if (num_planes == 0)
1087 return 0;
1088
1089 while (num_planes--) {
1090 err = get_v4l2_plane32(p64, p32, b64->memory);
1091 if (err)
1092 return err;
1093 ++p64;
1094 ++p32;
1095 }
1096 }
1097 break;
1098 }
1099 case VIDIOC_G_EXT_CTRLS32:
1100 case VIDIOC_S_EXT_CTRLS32:
1101 case VIDIOC_TRY_EXT_CTRLS32: {
1102 struct v4l2_ext_controls *ecs64 = arg;
1103 struct v4l2_ext_control *ec64 = mbuf;
1104 struct v4l2_ext_control32 __user *ec32 = user_ptr;
1105 int n;
1106
1107 for (n = 0; n < ecs64->count; n++) {
1108 if (copy_from_user(ec64, ec32, sizeof(*ec32)))
1109 return -EFAULT;
1110
1111 if (ctrl_is_pointer(file, ec64->id)) {
1112 compat_uptr_t p;
1113
1114 if (get_user(p, &ec32->string))
1115 return -EFAULT;
1116 ec64->string = compat_ptr(p);
1117 }
1118 ec32++;
1119 ec64++;
1120 }
1121 break;
1122 }
1123 default:
1124 if (copy_from_user(mbuf, user_ptr, array_size))
1125 err = -EFAULT;
1126 break;
1127 }
1128
1129 return err;
1130 }
1131
v4l2_compat_put_array_args(struct file * file,void __user * user_ptr,void * mbuf,size_t array_size,unsigned int cmd,void * arg)1132 int v4l2_compat_put_array_args(struct file *file, void __user *user_ptr,
1133 void *mbuf, size_t array_size,
1134 unsigned int cmd, void *arg)
1135 {
1136 int err = 0;
1137
1138 switch (cmd) {
1139 case VIDIOC_G_FMT32:
1140 case VIDIOC_S_FMT32:
1141 case VIDIOC_TRY_FMT32: {
1142 struct v4l2_format *f64 = arg;
1143 struct v4l2_clip *c64 = mbuf;
1144 struct v4l2_clip32 __user *c32 = user_ptr;
1145 u32 clipcount = f64->fmt.win.clipcount;
1146
1147 if ((f64->type != V4L2_BUF_TYPE_VIDEO_OVERLAY &&
1148 f64->type != V4L2_BUF_TYPE_VIDEO_OUTPUT_OVERLAY) ||
1149 clipcount == 0)
1150 return 0;
1151 if (clipcount > 2048)
1152 return -EINVAL;
1153 while (clipcount--) {
1154 if (copy_to_user(c32, c64, sizeof(c64->c)))
1155 return -EFAULT;
1156 c64++;
1157 c32++;
1158 }
1159 break;
1160 }
1161 #ifdef CONFIG_COMPAT_32BIT_TIME
1162 case VIDIOC_QUERYBUF32_TIME32:
1163 case VIDIOC_QBUF32_TIME32:
1164 case VIDIOC_DQBUF32_TIME32:
1165 case VIDIOC_PREPARE_BUF32_TIME32:
1166 #endif
1167 case VIDIOC_QUERYBUF32:
1168 case VIDIOC_QBUF32:
1169 case VIDIOC_DQBUF32:
1170 case VIDIOC_PREPARE_BUF32: {
1171 struct v4l2_buffer *b64 = arg;
1172 struct v4l2_plane *p64 = mbuf;
1173 struct v4l2_plane32 __user *p32 = user_ptr;
1174
1175 if (V4L2_TYPE_IS_MULTIPLANAR(b64->type)) {
1176 u32 num_planes = b64->length;
1177
1178 if (num_planes == 0)
1179 return 0;
1180
1181 while (num_planes--) {
1182 err = put_v4l2_plane32(p64, p32, b64->memory);
1183 if (err)
1184 return err;
1185 ++p64;
1186 ++p32;
1187 }
1188 }
1189 break;
1190 }
1191 case VIDIOC_G_EXT_CTRLS32:
1192 case VIDIOC_S_EXT_CTRLS32:
1193 case VIDIOC_TRY_EXT_CTRLS32: {
1194 struct v4l2_ext_controls *ecs64 = arg;
1195 struct v4l2_ext_control *ec64 = mbuf;
1196 struct v4l2_ext_control32 __user *ec32 = user_ptr;
1197 int n;
1198
1199 for (n = 0; n < ecs64->count; n++) {
1200 unsigned int size = sizeof(*ec32);
1201 /*
1202 * Do not modify the pointer when copying a pointer
1203 * control. The contents of the pointer was changed,
1204 * not the pointer itself.
1205 * The structures are otherwise compatible.
1206 */
1207 if (ctrl_is_pointer(file, ec64->id))
1208 size -= sizeof(ec32->value64);
1209
1210 if (copy_to_user(ec32, ec64, size))
1211 return -EFAULT;
1212
1213 ec32++;
1214 ec64++;
1215 }
1216 break;
1217 }
1218 default:
1219 if (copy_to_user(user_ptr, mbuf, array_size))
1220 err = -EFAULT;
1221 break;
1222 }
1223
1224 return err;
1225 }
1226
1227 /**
1228 * v4l2_compat_ioctl32() - Handles a compat32 ioctl call
1229 *
1230 * @file: pointer to &struct file with the file handler
1231 * @cmd: ioctl to be called
1232 * @arg: arguments passed from/to the ioctl handler
1233 *
1234 * This function is meant to be used as .compat_ioctl fops at v4l2-dev.c
1235 * in order to deal with 32-bit calls on a 64-bits Kernel.
1236 *
1237 * This function calls do_video_ioctl() for non-private V4L2 ioctls.
1238 * If the function is a private one it calls vdev->fops->compat_ioctl32
1239 * instead.
1240 */
v4l2_compat_ioctl32(struct file * file,unsigned int cmd,unsigned long arg)1241 long v4l2_compat_ioctl32(struct file *file, unsigned int cmd, unsigned long arg)
1242 {
1243 struct video_device *vdev = video_devdata(file);
1244 long ret = -ENOIOCTLCMD;
1245
1246 if (!file->f_op->unlocked_ioctl)
1247 return ret;
1248
1249 if (!video_is_registered(vdev))
1250 return -ENODEV;
1251
1252 if (_IOC_TYPE(cmd) == 'V' && _IOC_NR(cmd) < BASE_VIDIOC_PRIVATE)
1253 ret = file->f_op->unlocked_ioctl(file, cmd,
1254 (unsigned long)compat_ptr(arg));
1255 else if (vdev->fops->compat_ioctl32)
1256 ret = vdev->fops->compat_ioctl32(file, cmd, arg);
1257
1258 if (ret == -ENOIOCTLCMD)
1259 pr_debug("compat_ioctl32: unknown ioctl '%c', dir=%d, #%d (0x%08x)\n",
1260 _IOC_TYPE(cmd), _IOC_DIR(cmd), _IOC_NR(cmd), cmd);
1261 return ret;
1262 }
1263 EXPORT_SYMBOL_GPL(v4l2_compat_ioctl32);
1264