diff options
| author | Pratap Nirujogi <pratapn@codeaurora.org> | 2016-12-26 20:44:52 +0530 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2017-02-15 05:55:56 -0800 |
| commit | 0fa56849d1d23e8b77827d61b0c192855a23ee46 (patch) | |
| tree | c4d742236128164b1df84828e6e66e178909394c | |
| parent | 3a7e752617514960c5cecdf84e12b13dc63c04c7 (diff) | |
msm: camera: cpp: Avoid exposing kernel information to user space
Avoid copy_to_user for the cases that are not required.
CRs-Fixed: 1099731
Change-Id: Id7d94d26fc662f406f55fbe2f8703b3632809802
Signed-off-by: Pratap Nirujogi <pratapn@codeaurora.org>
| -rw-r--r-- | drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c b/drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c index 1cf2c54aa8b8..204f25611925 100644 --- a/drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c +++ b/drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c @@ -1,4 +1,4 @@ -/* Copyright (c) 2013-2016, The Linux Foundation. All rights reserved. +/* Copyright (c) 2013-2017, The Linux Foundation. All rights reserved. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License version 2 and @@ -3817,6 +3817,7 @@ static long msm_cpp_subdev_fops_compat_ioctl(struct file *file, struct msm_cpp_frame_info32_t k32_frame_info; struct msm_cpp_frame_info_t k64_frame_info; uint32_t identity_k = 0; + bool is_copytouser_req = true; void __user *up = (void __user *)arg; if (sd == NULL) { @@ -3951,9 +3952,8 @@ static long msm_cpp_subdev_fops_compat_ioctl(struct file *file, break; } } - if (copy_to_user( - (void __user *)kp_ioctl.ioctl_ptr, &inst_info, - sizeof(struct msm_cpp_frame_info32_t))) { + if (copy_to_user((void __user *)kp_ioctl.ioctl_ptr, + &inst_info, sizeof(struct msm_cpp_frame_info32_t))) { mutex_unlock(&cpp_dev->mutex); return -EFAULT; } @@ -3989,6 +3989,7 @@ static long msm_cpp_subdev_fops_compat_ioctl(struct file *file, sizeof(struct msm_cpp_stream_buff_info_t); } } + is_copytouser_req = false; if (cmd == VIDIOC_MSM_CPP_ENQUEUE_STREAM_BUFF_INFO32) cmd = VIDIOC_MSM_CPP_ENQUEUE_STREAM_BUFF_INFO; else if (cmd == VIDIOC_MSM_CPP_DELETE_STREAM_BUFF32) @@ -4003,6 +4004,7 @@ static long msm_cpp_subdev_fops_compat_ioctl(struct file *file, get_user(identity_k, identity_u); kp_ioctl.ioctl_ptr = (void *)&identity_k; kp_ioctl.len = sizeof(uint32_t); + is_copytouser_req = false; cmd = VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO; break; } @@ -4061,6 +4063,7 @@ static long msm_cpp_subdev_fops_compat_ioctl(struct file *file, sizeof(struct msm_cpp_clock_settings_t); } } + is_copytouser_req = false; cmd = VIDIOC_MSM_CPP_SET_CLOCK; break; } @@ -4086,6 +4089,7 @@ static long msm_cpp_subdev_fops_compat_ioctl(struct file *file, kp_ioctl.ioctl_ptr = (void *)&k_queue_buf; kp_ioctl.len = sizeof(struct msm_pproc_queue_buf_info); + is_copytouser_req = false; cmd = VIDIOC_MSM_CPP_QUEUE_BUF; break; } @@ -4110,6 +4114,8 @@ static long msm_cpp_subdev_fops_compat_ioctl(struct file *file, k64_frame_info.frame_id = k32_frame_info.frame_id; kp_ioctl.ioctl_ptr = (void *)&k64_frame_info; + + is_copytouser_req = false; cmd = VIDIOC_MSM_CPP_POP_STREAM_BUFFER; break; } @@ -4163,13 +4169,16 @@ static long msm_cpp_subdev_fops_compat_ioctl(struct file *file, break; } - up32_ioctl.id = kp_ioctl.id; - up32_ioctl.len = kp_ioctl.len; - up32_ioctl.trans_code = kp_ioctl.trans_code; - up32_ioctl.ioctl_ptr = ptr_to_compat(kp_ioctl.ioctl_ptr); + if (is_copytouser_req) { + up32_ioctl.id = kp_ioctl.id; + up32_ioctl.len = kp_ioctl.len; + up32_ioctl.trans_code = kp_ioctl.trans_code; + up32_ioctl.ioctl_ptr = ptr_to_compat(kp_ioctl.ioctl_ptr); - if (copy_to_user((void __user *)up, &up32_ioctl, sizeof(up32_ioctl))) - return -EFAULT; + if (copy_to_user((void __user *)up, &up32_ioctl, + sizeof(up32_ioctl))) + return -EFAULT; + } return rc; } |