lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 14 May 2019 14:10:06 +0300
From:   Sakari Ailus <sakari.ailus@...ux.intel.com>
To:     Janusz Krzysztofik <jmkrzyszt@...il.com>
Cc:     Mauro Carvalho Chehab <mchehab@...nel.org>,
        Hans Verkuil <hverkuil-cisco@...all.nl>,
        linux-media@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4 1/2] media: v4l2-subdev: Verify arguments of
 v4l2_subdev_call()

Hi Janusz,

On Sat, May 11, 2019 at 12:10:30PM +0200, Janusz Krzysztofik wrote:
> Correctness of format type (try or active) and pad number parameters
> passed to subdevice operation callbacks is now verified only for IOCTL
> calls.  However, those callbacks are also used by drivers, e.g., V4L2
> host interfaces.
> 
> Since both subdev_do_ioctl() and drivers are using v4l2_subdev_call()
> macro while calling subdevice operations, move those parameter checks
> from subdev_do_ioctl() to v4l2_subdev_call() so we can avoid taking care
> of those checks inside drivers.

I have to say I really like this patch!

> 
> Signed-off-by: Janusz Krzysztofik <jmkrzyszt@...il.com>
> ---
>  drivers/media/v4l2-core/v4l2-subdev.c | 222 +++++++++++++++-----------
>  include/media/v4l2-subdev.h           |   6 +
>  2 files changed, 139 insertions(+), 89 deletions(-)
> 
> diff --git a/drivers/media/v4l2-core/v4l2-subdev.c b/drivers/media/v4l2-core/v4l2-subdev.c
> index d75815ab0d7b..cd50fcb86c47 100644
> --- a/drivers/media/v4l2-core/v4l2-subdev.c
> +++ b/drivers/media/v4l2-core/v4l2-subdev.c
> @@ -120,56 +120,165 @@ static int subdev_close(struct file *file)
>  	return 0;
>  }
>  
> +static inline int check_which(__u32 which)
> +{
> +	return which != V4L2_SUBDEV_FORMAT_TRY &&
> +	       which != V4L2_SUBDEV_FORMAT_ACTIVE ? -EINVAL : 0;
> +}
> +
>  #if defined(CONFIG_VIDEO_V4L2_SUBDEV_API)
> +static inline int check_pad(struct v4l2_subdev *sd, __u32 pad)
> +{
> +	return pad >= sd->entity.num_pads ? -EINVAL : 0;
> +}
> +#else
> +#define check_pad(...) 0

This should be an inline function as well. Or just have one function; the
prototype is the same anyway.

> +#endif
> +
>  static int check_format(struct v4l2_subdev *sd,

inline?

>  			struct v4l2_subdev_format *format)
>  {
> -	if (format->which != V4L2_SUBDEV_FORMAT_TRY &&
> -	    format->which != V4L2_SUBDEV_FORMAT_ACTIVE)
> -		return -EINVAL;
> +	return check_which(format->which) ? : check_pad(sd, format->pad);
> +}

-- 
Kind regards,

Sakari Ailus
sakari.ailus@...ux.intel.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ