From: Ricardo Ribalda <ribalda@chromium.org>
To: Laurent Pinchart <laurent.pinchart@ideasonboard.com>,
Hans Verkuil <hverkuil-cisco@xs4all.nl>,
Mauro Carvalho Chehab <mchehab@kernel.org>,
Sergey Senozhatsky <sergey.senozhatsky@gmail.com>,
linux-media@vger.kernel.org, linux-kernel@vger.kernel.org,
tfiga@chromium.org
Cc: Ricardo Ribalda <ribalda@chromium.org>
Subject: [PATCH v10 14/21] media: uvcvideo: Check controls flags before accessing them
Date: Fri, 18 Jun 2021 14:29:16 +0200 [thread overview]
Message-ID: <20210618122923.385938-15-ribalda@chromium.org> (raw)
In-Reply-To: <20210618122923.385938-1-ribalda@chromium.org>
We can figure out if reading/writing a set of controls can fail without
accessing them by checking their flags.
This way we can honor the API closer:
If an error is found when validating the list of controls passed with
VIDIOC_G_EXT_CTRLS, then error_idx shall be set to ctrls->count to
indicate to userspace that no actual hardware was touched.
Fixes v4l2-compliance:
Control ioctls (Input 0):
warn: v4l2-test-controls.cpp(765): g_ext_ctrls(0) invalid error_idx 0
fail: v4l2-test-controls.cpp(645): invalid error index write only control
test VIDIOC_G/S/TRY_EXT_CTRLS: FAIL
Reviewed-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Reviewed-by: Laurent Pinchart <laurent.pinchart@ideasonboard.com>
Signed-off-by: Ricardo Ribalda <ribalda@chromium.org>
---
drivers/media/usb/uvc/uvc_ctrl.c | 22 ++++++++++++++++++
drivers/media/usb/uvc/uvc_v4l2.c | 39 ++++++++++++++++++++++++++++----
drivers/media/usb/uvc/uvcvideo.h | 2 ++
3 files changed, 58 insertions(+), 5 deletions(-)
diff --git a/drivers/media/usb/uvc/uvc_ctrl.c b/drivers/media/usb/uvc/uvc_ctrl.c
index 2cc2ff0d0cae..18c315b52ef5 100644
--- a/drivers/media/usb/uvc/uvc_ctrl.c
+++ b/drivers/media/usb/uvc/uvc_ctrl.c
@@ -1042,6 +1042,28 @@ static int uvc_query_v4l2_class(struct uvc_video_chain *chain, u32 req_id,
return 0;
}
+int uvc_ctrl_is_accessible(struct uvc_video_chain *chain, u32 v4l2_id,
+ bool read)
+{
+ struct uvc_control_mapping *mapping;
+ struct uvc_control *ctrl;
+
+ if (__uvc_query_v4l2_class(chain, v4l2_id, 0) >= 0)
+ return -EACCES;
+
+ ctrl = uvc_find_control(chain, v4l2_id, &mapping);
+ if (!ctrl)
+ return -EINVAL;
+
+ if (!(ctrl->info.flags & UVC_CTRL_FLAG_GET_CUR) && read)
+ return -EACCES;
+
+ if (!(ctrl->info.flags & UVC_CTRL_FLAG_SET_CUR) && !read)
+ return -EACCES;
+
+ return 0;
+}
+
static const char *uvc_map_get_name(const struct uvc_control_mapping *map)
{
const char *name;
diff --git a/drivers/media/usb/uvc/uvc_v4l2.c b/drivers/media/usb/uvc/uvc_v4l2.c
index 28ccaa8b9e42..a3ee1dc003fc 100644
--- a/drivers/media/usb/uvc/uvc_v4l2.c
+++ b/drivers/media/usb/uvc/uvc_v4l2.c
@@ -991,6 +991,26 @@ static int uvc_ioctl_query_ext_ctrl(struct file *file, void *fh,
return 0;
}
+static int uvc_ctrl_check_access(struct uvc_video_chain *chain,
+ struct v4l2_ext_controls *ctrls,
+ unsigned long ioctl)
+{
+ struct v4l2_ext_control *ctrl = ctrls->controls;
+ unsigned int i;
+ int ret = 0;
+
+ for (i = 0; i < ctrls->count; ++ctrl, ++i) {
+ ret = uvc_ctrl_is_accessible(chain, ctrl->id,
+ ioctl == VIDIOC_G_EXT_CTRLS);
+ if (ret)
+ break;
+ }
+
+ ctrls->error_idx = ioctl == VIDIOC_TRY_EXT_CTRLS ? i : ctrls->count;
+
+ return ret;
+}
+
static int uvc_ioctl_g_ext_ctrls(struct file *file, void *fh,
struct v4l2_ext_controls *ctrls)
{
@@ -1000,6 +1020,10 @@ static int uvc_ioctl_g_ext_ctrls(struct file *file, void *fh,
unsigned int i;
int ret;
+ ret = uvc_ctrl_check_access(chain, ctrls, VIDIOC_G_EXT_CTRLS);
+ if (ret < 0)
+ return ret;
+
if (ctrls->which == V4L2_CTRL_WHICH_DEF_VAL) {
for (i = 0; i < ctrls->count; ++ctrl, ++i) {
struct v4l2_queryctrl qc = { .id = ctrl->id };
@@ -1036,13 +1060,17 @@ static int uvc_ioctl_g_ext_ctrls(struct file *file, void *fh,
static int uvc_ioctl_s_try_ext_ctrls(struct uvc_fh *handle,
struct v4l2_ext_controls *ctrls,
- bool commit)
+ unsigned long ioctl)
{
struct v4l2_ext_control *ctrl = ctrls->controls;
struct uvc_video_chain *chain = handle->chain;
unsigned int i;
int ret;
+ ret = uvc_ctrl_check_access(chain, ctrls, ioctl);
+ if (ret < 0)
+ return ret;
+
ret = uvc_ctrl_begin(chain);
if (ret < 0)
return ret;
@@ -1051,14 +1079,15 @@ static int uvc_ioctl_s_try_ext_ctrls(struct uvc_fh *handle,
ret = uvc_ctrl_set(handle, ctrl);
if (ret < 0) {
uvc_ctrl_rollback(handle);
- ctrls->error_idx = commit ? ctrls->count : i;
+ ctrls->error_idx = ioctl == VIDIOC_S_EXT_CTRLS ?
+ ctrls->count : i;
return ret;
}
}
ctrls->error_idx = 0;
- if (commit)
+ if (ioctl == VIDIOC_S_EXT_CTRLS)
return uvc_ctrl_commit(handle, ctrls->controls, ctrls->count);
else
return uvc_ctrl_rollback(handle);
@@ -1069,7 +1098,7 @@ static int uvc_ioctl_s_ext_ctrls(struct file *file, void *fh,
{
struct uvc_fh *handle = fh;
- return uvc_ioctl_s_try_ext_ctrls(handle, ctrls, true);
+ return uvc_ioctl_s_try_ext_ctrls(handle, ctrls, VIDIOC_S_EXT_CTRLS);
}
static int uvc_ioctl_try_ext_ctrls(struct file *file, void *fh,
@@ -1077,7 +1106,7 @@ static int uvc_ioctl_try_ext_ctrls(struct file *file, void *fh,
{
struct uvc_fh *handle = fh;
- return uvc_ioctl_s_try_ext_ctrls(handle, ctrls, false);
+ return uvc_ioctl_s_try_ext_ctrls(handle, ctrls, VIDIOC_TRY_EXT_CTRLS);
}
static int uvc_ioctl_querymenu(struct file *file, void *fh,
diff --git a/drivers/media/usb/uvc/uvcvideo.h b/drivers/media/usb/uvc/uvcvideo.h
index b044d9455b2c..4aa78591d9b0 100644
--- a/drivers/media/usb/uvc/uvcvideo.h
+++ b/drivers/media/usb/uvc/uvcvideo.h
@@ -901,6 +901,8 @@ static inline int uvc_ctrl_rollback(struct uvc_fh *handle)
int uvc_ctrl_get(struct uvc_video_chain *chain, struct v4l2_ext_control *xctrl);
int uvc_ctrl_set(struct uvc_fh *handle, struct v4l2_ext_control *xctrl);
+int uvc_ctrl_is_accessible(struct uvc_video_chain *chain, u32 v4l2_id,
+ bool read);
int uvc_xu_ctrl_query(struct uvc_video_chain *chain,
struct uvc_xu_control_query *xqry);
--
2.32.0.288.g62a8d224e6-goog
next prev parent reply other threads:[~2021-06-18 12:30 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-18 12:29 [PATCH v10 00/21] Fix v4l2-compliance errors Ricardo Ribalda
2021-06-18 12:29 ` [PATCH v10 01/21] media: v4l2-ioctl: Fix check_ext_ctrls Ricardo Ribalda
2021-06-18 12:29 ` [PATCH v10 02/21] media: pvrusb2: Do not check for V4L2_CTRL_WHICH_DEF_VAL Ricardo Ribalda
2021-06-18 12:29 ` [PATCH v10 03/21] media: uvcvideo: " Ricardo Ribalda
2021-06-18 12:29 ` [PATCH v10 04/21] media: v4l2-ioctl: S_CTRL output the right value Ricardo Ribalda
2021-06-18 12:29 ` [PATCH v10 05/21] media: uvcvideo: Remove s_ctrl and g_ctrl Ricardo Ribalda
2021-06-18 12:29 ` [PATCH v10 06/21] media: uvcvideo: Set capability in s_param Ricardo Ribalda
2021-06-18 12:29 ` [PATCH v10 07/21] media: uvcvideo: Return -EIO for control errors Ricardo Ribalda
2021-06-18 12:29 ` [PATCH v10 08/21] media: uvcvideo: refactor __uvc_ctrl_add_mapping Ricardo Ribalda
2021-06-18 12:29 ` [PATCH v10 09/21] media: uvcvideo: Add support for V4L2_CTRL_TYPE_CTRL_CLASS Ricardo Ribalda
2021-06-18 12:29 ` [PATCH v10 10/21] media: uvcvideo: Use dev->name for querycap() Ricardo Ribalda
2021-06-18 12:29 ` [PATCH v10 11/21] media: uvcvideo: Set unique vdev name based in type Ricardo Ribalda
2021-12-06 19:05 ` [REGRESSION] " Nicolas Dufresne
2021-12-06 19:15 ` Laurent Pinchart
2021-06-18 12:29 ` [PATCH v10 12/21] media: uvcvideo: Increase the size of UVC_METADATA_BUF_SIZE Ricardo Ribalda
2021-06-18 12:29 ` [PATCH v10 13/21] media: uvcvideo: Use control names from framework Ricardo Ribalda
2021-09-03 10:10 ` Mauro Carvalho Chehab
2021-09-03 10:33 ` Ricardo Ribalda
2021-06-18 12:29 ` Ricardo Ribalda [this message]
2021-06-18 12:29 ` [PATCH v10 15/21] media: uvcvideo: Set error_idx during ctrl_commit errors Ricardo Ribalda
2021-06-18 12:29 ` [PATCH v10 16/21] media: docs: Document the behaviour of uvcvideo driver Ricardo Ribalda
2021-06-18 12:29 ` [PATCH v10 17/21] uvcvideo: uvc_ctrl_is_accessible: check for INACTIVE Ricardo Ribalda
2021-08-22 23:40 ` Laurent Pinchart
2021-06-18 12:29 ` [PATCH v10 18/21] uvcvideo: improve error handling in uvc_query_ctrl() Ricardo Ribalda
2021-08-22 23:52 ` Laurent Pinchart
2021-06-18 12:29 ` [PATCH v10 19/21] uvcvideo: don't spam the log in uvc_ctrl_restore_values() Ricardo Ribalda
2021-08-22 23:23 ` Laurent Pinchart
2021-08-23 0:17 ` Laurent Pinchart
2021-08-23 7:32 ` Hans Verkuil
2021-06-18 12:29 ` [PATCH v10 20/21] uvc: use vb2 ioctl and fop helpers Ricardo Ribalda
2021-08-23 0:00 ` Laurent Pinchart
2021-06-18 12:29 ` [PATCH v10 21/21] media: uvcvideo: Return -EACCES to inactive controls Ricardo Ribalda
2021-06-25 10:29 ` Ricardo Ribalda
2021-06-25 11:06 ` Hans Verkuil
2021-06-25 13:55 ` Ricardo Ribalda
2021-06-30 9:02 ` Hans Verkuil
2021-06-30 12:51 ` Ricardo Ribalda
2021-07-06 14:18 ` Hans Verkuil
2021-07-07 9:07 ` Ricardo Ribalda
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210618122923.385938-15-ribalda@chromium.org \
--to=ribalda@chromium.org \
--cc=hverkuil-cisco@xs4all.nl \
--cc=laurent.pinchart@ideasonboard.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-media@vger.kernel.org \
--cc=mchehab@kernel.org \
--cc=sergey.senozhatsky@gmail.com \
--cc=tfiga@chromium.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.