From patchwork Tue Jul  4 23:22:48 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Kieran Bingham <kieran.bingham@ideasonboard.com>
X-Patchwork-Id: 18787
Return-Path: <libcamera-devel-bounces@lists.libcamera.org>
X-Original-To: parsemail@patchwork.libcamera.org
Delivered-To: parsemail@patchwork.libcamera.org
Received: from lancelot.ideasonboard.com (lancelot.ideasonboard.com
	[92.243.16.209])
	by patchwork.libcamera.org (Postfix) with ESMTPS id 0FC04BDC71
	for <parsemail@patchwork.libcamera.org>;
	Tue,  4 Jul 2023 23:22:54 +0000 (UTC)
Received: from lancelot.ideasonboard.com (localhost [IPv6:::1])
	by lancelot.ideasonboard.com (Postfix) with ESMTP id C012B628C2;
	Wed,  5 Jul 2023 01:22:53 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=libcamera.org;
	s=mail; t=1688512973;
	bh=58B1n69bNB2QOwaet6E2oDoxYLixzgjJeIRy3NPNLcM=;
	h=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:
	List-Help:List-Subscribe:From:Reply-To:From;
	b=qIb4UeyppR5+p/KHU5bkBvcYw12FHji1fiLSjZ3FfbQVx5YWEnV0J3lhrBoABzGxf
	aOXz+BPbMFSKgtdO+zAt2o057ySmrVDEoLD5dcuE9XKqYNaca//HH1uAb1CcPygSr4
	z/kT7U1r1I6v6AMnn2fcNX2r2V2CbmV5eSiiN4jdKvrPepK2pn4j7HhtH7LQM/+vcU
	6kZriOAvqRZ7CsXadCK/ZPOgDUtCjqxYgp7DSUM8FRe3WqQ63xgJ6LOOXMCh3NAQcR
	MSDW6vSB7aT2hPkq+MNAyk23LEAwcPsemUGLt4hrB6+IahC1pcUHlzkZGRq2mzB5e5
	TwDuDKfscv0vA==
Received: from perceval.ideasonboard.com (perceval.ideasonboard.com
	[213.167.242.64])
	by lancelot.ideasonboard.com (Postfix) with ESMTPS id BAAE1628BB
	for <libcamera-devel@lists.libcamera.org>;
	Wed,  5 Jul 2023 01:22:52 +0200 (CEST)
Authentication-Results: lancelot.ideasonboard.com; dkim=pass (1024-bit key;
	unprotected) header.d=ideasonboard.com
	header.i=@ideasonboard.com
	header.b="XbnNEGl8"; dkim-atps=neutral
Received: from Monstersaurus.local
	(aztw-30-b2-v4wan-166917-cust845.vm26.cable.virginm.net
	[82.37.23.78])
	by perceval.ideasonboard.com (Postfix) with ESMTPSA id 518688CC;
	Wed,  5 Jul 2023 01:22:08 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ideasonboard.com;
	s=mail; t=1688512928;
	bh=58B1n69bNB2QOwaet6E2oDoxYLixzgjJeIRy3NPNLcM=;
	h=From:To:Cc:Subject:Date:From;
	b=XbnNEGl84J4mYO3cUZz8GTlsDx+IUKKlcWsbuQAph/bUa2KWud03Q8Dkl0ltWrqGX
	bEJ0H7rwlPeVz3wffTon75q7rCqm3wSPTz4WFb6/AXdJRqmcNkGDqhfbJ6FOqWzCqy
	u5ejsZvelWx8DwJuzW0gG70K0EGJHMRMmFu5z4Eg=
To: libcamera devel <libcamera-devel@lists.libcamera.org>
Date: Wed,  5 Jul 2023 00:22:48 +0100
Message-Id: <20230704232248.3861085-1-kieran.bingham@ideasonboard.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Subject: [libcamera-devel] [PATCH] v4l2: v4l2_camera_proxy: Prevent ioctl
	sign-extensions
X-BeenThere: libcamera-devel@lists.libcamera.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <libcamera-devel.lists.libcamera.org>
List-Unsubscribe: <https://lists.libcamera.org/options/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=unsubscribe>
List-Archive: <https://lists.libcamera.org/pipermail/libcamera-devel/>
List-Post: <mailto:libcamera-devel@lists.libcamera.org>
List-Help: <mailto:libcamera-devel-request@lists.libcamera.org?subject=help>
List-Subscribe: <https://lists.libcamera.org/listinfo/libcamera-devel>,
	<mailto:libcamera-devel-request@lists.libcamera.org?subject=subscribe>
X-Patchwork-Original-From: Kieran Bingham via libcamera-devel
	<libcamera-devel@lists.libcamera.org>
From: Kieran Bingham <kieran.bingham@ideasonboard.com>
Reply-To: Kieran Bingham <kieran.bingham@ideasonboard.com>
Errors-To: libcamera-devel-bounces@lists.libcamera.org
Sender: "libcamera-devel" <libcamera-devel-bounces@lists.libcamera.org>

Handling ioctl's within applications is often wrapped with a helper such
as xioctl. Unfortunately, there are many instances of xioctl which
incorrectly handle the correct size of the ioctl request.

This leads to incorrect sign-extension of ioctl's which have bit-31 set,
and can cause values to be passed into the libcamera's v4l2 adaptation
layer which no longer represent the true IOCTL code.

Match the implementation of the Linux kernel and ensure that only 32
bits of the ioctl request are used by assigning to an unsigned int.

Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Reviewed-by: Jacopo Mondi <jacopo.mondi@ideasonboard.com>
Reviewed-by: Umang Jain <umang.jain@ideasonboard.com>
---
This is a (simpler) rework of the previous patch [0]:
 v4l2: v4l2_camera_proxy: Detect ioctl sign-extensions 

[0] https://patchwork.libcamera.org/patch/18311/

 src/v4l2/v4l2_camera_proxy.cpp | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/v4l2/v4l2_camera_proxy.cpp b/src/v4l2/v4l2_camera_proxy.cpp
index 55ff62cdb430..dfb672080219 100644
--- a/src/v4l2/v4l2_camera_proxy.cpp
+++ b/src/v4l2/v4l2_camera_proxy.cpp
@@ -778,10 +778,20 @@ const std::set<unsigned long> V4L2CameraProxy::supportedIoctls_ = {
 	VIDIOC_STREAMOFF,
 };
 
-int V4L2CameraProxy::ioctl(V4L2CameraFile *file, unsigned long request, void *arg)
+int V4L2CameraProxy::ioctl(V4L2CameraFile *file, unsigned long longRequest, void *arg)
 {
 	MutexLocker locker(proxyMutex_);
 
+	/*
+	 * The Linux Kernel only processes 32 bits of an IOCTL.
+	 *
+	 * Prevent unexpected sign-extensions that could occur if applications
+	 * use an unsigned int for the ioctl request, which would sign-extend
+	 * to an incorrect value for unsigned longs on 64 bit architectures by
+	 * explicitly casting as an unsigned int here.
+	 */
+	unsigned int request = longRequest;
+
 	if (!arg && (_IOC_DIR(request) & _IOC_WRITE)) {
 		errno = EFAULT;
 		return -1;