From a605efa424fd7d67c8528153cd319c1d19c0e310 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Mon, 4 May 2020 09:15:45 +0200 Subject: [PATCH] 5.6-stable patches added patches: dma-buf-fix-set_name-ioctl-uapi.patch --- .../dma-buf-fix-set_name-ioctl-uapi.patch | 69 +++++++++++++++++++ queue-5.6/series | 1 + 2 files changed, 70 insertions(+) create mode 100644 queue-5.6/dma-buf-fix-set_name-ioctl-uapi.patch diff --git a/queue-5.6/dma-buf-fix-set_name-ioctl-uapi.patch b/queue-5.6/dma-buf-fix-set_name-ioctl-uapi.patch new file mode 100644 index 00000000000..61e8a43ed2b --- /dev/null +++ b/queue-5.6/dma-buf-fix-set_name-ioctl-uapi.patch @@ -0,0 +1,69 @@ +From a5bff92eaac45bdf6221badf9505c26792fdf99e Mon Sep 17 00:00:00 2001 +From: Daniel Vetter +Date: Tue, 7 Apr 2020 15:30:02 +0200 +Subject: dma-buf: Fix SET_NAME ioctl uapi + +From: Daniel Vetter + +commit a5bff92eaac45bdf6221badf9505c26792fdf99e upstream. + +The uapi is the same on 32 and 64 bit, but the number isn't. Everyone +who botched this please re-read: + +https://www.kernel.org/doc/html/v5.4-preprc-cpu/ioctl/botching-up-ioctls.html + +Also, the type argument for the ioctl macros is for the type the void +__user *arg pointer points at, which in this case would be the +variable-sized char[] of a 0 terminated string. So this was botched in +more than just the usual ways. + +Cc: Sumit Semwal +Cc: Chenbo Feng +Cc: Greg Hackmann +Cc: Daniel Vetter +Cc: linux-media@vger.kernel.org +Cc: linaro-mm-sig@lists.linaro.org +Cc: minchan@kernel.org +Cc: surenb@google.com +Cc: jenhaochen@google.com +Cc: Martin Liu +Signed-off-by: Daniel Vetter +Tested-by: Martin Liu +Reviewed-by: Martin Liu +Signed-off-by: Sumit Semwal + [sumits: updated some checkpatch fixes, corrected author email] +Link: https://patchwork.freedesktop.org/patch/msgid/20200407133002.3486387-1-daniel.vetter@ffwll.ch +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/dma-buf/dma-buf.c | 3 ++- + include/uapi/linux/dma-buf.h | 6 ++++++ + 2 files changed, 8 insertions(+), 1 deletion(-) + +--- a/drivers/dma-buf/dma-buf.c ++++ b/drivers/dma-buf/dma-buf.c +@@ -388,7 +388,8 @@ static long dma_buf_ioctl(struct file *f + + return ret; + +- case DMA_BUF_SET_NAME: ++ case DMA_BUF_SET_NAME_A: ++ case DMA_BUF_SET_NAME_B: + return dma_buf_set_name(dmabuf, (const char __user *)arg); + + default: +--- a/include/uapi/linux/dma-buf.h ++++ b/include/uapi/linux/dma-buf.h +@@ -39,6 +39,12 @@ struct dma_buf_sync { + + #define DMA_BUF_BASE 'b' + #define DMA_BUF_IOCTL_SYNC _IOW(DMA_BUF_BASE, 0, struct dma_buf_sync) ++ ++/* 32/64bitness of this uapi was botched in android, there's no difference ++ * between them in actual uapi, they're just different numbers. ++ */ + #define DMA_BUF_SET_NAME _IOW(DMA_BUF_BASE, 1, const char *) ++#define DMA_BUF_SET_NAME_A _IOW(DMA_BUF_BASE, 1, u32) ++#define DMA_BUF_SET_NAME_B _IOW(DMA_BUF_BASE, 1, u64) + + #endif diff --git a/queue-5.6/series b/queue-5.6/series index 57cfb19ff3a..019200263eb 100644 --- a/queue-5.6/series +++ b/queue-5.6/series @@ -1 +1,2 @@ drm-scheduler-fix-drm_sched_get_cleanup_job.patch +dma-buf-fix-set_name-ioctl-uapi.patch -- 2.47.3