Re: [Linaro-mm-sig] [PATCH] dma-buf: Fix SET_NAME ioctl uapi

Thanks for the patch, Daniel!

On Tue, 7 Apr 2020 at 19:00, Daniel Vetter daniel.vetter@ffwll.ch wrote:

The uapi is the same on 32 and 64 bit, but the number isnt. Everyone who botched this please re-read:

https://www.kernel.org/doc/html/v5.4-preprc-cpu/ioctl/botching-up-ioctls.htm...

Also, the type argument for the ioctl macros is for the type the void __user *arg pointer points at, which in this case would be the variable-sized char[] of a 0 terminated string. So this was botched in more than just the usual ways.

Yes, it shouldn't have passed through the cracks; my apologies!

Cc: Sumit Semwal sumit.semwal@linaro.org Cc: Chenbo Feng fengc@google.com Cc: Greg Hackmann ghackmann@google.com Cc: Daniel Vetter daniel.vetter@ffwll.ch Cc: linux-media@vger.kernel.org Cc: linaro-mm-sig@lists.linaro.org Cc: minchan@kernel.org Cc: surenb@google.com Cc: jenhaochen@google.com Cc: Martin Liu liumartin@google.com

Martin, Could I request you to test this one with the 4 combinations of 32-bit / 64-bit userspace and kernel, and let us know that all 4 are working alright? If yes, please consider giving your tested-by here.

Signed-off-by: Daniel Vetter daniel.vetter@intel.com

drivers/dma-buf/dma-buf.c | 3 ++- include/uapi/linux/dma-buf.h | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/drivers/dma-buf/dma-buf.c b/drivers/dma-buf/dma-buf.c index 570c923023e6..1d923b8e4c59 100644 --- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -388,7 +388,8 @@ static long dma_buf_ioctl(struct file *file,

            return ret;

•   case DMA_BUF_SET_NAME:
  

•   case DMA_BUF_SET_NAME_A:
  

•   case DMA_BUF_SET_NAME_B:
            return dma_buf_set_name(dmabuf, (const char __user *)arg);
  
    default:
  

diff --git a/include/uapi/linux/dma-buf.h b/include/uapi/linux/dma-buf.h index dbc7092e04b5..21dfac815dc0 100644 --- a/include/uapi/linux/dma-buf.h +++ b/include/uapi/linux/dma-buf.h @@ -39,6 +39,10 @@ struct dma_buf_sync {

#define DMA_BUF_BASE 'b' #define DMA_BUF_IOCTL_SYNC _IOW(DMA_BUF_BASE, 0, struct dma_buf_sync) +/* 32/64bitness of this uapi was botched in android, there's no difference

• • between them in actual uapi, they're just different numbers. */

#define DMA_BUF_SET_NAME _IOW(DMA_BUF_BASE, 1, const char *) +#define DMA_BUF_SET_NAME_A _IOW(DMA_BUF_BASE, 1, u32) +#define DMA_BUF_SET_NAME_B _IOW(DMA_BUF_BASE, 1, u64)

#endif

2.25.1

Best, Sumit.