This is a note to let you know that I've just added the patch titled
dma-buf: Fix SET_NAME ioctl uapi
to the 5.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git%3Ba=su...
The filename of the patch is: dma-buf-fix-set_name-ioctl-uapi.patch and it can be found in the queue-5.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree, please let stable@vger.kernel.org know about it.
From a5bff92eaac45bdf6221badf9505c26792fdf99e Mon Sep 17 00:00:00 2001
From: Daniel Vetter daniel.vetter@intel.com Date: Tue, 7 Apr 2020 15:30:02 +0200 Subject: dma-buf: Fix SET_NAME ioctl uapi
From: Daniel Vetter daniel.vetter@intel.com
commit a5bff92eaac45bdf6221badf9505c26792fdf99e upstream.
The uapi is the same on 32 and 64 bit, but the number isn't. Everyone who botched this please re-read:
https://www.kernel.org/doc/html/v5.4-preprc-cpu/ioctl/botching-up-ioctls.htm...
Also, the type argument for the ioctl macros is for the type the void __user *arg pointer points at, which in this case would be the variable-sized char[] of a 0 terminated string. So this was botched in more than just the usual ways.
Cc: Sumit Semwal sumit.semwal@linaro.org Cc: Chenbo Feng fengc@google.com Cc: Greg Hackmann ghackmann@google.com Cc: Daniel Vetter daniel.vetter@ffwll.ch Cc: linux-media@vger.kernel.org Cc: linaro-mm-sig@lists.linaro.org Cc: minchan@kernel.org Cc: surenb@google.com Cc: jenhaochen@google.com Cc: Martin Liu liumartin@google.com Signed-off-by: Daniel Vetter daniel.vetter@intel.com Tested-by: Martin Liu liumartin@google.com Reviewed-by: Martin Liu liumartin@google.com Signed-off-by: Sumit Semwal sumit.semwal@linaro.org [sumits: updated some checkpatch fixes, corrected author email] Link: https://patchwork.freedesktop.org/patch/msgid/20200407133002.3486387-1-danie... Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- drivers/dma-buf/dma-buf.c | 3 ++- include/uapi/linux/dma-buf.h | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-)
--- a/drivers/dma-buf/dma-buf.c +++ b/drivers/dma-buf/dma-buf.c @@ -388,7 +388,8 @@ static long dma_buf_ioctl(struct file *f
return ret;
- case DMA_BUF_SET_NAME: + case DMA_BUF_SET_NAME_A: + case DMA_BUF_SET_NAME_B: return dma_buf_set_name(dmabuf, (const char __user *)arg);
default: --- a/include/uapi/linux/dma-buf.h +++ b/include/uapi/linux/dma-buf.h @@ -39,6 +39,12 @@ struct dma_buf_sync {
#define DMA_BUF_BASE 'b' #define DMA_BUF_IOCTL_SYNC _IOW(DMA_BUF_BASE, 0, struct dma_buf_sync) + +/* 32/64bitness of this uapi was botched in android, there's no difference + * between them in actual uapi, they're just different numbers. + */ #define DMA_BUF_SET_NAME _IOW(DMA_BUF_BASE, 1, const char *) +#define DMA_BUF_SET_NAME_A _IOW(DMA_BUF_BASE, 1, u32) +#define DMA_BUF_SET_NAME_B _IOW(DMA_BUF_BASE, 1, u64)
#endif
Patches currently in stable-queue which might be from daniel.vetter@intel.com are
queue-5.4/dma-buf-fix-set_name-ioctl-uapi.patch
linaro-mm-sig@lists.linaro.org