media/v4l2-core: untag user pointers in videobuf_dma_contig_user_get

This patch is a part of a series that extends kernel ABI to allow to pass
tagged user pointers (with the top byte set to something else other than
0x00) as syscall arguments.

videobuf_dma_contig_user_get() uses provided user pointers for vma
lookups, which can only by done with untagged pointers.

Untag the pointers in this function.

Link: http://lkml.kernel.org/r/100436d5f8e4349a78f27b0bbb27e4801fcb946b.1563904656.git.andreyknvl@google.com
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Reviewed-by: Khalid Aziz <khalid.aziz@oracle.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Mauro Carvalho Chehab <mchehab+samsung@kernel.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Catalin Marinas <catalin.marinas@arm.com>
Cc: Dave Hansen <dave.hansen@intel.com>
Cc: Eric Auger <eric.auger@redhat.com>
Cc: Felix Kuehling <Felix.Kuehling@amd.com>
Cc: Jens Wiklander <jens.wiklander@linaro.org>
Cc: Mike Rapoport <rppt@linux.ibm.com>
Cc: Vincenzo Frascino <vincenzo.frascino@arm.com>
Cc: Will Deacon <will@kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

diff --git a/drivers/media/v4l2-core/videobuf-dma-contig.c b/drivers/media/v4l2-core/videobuf-dma-contig.c
index 76b4ac7..aeb2f49 100644 (file)
--- a/drivers/media/v4l2-core/videobuf-dma-contig.c
+++ b/drivers/media/v4l2-core/videobuf-dma-contig.c
@@ -157,6 +157,7 @@ static void videobuf_dma_contig_user_put(struct videobuf_dma_contig_memory *mem)
 static int videobuf_dma_contig_user_get(struct videobuf_dma_contig_memory *mem,
                                        struct videobuf_buffer *vb)
 {
+       unsigned long untagged_baddr = untagged_addr(vb->baddr);
        struct mm_struct *mm = current->mm;
        struct vm_area_struct *vma;
        unsigned long prev_pfn, this_pfn;
@@ -164,22 +165,22 @@ static int videobuf_dma_contig_user_get(struct videobuf_dma_contig_memory *mem,
        unsigned int offset;
        int ret;
 
-       offset = vb->baddr & ~PAGE_MASK;
+       offset = untagged_baddr & ~PAGE_MASK;
        mem->size = PAGE_ALIGN(vb->size + offset);
        ret = -EINVAL;
 
        down_read(&mm->mmap_sem);
 
-       vma = find_vma(mm, vb->baddr);
+       vma = find_vma(mm, untagged_baddr);
        if (!vma)
                goto out_up;
 
-       if ((vb->baddr + mem->size) > vma->vm_end)
+       if ((untagged_baddr + mem->size) > vma->vm_end)
                goto out_up;
 
        pages_done = 0;
        prev_pfn = 0; /* kill warning */
-       user_address = vb->baddr;
+       user_address = untagged_baddr;
 
        while (pages_done < (mem->size >> PAGE_SHIFT)) {
                ret = follow_pfn(vma, user_address, &this_pfn);