On 05/29/2015 03:08 AM, Ben Hutchings wrote: > On Thu, 2015-05-21 at 13:46 +0100, Rob Taylor wrote: >> On 21/05/15 06:58, Hans Verkuil wrote: >>> On 05/20/2015 06:39 PM, William Towle wrote: >>>> Fill in bus_info field and zero reserved field. >>>> >>>> Signed-off-by: Rob Taylor <rob.taylor@xxxxxxxxxxxxxxx> >>>> Reviewed-by: William Towle <william.towle@xxxxxxxxxxxxxxx> >>>> --- >>>> drivers/media/platform/soc_camera/soc_camera.c | 2 ++ >>>> 1 file changed, 2 insertions(+) >>>> >>>> diff --git a/drivers/media/platform/soc_camera/soc_camera.c b/drivers/media/platform/soc_camera/soc_camera.c >>>> index fd7497e..583c5e6 100644 >>>> --- a/drivers/media/platform/soc_camera/soc_camera.c >>>> +++ b/drivers/media/platform/soc_camera/soc_camera.c >>>> @@ -954,6 +954,8 @@ static int soc_camera_querycap(struct file *file, void *priv, >>>> WARN_ON(priv != file->private_data); >>>> >>>> strlcpy(cap->driver, ici->drv_name, sizeof(cap->driver)); >>>> + strlcpy(cap->bus_info, "platform:soc_camera", sizeof(cap->bus_info)); >>>> + memset(cap->reserved, 0, sizeof(cap->reserved)); >>> >>> Why the memset? That shouldn't be needed. >> >> v4l2-complience complained it wasn't zero (v4l2-compliance.cpp:308 in >> v4l-utils v1.6.2 [1]) William, you should use the latest v4l-utils compiled from the git repo. Unlikely to be related to this, though. > > I'm puzzled by that. Isn't this function called by v4l_querycap(), > which is called by video_usercopy()? And video_usercopy() zeroes the > entire structure before doing so, or at least it appears to be intended > to. Right. So I don't understand this. Can you dig a bit deeper why this would be needed here? It should not be necessary at all, so if reserved is non-zero, then someone is writing data where it shouldn't. Regards, Hans > > Anyway, if we're failing to initialise kernel memory that's copied to > user-space, that's a (usually minor) security issue and the fix ought to > be cc'd to stable. > > Ben. > > > -- > To unsubscribe from this list: send the line "unsubscribe linux-media" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe linux-media" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
