[PATCH v4 0/8] y2038 safety in v4l2

[Arnd Bergmann]

I'm in the process of finishing up the last bits on y2038-unsafe
code in the kernel, this series is for v4l2, which has no problem
with overflow, but has multiple ioctls that break with user space
built against a new 32-bit libc.

I posted similar patches as part of a series back in 2015, the
new version was rewritten from scratch and I double-checked with
the old version to make sure I did not miss anything I had already
taken care of before.

Hans Verkuil worked on a different patch set in 2017, but this
also did not get to the point of being merged.

My new version contains compat-ioctl support, which the old one
did not and should be complete, but given its size likely contains
bugs. I did randconfig build tests, but no runtime test, so
careful review as well as testing would be much appreciated.

With this version, the newly added code takes care of the existing
ABI, while the existing code got moved to the 64-bit time_t
interface and is used internally. This means that testing with
existing binaries should exercise most of the modifications
and if that works and doesn't get shot down in review, we can
probably live without testing the new ABI explicitly.

I'm not entirely happy with the compat-ioctl implementation that
adds quite a bit of code duplication, but I hope this is
acceptable anyway, as a better implementation would likely
require a larger refactoring of the compat-ioctl file, while
my approach simply adds support for the additional data structure
variants.

This is a minor update compared to version 3 of this series,
with bugfixes for small mistakes that I found or that were
reported by automated build bots. I updated the tree at [2]
to this version now.

      Arnd

[1] https://lwn.net/Articles/657754/
[2] https://git.kernel.org/pub/scm/linux/kernel/git/arnd/playground.git/log/?h=y2038-v4l2

Arnd Bergmann (8):
  media: documentation: fix video_event description
  media: v4l2: abstract timeval handling in v4l2_buffer
  media: v4l2-core: compat: ignore native command codes
  media: v4l2-core: split out data copy from video_usercopy
  media: v4l2-core: fix VIDIOC_DQEVENT for time64 ABI
  media: v4l2-core: fix v4l2_buffer handling for time64 ABI
  media: v4l2-core: fix compat VIDIOC_DQEVENT for time64 ABI
  media: v4l2-core: fix compat v4l2_buffer handling for time64 ABI

 .../media/uapi/dvb/video-get-event.rst        |   2 +-
 Documentation/media/uapi/dvb/video_types.rst  |   2 +-
 .../media/common/videobuf2/videobuf2-v4l2.c   |   4 +-
 drivers/media/pci/meye/meye.c                 |   4 +-
 drivers/media/usb/cpia2/cpia2_v4l.c           |   4 +-
 drivers/media/usb/stkwebcam/stk-webcam.c      |   2 +-
 drivers/media/usb/usbvision/usbvision-video.c |   4 +-
 drivers/media/v4l2-core/v4l2-compat-ioctl32.c | 470 +++++++++++++++---
 drivers/media/v4l2-core/v4l2-event.c          |   5 +-
 drivers/media/v4l2-core/v4l2-ioctl.c          | 188 +++++--
 drivers/media/v4l2-core/v4l2-subdev.c         |  20 +-
 drivers/media/v4l2-core/videobuf-core.c       |   4 +-
 include/linux/videodev2.h                     |  17 +-
 include/trace/events/v4l2.h                   |   2 +-
 include/uapi/linux/videodev2.h                |  77 +++
 15 files changed, 669 insertions(+), 136 deletions(-)

-- 
2.20.0

See below for the changes compared to v3:

|diff --git a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
|index a13e4849df0c..3bbf47d950e0 100644
|--- a/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
|+++ b/drivers/media/v4l2-core/v4l2-compat-ioctl32.c
|@@ -500,7 +500,7 @@ struct v4l2_buffer32_time32 {
|        __u32                   bytesused;
|        __u32                   flags;
|        __u32                   field;  /* enum v4l2_field */
|-       struct compat_timeval   timestamp;
|+       struct old_timeval32    timestamp;
|        struct v4l2_timecode    timecode;
|        __u32                   sequence;
| 
|@@ -1290,7 +1290,7 @@ struct v4l2_event32_time32 {
|        } u;
|        __u32                           pending;
|        __u32                           sequence;
|-       struct compat_timespec          timestamp;
|+       struct old_timespec32           timestamp;
|        __u32                           id;
|        __u32                           reserved[8];
| };
|@@ -1482,8 +1482,8 @@ static long do_video_ioctl(struct file *file, unsigned int cmd, unsigned long ar
|        case VIDIOC_S_EXT_CTRLS32: ncmd = VIDIOC_S_EXT_CTRLS; break;
|        case VIDIOC_TRY_EXT_CTRLS32: ncmd = VIDIOC_TRY_EXT_CTRLS; break;
| #ifdef CONFIG_X86_64
|-       case VIDIOC_DQEVENT32: cmd = VIDIOC_DQEVENT; break;
|-       case VIDIOC_DQEVENT32_TIME32: cmd = VIDIOC_DQEVENT_TIME32; break;
|+       case VIDIOC_DQEVENT32: ncmd = VIDIOC_DQEVENT; break;
|+       case VIDIOC_DQEVENT32_TIME32: ncmd = VIDIOC_DQEVENT_TIME32; break;
| #endif
|        case VIDIOC_OVERLAY32: ncmd = VIDIOC_OVERLAY; break;
|        case VIDIOC_STREAMON32: ncmd = VIDIOC_STREAMON; break;
|diff --git a/drivers/media/v4l2-core/v4l2-ioctl.c b/drivers/media/v4l2-core/v4l2-ioctl.c
|index cd9a80960289..ad125cd4eb41 100644
|--- a/drivers/media/v4l2-core/v4l2-ioctl.c
|+++ b/drivers/media/v4l2-core/v4l2-ioctl.c
|@@ -474,7 +474,7 @@ static void v4l_print_buffer(const void *arg, bool write_only)
|        const struct v4l2_plane *plane;
|        int i;
| 
|-       pr_cont("%02ld:%02d:%02d.%09ld index=%d, type=%s, request_fd=%d, flags=0x%08x, field=%s, sequence=%d, memory=%s",
|+       pr_cont("%02d:%02d:%02d.%09ld index=%d, type=%s, request_fd=%d, flags=0x%08x, field=%s, sequence=%d, memory=%s",
|                        (int)p->timestamp.tv_sec / 3600,
|                        ((int)p->timestamp.tv_sec / 60) % 60,
|                        ((int)p->timestamp.tv_sec % 60),
|@@ -821,7 +821,7 @@ static void v4l_print_event(const void *arg, bool write_only)
|        const struct v4l2_event *p = arg;
|        const struct v4l2_event_ctrl *c;
| 
|-       pr_cont("type=0x%x, pending=%u, sequence=%u, id=%u, timestamp=%lu.%9.9lu\n",
|+       pr_cont("type=0x%x, pending=%u, sequence=%u, id=%u, timestamp=%llu.%9.9llu\n",
|                        p->type, p->pending, p->sequence, p->id,
|                        p->timestamp.tv_sec, p->timestamp.tv_nsec);
|        switch (p->type) {
|diff --git a/include/linux/videodev2.h b/include/linux/videodev2.h
|index 481ee3013b50..4086036e37d5 100644
|--- a/include/linux/videodev2.h
|+++ b/include/linux/videodev2.h
|@@ -62,7 +62,7 @@
| static inline u64 v4l2_buffer_get_timestamp(const struct v4l2_buffer *buf)
| {
|        return buf->timestamp.tv_sec * NSEC_PER_SEC +
|-              buf->timestamp.tv_usec * NSEC_PER_USEC;
|+              (u32)buf->timestamp.tv_usec * NSEC_PER_USEC;
| }
| 
| static inline void v4l2_buffer_set_timestamp(struct v4l2_buffer *buf,
|diff --git a/include/uapi/linux/videodev2.h b/include/uapi/linux/videodev2.h
|index 4275d6e92dae..ca10828328a5 100644
|--- a/include/uapi/linux/videodev2.h
|+++ b/include/uapi/linux/videodev2.h
|@@ -1001,7 +1001,12 @@ struct v4l2_buffer {
|        /* match glibc timeval64 format */
|        struct {
|                long long       tv_sec;
|+# if defined(__sparc__) && defined(__arch64__)
|+               int             tv_usec;
|+               int             __pad;
|+# else
|                long long       tv_usec;
|+# endif
|        } timestamp;
| #else
|        struct timeval          timestamp;
|