diff --git a/drivers/staging/android/sync.c b/drivers/staging/android/sync.c index 3a8f210314400eb19e55e61f5b7390c8ea331902..f9c6094a9dc44945719cd39c12a81cee804d5fac 100644 --- a/drivers/staging/android/sync.c +++ b/drivers/staging/android/sync.c @@ -445,6 +445,11 @@ static long sync_file_ioctl_merge(struct sync_file *sync_file, goto err_put_fd; } + if (data.flags || data.pad) { + err = -EINVAL; + goto err_put_fd; + } + fence2 = sync_file_fdget(data.fd2); if (!fence2) { err = -ENOENT; @@ -479,13 +484,9 @@ static long sync_file_ioctl_merge(struct sync_file *sync_file, return err; } -static int sync_fill_fence_info(struct fence *fence, void *data, int size) +static void sync_fill_fence_info(struct fence *fence, + struct sync_fence_info *info) { - struct sync_fence_info *info = data; - - if (size < sizeof(*info)) - return -ENOMEM; - strlcpy(info->obj_name, fence->ops->get_timeline_name(fence), sizeof(info->obj_name)); strlcpy(info->driver_name, fence->ops->get_driver_name(fence), @@ -495,58 +496,63 @@ static int sync_fill_fence_info(struct fence *fence, void *data, int size) else info->status = 0; info->timestamp_ns = ktime_to_ns(fence->timestamp); - - return sizeof(*info); } static long sync_file_ioctl_fence_info(struct sync_file *sync_file, unsigned long arg) { - struct sync_file_info *info; + struct sync_file_info info; + struct sync_fence_info *fence_info = NULL; __u32 size; - __u32 len = 0; int ret, i; - if (copy_from_user(&size, (void __user *)arg, sizeof(size))) + if (copy_from_user(&info, (void __user *)arg, sizeof(info))) return -EFAULT; - if (size < sizeof(struct sync_file_info)) + if (info.flags || info.pad) return -EINVAL; - if (size > 4096) - size = 4096; - - info = kzalloc(size, GFP_KERNEL); - if (!info) - return -ENOMEM; - - strlcpy(info->name, sync_file->name, sizeof(info->name)); - info->status = atomic_read(&sync_file->status); - if (info->status >= 0) - info->status = !info->status; - - len = sizeof(struct sync_file_info); + /* + * Passing num_fences = 0 means that userspace doesn't want to + * retrieve any sync_fence_info. If num_fences = 0 we skip filling + * sync_fence_info and return the actual number of fences on + * info->num_fences. + */ + if (!info.num_fences) + goto no_fences; - for (i = 0; i < sync_file->num_fences; ++i) { - struct fence *fence = sync_file->cbs[i].fence; + if (info.num_fences < sync_file->num_fences) + return -EINVAL; - ret = sync_fill_fence_info(fence, (u8 *)info + len, size - len); + size = sync_file->num_fences * sizeof(*fence_info); + fence_info = kzalloc(size, GFP_KERNEL); + if (!fence_info) + return -ENOMEM; - if (ret < 0) - goto out; + for (i = 0; i < sync_file->num_fences; ++i) + sync_fill_fence_info(sync_file->cbs[i].fence, &fence_info[i]); - len += ret; + if (copy_to_user(u64_to_user_ptr(info.sync_fence_info), fence_info, + size)) { + ret = -EFAULT; + goto out; } - info->len = len; +no_fences: + strlcpy(info.name, sync_file->name, sizeof(info.name)); + info.status = atomic_read(&sync_file->status); + if (info.status >= 0) + info.status = !info.status; + + info.num_fences = sync_file->num_fences; - if (copy_to_user((void __user *)arg, info, len)) + if (copy_to_user((void __user *)arg, &info, sizeof(info))) ret = -EFAULT; else ret = 0; out: - kfree(info); + kfree(fence_info); return ret; } @@ -560,7 +566,7 @@ static long sync_file_ioctl(struct file *file, unsigned int cmd, case SYNC_IOC_MERGE: return sync_file_ioctl_merge(sync_file, arg); - case SYNC_IOC_FENCE_INFO: + case SYNC_IOC_FILE_INFO: return sync_file_ioctl_fence_info(sync_file, arg); default: diff --git a/drivers/staging/android/uapi/sync.h b/drivers/staging/android/uapi/sync.h index a0cf357e598da43b4e6e8512ac18fe552c611928..7de5d6a3b92ad2a82c581bb1c8c0a563359f65c9 100644 --- a/drivers/staging/android/uapi/sync.h +++ b/drivers/staging/android/uapi/sync.h @@ -16,14 +16,18 @@ /** * struct sync_merge_data - data passed to merge ioctl - * @fd2: file descriptor of second fence * @name: name of new fence + * @fd2: file descriptor of second fence * @fence: returns the fd of the new fence to userspace + * @flags: merge_data flags + * @pad: padding for 64-bit alignment, should always be zero */ struct sync_merge_data { - __s32 fd2; /* fd of second fence */ char name[32]; /* name of new fence */ + __s32 fd2; /* fd of second fence */ __s32 fence; /* fd on newly created fence */ + __u32 flags; + __u32 pad; }; /** @@ -31,34 +35,46 @@ struct sync_merge_data { * @obj_name: name of parent sync_timeline * @driver_name: name of driver implementing the parent * @status: status of the fence 0:active 1:signaled <0:error + * @flags: fence_info flags * @timestamp_ns: timestamp of status change in nanoseconds */ struct sync_fence_info { char obj_name[32]; char driver_name[32]; __s32 status; + __u32 flags; __u64 timestamp_ns; }; /** * struct sync_file_info - data returned from fence info ioctl - * @len: ioctl caller writes the size of the buffer its passing in. - * ioctl returns length of sync_file_info returned to - * userspace including pt_info. * @name: name of fence * @status: status of fence. 1: signaled 0:active <0:error - * @sync_fence_info: array of sync_fence_info for every fence in the sync_file + * @flags: sync_file_info flags + * @num_fences number of fences in the sync_file + * @pad: padding for 64-bit alignment, should always be zero + * @sync_fence_info: pointer to array of structs sync_fence_info with all + * fences in the sync_file */ struct sync_file_info { - __u32 len; char name[32]; __s32 status; + __u32 flags; + __u32 num_fences; + __u32 pad; - __u8 sync_fence_info[0]; + __u64 sync_fence_info; }; #define SYNC_IOC_MAGIC '>' +/** + * Opcodes 0, 1 and 2 were burned during a API change to avoid users of the + * old API to get weird errors when trying to handling sync_files. The API + * change happened during the de-stage of the Sync Framework when there was + * no upstream users available. + */ + /** * DOC: SYNC_IOC_MERGE - merge two fences * @@ -66,7 +82,7 @@ struct sync_file_info { * the sync_pts in both the calling fd and sync_merge_data.fd2. Returns the * new fence's fd in sync_merge_data.fence */ -#define SYNC_IOC_MERGE _IOWR(SYNC_IOC_MAGIC, 1, struct sync_merge_data) +#define SYNC_IOC_MERGE _IOWR(SYNC_IOC_MAGIC, 3, struct sync_merge_data) /** * DOC: SYNC_IOC_FENCE_INFO - get detailed information on a fence @@ -79,6 +95,6 @@ struct sync_file_info { * pt_info is a buffer containing sync_pt_infos for every sync_pt in the fence. * To iterate over the sync_pt_infos, use the sync_pt_info.len field. */ -#define SYNC_IOC_FENCE_INFO _IOWR(SYNC_IOC_MAGIC, 2, struct sync_file_info) +#define SYNC_IOC_FILE_INFO _IOWR(SYNC_IOC_MAGIC, 4, struct sync_file_info) #endif /* _UAPI_LINUX_SYNC_H */