camera: tegra: Fix security vulnerability issue
Frank Chen [Fri, 25 Mar 2016 05:37:18 +0000 (22:37 -0700)]
Deprecate outdated UPDATE_GPIO function in camera.pcl
driver. This function is not used by any code anymore
and is a security vulnerability since it is trying to
access user mode pointer directly.

Bug 1745102

Change-Id: I4e7e5f9c186f980dcadfe52ec4284102255f19cf
Signed-off-by: Frank Chen <frankc@nvidia.com>
Reviewed-on: http://git-master/r/1115302
(cherry picked from commit 2e5c355c904a19d71456a04c70f3fb4fc7d918b0)
Reviewed-on: http://git-master/r/1123362
Reviewed-by: Matthew Pedro <mapedro@nvidia.com>
Tested-by: Matthew Pedro <mapedro@nvidia.com>

drivers/media/platform/tegra/cam_dev/virtual.c

index 5484d32..f08ad15 100644 (file)
@@ -111,28 +111,8 @@ static int virtual_update(
                }
                case UPDATE_GPIO:
                {
-                       struct nvc_gpio *gpio;
-
-                       if (upd[idx].index >= cdev->num_gpio) {
-                               dev_err(cdev->dev,
-                                       "gpio index %d out of range.\n",
-                                       upd[idx].index);
-                               err = -ENODEV;
-                               break;
-                       }
-                       gpio = (void *)((unsigned long)upd[idx].arg);
-                       if (gpio->gpio >= ARCH_NR_GPIOS) {
-                               dev_err(cdev->dev,
-                                       "gpio index %d out of range.\n",
-                                       gpio->gpio);
-                               err = -ENODEV;
-                               break;
-                       }
-
-                       dev_dbg(cdev->dev, "UPDATE_GPIO: %d %u\n",
-                               upd[idx].index, upd[idx].arg);
-                       gpio->valid = true;
-                       cdev->gpios[upd[idx].index] = *gpio;
+                       dev_dbg(cdev->dev, "%s UPDATE_GPIO is deprecated\n",
+                               __func__);
                        break;
                }
                default: