Ok, only Stradis driver actually uses it. I doubt that stradis still work nowadays, and it is not compiled on RHEL5/RHEL6. Need to check mrg. Patch is as simple as remove the compat bits for this ioctl.
(In reply to comment #1) > Ok, only Stradis driver actually uses it. I doubt that stradis still work > nowadays, and it is not compiled on RHEL5/RHEL6. Well in that case we may close this as notabug, right Eugene?
(In reply to comment #2) > (In reply to comment #1) > > Ok, only Stradis driver actually uses it. I doubt that stradis still work > > nowadays, and it is not compiled on RHEL5/RHEL6. > > Well in that case we may close this as notabug, right Eugene? No, we can't. The v4l2-compat layer is called for all V4L2 drivers. The other drivers will return an error code for a VIDIOCSMICROCODE call, but, as the bug is at compat layer, it will affect any system with a V4L hardware. The effects are limited to machines with some V4L hardware (like a webcam or a TV capture board), so, it affects more workstations and notebooks with RHEL.
rhel5/drivers/media/video/compat_ioctl32.c static inline int microcode32(struct video_code *kp, struct video_code32 __user *up) { if(!access_ok(VERIFY_READ, up, sizeof(struct video_code32)) || copy_from_user(kp->loadwhat, up->loadwhat, sizeof (up->loadwhat)) || get_user(kp->datasize, &up->datasize) || copy_from_user(kp->data, up->data, up->datasize)) return -EFAULT; return 0; } $ grep compat_ioctl32 Makefile obj-$(CONFIG_VIDEO_DEV) += videodev.o v4l2-common.o compat_ioctl32.o #ifdef CONFIG_VIDEO_V4L1_COMPAT case VIDIOCSMICROCODE: err = microcode32(&karg.vc, up); compatible_arg = 0; break; #endif CONFIG_VIDEO_V4L1_COMPAT=y
Even if no drivers uses it, we should just disable it.
in kernel 2.6.18-194.21.1.el5 linux-2.6-v4l-remove-compat-code-for-vidiocsmicrocode.patch
See https://bugzilla.redhat.com/show_bug.cgi?id=642465#c8. Thanks.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2010-0839.html
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: A vulnerability was discovered in the 32-bit compatibility code for the VIDIOCSMICROCODE IOCTL (Input/Output Control) in the Video4Linux implementation. It does not affect Red Hat Enterprise Linux 5, but as a preventive measure, this update removes the code. Red Hat would like to thank Kees Cook for reporting this vulnerability.