Re: mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook

[<zrlw () sina com>]

yes, i found the pl and  sent to the maintainer mchehab () kernel org and linux-media mail list  linux-media () vger 
kernel org last week, the last one  boudanced me with something like 'Your address is not liked source for email' 
blah...
i don't have Sony Vaio PictureBook, so i just check the souces and docs again. 

/usr/src/packages/BUILD/kernel-default-4.4.21/linux-4.4/Documentation/video4linux/v4l2-framework.txt:
'The v4l2_file_operations struct is a subset of file_operations. The main
difference is that the inode argument is omitted since it is never used.'
# ls /dev/video0crw-rw---- 1 root video 81, 0 Jul 11 08:14 /dev/video0
commit be83bbf80682 file_mmap_size_max check conditions:1. S_ISREG(inode->i_mode) 2. S_ISBLK(inode->i_mode)3. 
file->f_mode & FMODE_UNSIGNED_OFFSET
I doubt which one will be true.

----- Original Message -----
From: Greg KH <greg () kroah com>
To: oss-security () lists openwall com, zrlw () sina com
Cc: Solar Designer <solar () openwall com>
Subject: Re: [oss-security] mmap vulnerability in motion eye video4linux driver for Sony Vaio PictureBook
Date: 2018-07-10 21:41


On Sat, Jul 07, 2018 at 12:09:37AM +0800, zrlw () sina com wrote:
> I  sent a email to the original authors which i found in the head of
> meye.c, but i don't receive any response util now.
Always use the scripts/get_maintainer.pl tool to find who to send stuff
like this to.  It will include a public mailing list or two.
> I don't think
> commit be83bbf80682  will work on this case, this driver derived from
> v4l2-core which not use inode,  maybe i'm wrong.  
I think you are wrong, but it would be great if you could test to verify
it or not.
thanks,
greg k-h