[media] V4L2: fix VIDIOC_CREATE_BUFS 32-bit compatibility mode data copy-back

static int __put_v4l2_format32(struct v4l2_format *kp, struct v4l2_format32 __user *up)

static int __put_v4l2_format32(struct v4l2_format *kp, struct v4l2_format32 __user *up)

{

{

	if (put_user(kp->type, &up->type))

		return -EFAULT;

	switch (kp->type) {

	switch (kp->type) {

	case V4L2_BUF_TYPE_VIDEO_CAPTURE:

	case V4L2_BUF_TYPE_VIDEO_CAPTURE:

	case V4L2_BUF_TYPE_VIDEO_OUTPUT:

	case V4L2_BUF_TYPE_VIDEO_OUTPUT:

static int put_v4l2_format32(struct v4l2_format *kp, struct v4l2_format32 __user *up)

static int put_v4l2_format32(struct v4l2_format *kp, struct v4l2_format32 __user *up)

{

{

	if (!access_ok(VERIFY_WRITE, up, sizeof(struct v4l2_format32)) ||

	if (!access_ok(VERIFY_WRITE, up, sizeof(struct v4l2_format32)))

		put_user(kp->type, &up->type))

		return -EFAULT;

		return -EFAULT;

	return __put_v4l2_format32(kp, up);

	return __put_v4l2_format32(kp, up);

}

}

static int put_v4l2_create32(struct v4l2_create_buffers *kp, struct v4l2_create_buffers32 __user *up)

static int put_v4l2_create32(struct v4l2_create_buffers *kp, struct v4l2_create_buffers32 __user *up)

{

{

	if (!access_ok(VERIFY_WRITE, up, sizeof(struct v4l2_create_buffers32)) ||

	if (!access_ok(VERIFY_WRITE, up, sizeof(struct v4l2_create_buffers32)) ||

	    copy_to_user(up, kp, offsetof(struct v4l2_create_buffers32, format.fmt)))

	    copy_to_user(up, kp, offsetof(struct v4l2_create_buffers32, format)))

		return -EFAULT;

		return -EFAULT;

	return __put_v4l2_format32(&kp->format, &up->format);

	return __put_v4l2_format32(&kp->format, &up->format);

}

}