msm: camera: Do not pass kptr in copy_from_user

Do not call copy_from_user in ioctl handler if CONFIG_COMPAT
is defined.
In 64 bit kernel and 32 bit userspace, ioctl call invokes
compat_ioctl. First copy_from_user is done in compat_ioctl then
pointer is passed to unlocked_ioctl for actual processing. In
unlocked_ioctl again copy_from_user is called on kernel pointer.

Change-Id: I2334379f48e30b58757f0fe5e238e8df5753eea8
Signed-off-by: Trishansh Bhardwaj <tbhardwa@codeaurora.org>

drivers/media/platform/msm/camera_v2/msm_buf_mgr/msm_generic_buf_mgr.c

@@ -540,20 +540,24 @@ static long msm_buf_mngr_subdev_ioctl(struct v4l2_subdev *sd,
 		k_ioctl = *ptr;
 		switch (k_ioctl.id) {
 		case MSM_CAMERA_BUF_MNGR_IOCTL_ID_GET_BUF_BY_IDX: {
-			struct msm_buf_mngr_info buf_info, *tmp = NULL;
 
 			if (k_ioctl.size != sizeof(struct msm_buf_mngr_info))
 				return -EINVAL;
 			if (!k_ioctl.ioctl_ptr)
 				return -EINVAL;
+#ifndef CONFIG_COMPAT
+			{
+				struct msm_buf_mngr_info buf_info, *tmp = NULL;
 
-			MSM_CAM_GET_IOCTL_ARG_PTR(&tmp, &k_ioctl.ioctl_ptr,
-				sizeof(tmp));
-			if (copy_from_user(&buf_info, tmp,
-				sizeof(struct msm_buf_mngr_info))) {
-				return -EFAULT;
+				MSM_CAM_GET_IOCTL_ARG_PTR(&tmp,
+					&k_ioctl.ioctl_ptr, sizeof(tmp));
+				if (copy_from_user(&buf_info, tmp,
+					sizeof(struct msm_buf_mngr_info))) {
+					return -EFAULT;
+				}
+				k_ioctl.ioctl_ptr = (uintptr_t)&buf_info;
 			}
-			k_ioctl.ioctl_ptr = (uintptr_t)&buf_info;
+#endif
 			argp = &k_ioctl;
 			rc = msm_cam_buf_mgr_ops(cmd, argp);
 			}
@@ -674,6 +678,7 @@ static long msm_camera_buf_mgr_internal_compat_ioctl(struct file *file,
 			return -EINVAL;
 		}
 		k_ioctl.ioctl_ptr = (__u64)&buf_info;
+		k_ioctl.size = sizeof(struct msm_buf_mngr_info);
 		rc = msm_camera_buf_mgr_fetch_buf_info(&buf_info32, &buf_info,
 			(unsigned long)tmp_compat_ioctl_ptr);
 		if (rc < 0) {