xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix rawctl compat ioctls breakage on amd64 and itanic

Browse Source 
RAW_SETBIND and RAW_GETBIND 32bit versions are fscked in interesting ways.

1) fs/compat_ioctl.c has COMPATIBLE_IOCTL(RAW_SETBIND) followed by
HANDLE_IOCTL(RAW_SETBIND, raw_ioctl).  The latter is ignored.

2) on amd64 (and itanic) the damn thing is broken - we have int + u64 + u64
and layouts on i386 and amd64 are _not_ the same.  raw_ioctl() would
work there, but it's never called due to (1).  As it is, i386 /sbin/raw
definitely doesn't work on amd64 boxen.

3) switching to raw_ioctl() as is would *not* work on e.g. sparc64 and ppc64,
which would be rather sad, seeing that normal userland there is 32bit.
The thing is, slapping __packed on the struct in question does not DTRT -
it eliminates *all* padding.  The real solution is to use compat_u64.

4) of course, all that stuff has no business being outside of raw.c in the
first place - there should be ->compat_ioctl() for /dev/rawctl instead of
messing with compat_ioctl.c.

[akpm@linux-foundation.org: coding-style fixes]
[arnd@arndb.de: port to 2.6.36]
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
This commit is contained in:
Al Viro
2009-08-24 22:42:56 +00:00
committed by Arnd Bergmann
parent 9a181c5861
commit c4a0472725
2 changed files with 141 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
fs/compat_ioctl.c
View File

@@ -599,69 +599,6 @@ static int do_smb_getmountuid(unsigned int fd, unsigned int cmd,
#define HIDPGETCONNLIST _IOR('H', 210, int)
#define HIDPGETCONNINFO _IOR('H', 211, int)
#ifdef CONFIG_BLOCK
struct raw32_config_request
{
compat_int_t raw_minor;
__u64 block_major;
__u64 block_minor;
} __attribute__((packed));
static int get_raw32_request(struct raw_config_request *req, struct raw32_config_request __user *user_req)
{
int ret;
if (!access_ok(VERIFY_READ, user_req, sizeof(struct raw32_config_request)))
return -EFAULT;
ret = __get_user(req->raw_minor, &user_req->raw_minor);
ret |= __get_user(req->block_major, &user_req->block_major);
ret |= __get_user(req->block_minor, &user_req->block_minor);
return ret ? -EFAULT : 0;
}
static int set_raw32_request(struct raw_config_request *req, struct raw32_config_request __user *user_req)
{
int ret;
if (!access_ok(VERIFY_WRITE, user_req, sizeof(struct raw32_config_request)))
return -EFAULT;
ret = __put_user(req->raw_minor, &user_req->raw_minor);
ret |= __put_user(req->block_major, &user_req->block_major);
ret |= __put_user(req->block_minor, &user_req->block_minor);
return ret ? -EFAULT : 0;
}
static int raw_ioctl(unsigned fd, unsigned cmd,
struct raw32_config_request __user *user_req)
{
int ret;
switch (cmd) {
case RAW_SETBIND:
default: { /* RAW_GETBIND */
struct raw_config_request req;
mm_segment_t oldfs = get_fs();
if ((ret = get_raw32_request(&req, user_req)))
return ret;
set_fs(KERNEL_DS);
ret = sys_ioctl(fd,cmd,(unsigned long)&req);
set_fs(oldfs);
if ((!ret) && (cmd == RAW_GETBIND)) {
ret = set_raw32_request(&req, user_req);
}
break;
}
}
return ret;
}
#endif /* CONFIG_BLOCK */
struct serial_struct32 {
compat_int_t type;
@@ -1262,9 +1199,6 @@ COMPATIBLE_IOCTL(SOUND_MIXER_PRIVATE5)
COMPATIBLE_IOCTL(SOUND_MIXER_GETLEVELS)
COMPATIBLE_IOCTL(SOUND_MIXER_SETLEVELS)
COMPATIBLE_IOCTL(OSS_GETVERSION)
/* Raw devices */
COMPATIBLE_IOCTL(RAW_SETBIND)
COMPATIBLE_IOCTL(RAW_GETBIND)
/* SMB ioctls which do not need any translations */
COMPATIBLE_IOCTL(SMB_IOC_NEWCONN)
/* Watchdog */
@@ -1523,10 +1457,6 @@ static long do_ioctl_trans(int fd, unsigned int cmd,
case MTIOCGET32:
case MTIOCPOS32:
return mt_ioctl_trans(fd, cmd, argp);
/* Raw devices */
case RAW_SETBIND:
case RAW_GETBIND:
return raw_ioctl(fd, cmd, argp);
#endif
/* One SMB ioctl needs translations. */
#define SMB_IOC_GETMOUNTUID_32 _IOR('u', 1, compat_uid_t)