From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: stable-review@kernel.org, torvalds@linux-foundation.org,
akpm@linux-foundation.org, alan@lxorguk.ukuu.org.uk,
Tomas Henzl <thenzl@redhat.com>, Bo Yang <Bo.Yang@lsi.com>,
James Bottomley <James.Bottomley@suse.de>
Subject: [11/25] [SCSI] megaraid_sas: fix for 32bit apps
Date: Tue, 25 May 2010 11:09:09 -0700 [thread overview]
Message-ID: <20100525181213.167804688@clark.site> (raw)
In-Reply-To: <20100525181259.GA18630@kroah.com>
2.6.27-stable review patch. If anyone has any objections, please let us know.
------------------
From: Tomas Henzl <thenzl@redhat.com>
commit b3dc1a212e5167984616445990c76056034f8eeb upstream.
It looks like this patch -
commit 7b2519afa1abd1b9f63aa1e90879307842422dae
Author: Yang, Bo <Bo.Yang@lsi.com>
Date: Tue Oct 6 14:52:20 2009 -0600
[SCSI] megaraid_sas: fix 64 bit sense pointer truncation
has caused a problem for 32bit programs with 64bit os -
http://bugzilla.kernel.org/show_bug.cgi?id=15001
fix by converting the user space 32bit pointer to a 64 bit one when
needed.
[jejb: fix up some 64 bit warnings]
Signed-off-by: Tomas Henzl <thenzl@redhat.com>
Cc: Bo Yang <Bo.Yang@lsi.com>
Signed-off-by: James Bottomley <James.Bottomley@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
drivers/scsi/megaraid/megaraid_sas.c | 18 ++++++++++++++++--
1 file changed, 16 insertions(+), 2 deletions(-)
--- a/drivers/scsi/megaraid/megaraid_sas.c
+++ b/drivers/scsi/megaraid/megaraid_sas.c
@@ -3292,6 +3292,7 @@ static int megasas_mgmt_compat_ioctl_fw(
compat_alloc_user_space(sizeof(struct megasas_iocpacket));
int i;
int error = 0;
+ compat_uptr_t ptr;
if (clear_user(ioc, sizeof(*ioc)))
return -EFAULT;
@@ -3304,9 +3305,22 @@ static int megasas_mgmt_compat_ioctl_fw(
copy_in_user(&ioc->sge_count, &cioc->sge_count, sizeof(u32)))
return -EFAULT;
- for (i = 0; i < MAX_IOCTL_SGE; i++) {
- compat_uptr_t ptr;
+ /*
+ * The sense_ptr is used in megasas_mgmt_fw_ioctl only when
+ * sense_len is not null, so prepare the 64bit value under
+ * the same condition.
+ */
+ if (ioc->sense_len) {
+ void __user **sense_ioc_ptr =
+ (void __user **)(ioc->frame.raw + ioc->sense_off);
+ compat_uptr_t *sense_cioc_ptr =
+ (compat_uptr_t *)(cioc->frame.raw + cioc->sense_off);
+ if (get_user(ptr, sense_cioc_ptr) ||
+ put_user(compat_ptr(ptr), sense_ioc_ptr))
+ return -EFAULT;
+ }
+ for (i = 0; i < MAX_IOCTL_SGE; i++) {
if (get_user(ptr, &cioc->sgl[i].iov_base) ||
put_user(compat_ptr(ptr), &ioc->sgl[i].iov_base) ||
copy_in_user(&ioc->sgl[i].iov_len,
next prev parent reply other threads:[~2010-05-25 18:17 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-05-25 18:12 [00/25] 2.6.27.47-stable review, take 2 Greg KH
2010-05-25 18:08 ` [01/25] ALSA: mixart: range checking proc file Greg KH
2010-05-25 18:09 ` [02/25] ext4: invalidate pages if delalloc block allocation fails Greg KH
2010-05-25 18:09 ` [03/25] percpu counter: clean up percpu_counter_sum_and_set() Greg KH
2010-05-25 18:09 ` [04/25] ext4: Make sure all the block allocation paths reserve blocks Greg KH
2010-05-25 18:09 ` Greg KH
2010-05-25 18:09 ` [05/25] ext4: Add percpu dirty block accounting Greg KH
2010-05-25 18:09 ` [06/25] ext4: Retry block reservation Greg KH
2010-05-25 18:09 ` [07/25] ext4: Retry block allocation if we have free blocks left Greg KH
2010-05-25 18:09 ` [08/25] ext4: Use tag dirty lookup during mpage_da_submit_io Greg KH
2010-05-25 18:09 ` [09/25] vfs: Remove the range_cont writeback mode Greg KH
2010-05-25 18:09 ` [10/25] tty: release_one_tty() forgets to put pids Greg KH
2010-05-25 18:09 ` Greg KH [this message]
2010-05-25 18:09 ` [12/25] trace: Fix inappropriate substraction on tracing_pages_allocated in trace_free_page() Greg KH
2010-05-25 18:09 ` [13/25] clockevent: Prevent dead lock on clockevents_lock Greg KH
2010-05-25 18:09 ` [14/25] nfsd4: bug in read_buf Greg KH
2010-05-25 18:09 ` [15/25] USB: fix testing the wrong variable in fs_create_by_name() Greg KH
2010-05-25 18:09 ` [16/25] nfs d_revalidate() is too trigger-happy with d_drop() Greg KH
2010-05-25 18:09 ` [17/25] NFS: rsize and wsize settings ignored on v4 mounts Greg KH
2010-05-25 18:09 ` [18/25] i2c: Fix probing of FSC hardware monitoring chips Greg KH
2010-05-25 18:09 ` [19/25] libata: ensure NCQ error result taskfile is fully initialized before returning it via qc->result_tf Greg KH
2010-05-25 18:09 ` [20/25] libata: retry FS IOs even if it has failed with AC_ERR_INVALID Greg KH
2010-05-25 18:09 ` [21/25] svc: Clean up deferred requests on transport destruction Greg KH
2010-05-25 18:09 ` [22/25] hwmon: (w83781d) Request I/O ports individually for probing Greg KH
2010-05-25 18:09 ` [23/25] i2c-i801: Dont use the block buffer for I2C block writes Greg KH
2010-05-25 18:09 ` [24/25] i2c-tiny-usb: Fix on big-endian systems Greg KH
2010-05-25 18:09 ` [25/25] nfsd: fix vm overcommit crash Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100525181213.167804688@clark.site \
--to=gregkh@suse.de \
--cc=Bo.Yang@lsi.com \
--cc=James.Bottomley@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=linux-kernel@vger.kernel.org \
--cc=stable-review@kernel.org \
--cc=stable@kernel.org \
--cc=thenzl@redhat.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.