From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Guillaume Nault <g.nault@alphalink.fr>,
Arnd Bergmann <arnd@arndb.de>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.14 23/33] compat_ioctl: pppoe: fix PPPOEIOCSFWD handling
Date: Thu, 8 Aug 2019 21:05:30 +0200 [thread overview]
Message-ID: <20190808190454.759879073@linuxfoundation.org> (raw)
In-Reply-To: <20190808190453.582417307@linuxfoundation.org>
From: Arnd Bergmann <arnd@arndb.de>
[ Upstream commit 055d88242a6046a1ceac3167290f054c72571cd9 ]
Support for handling the PPPOEIOCSFWD ioctl in compat mode was added in
linux-2.5.69 along with hundreds of other commands, but was always broken
sincen only the structure is compatible, but the command number is not,
due to the size being sizeof(size_t), or at first sizeof(sizeof((struct
sockaddr_pppox)), which is different on 64-bit architectures.
Guillaume Nault adds:
And the implementation was broken until 2016 (see 29e73269aa4d ("pppoe:
fix reference counting in PPPoE proxy")), and nobody ever noticed. I
should probably have removed this ioctl entirely instead of fixing it.
Clearly, it has never been used.
Fix it by adding a compat_ioctl handler for all pppoe variants that
translates the command number and then calls the regular ioctl function.
All other ioctl commands handled by pppoe are compatible between 32-bit
and 64-bit, and require compat_ptr() conversion.
This should apply to all stable kernels.
Acked-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ppp/pppoe.c | 3 +++
drivers/net/ppp/pppox.c | 13 +++++++++++++
drivers/net/ppp/pptp.c | 3 +++
fs/compat_ioctl.c | 3 ---
include/linux/if_pppox.h | 3 +++
net/l2tp/l2tp_ppp.c | 3 +++
6 files changed, 25 insertions(+), 3 deletions(-)
--- a/drivers/net/ppp/pppoe.c
+++ b/drivers/net/ppp/pppoe.c
@@ -1137,6 +1137,9 @@ static const struct proto_ops pppoe_ops
.recvmsg = pppoe_recvmsg,
.mmap = sock_no_mmap,
.ioctl = pppox_ioctl,
+#ifdef CONFIG_COMPAT
+ .compat_ioctl = pppox_compat_ioctl,
+#endif
};
static const struct pppox_proto pppoe_proto = {
--- a/drivers/net/ppp/pppox.c
+++ b/drivers/net/ppp/pppox.c
@@ -22,6 +22,7 @@
#include <linux/string.h>
#include <linux/module.h>
#include <linux/kernel.h>
+#include <linux/compat.h>
#include <linux/errno.h>
#include <linux/netdevice.h>
#include <linux/net.h>
@@ -103,6 +104,18 @@ int pppox_ioctl(struct socket *sock, uns
EXPORT_SYMBOL(pppox_ioctl);
+#ifdef CONFIG_COMPAT
+int pppox_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
+{
+ if (cmd == PPPOEIOCSFWD32)
+ cmd = PPPOEIOCSFWD;
+
+ return pppox_ioctl(sock, cmd, (unsigned long)compat_ptr(arg));
+}
+
+EXPORT_SYMBOL(pppox_compat_ioctl);
+#endif
+
static int pppox_create(struct net *net, struct socket *sock, int protocol,
int kern)
{
--- a/drivers/net/ppp/pptp.c
+++ b/drivers/net/ppp/pptp.c
@@ -636,6 +636,9 @@ static const struct proto_ops pptp_ops =
.recvmsg = sock_no_recvmsg,
.mmap = sock_no_mmap,
.ioctl = pppox_ioctl,
+#ifdef CONFIG_COMPAT
+ .compat_ioctl = pppox_compat_ioctl,
+#endif
};
static const struct pppox_proto pppox_pptp_proto = {
--- a/fs/compat_ioctl.c
+++ b/fs/compat_ioctl.c
@@ -1032,9 +1032,6 @@ COMPATIBLE_IOCTL(PPPIOCDISCONN)
COMPATIBLE_IOCTL(PPPIOCATTCHAN)
COMPATIBLE_IOCTL(PPPIOCGCHAN)
COMPATIBLE_IOCTL(PPPIOCGL2TPSTATS)
-/* PPPOX */
-COMPATIBLE_IOCTL(PPPOEIOCSFWD)
-COMPATIBLE_IOCTL(PPPOEIOCDFWD)
/* Big A */
/* sparc only */
/* Big Q for sound/OSS */
--- a/include/linux/if_pppox.h
+++ b/include/linux/if_pppox.h
@@ -84,6 +84,9 @@ extern int register_pppox_proto(int prot
extern void unregister_pppox_proto(int proto_num);
extern void pppox_unbind_sock(struct sock *sk);/* delete ppp-channel binding */
extern int pppox_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg);
+extern int pppox_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg);
+
+#define PPPOEIOCSFWD32 _IOW(0xB1 ,0, compat_size_t)
/* PPPoX socket states */
enum {
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -1793,6 +1793,9 @@ static const struct proto_ops pppol2tp_o
.recvmsg = pppol2tp_recvmsg,
.mmap = sock_no_mmap,
.ioctl = pppox_ioctl,
+#ifdef CONFIG_COMPAT
+ .compat_ioctl = pppox_compat_ioctl,
+#endif
};
static const struct pppox_proto pppol2tp_proto = {
next prev parent reply other threads:[~2019-08-08 19:11 UTC|newest]
Thread overview: 52+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-08 19:05 [PATCH 4.14 00/33] 4.14.138-stable review Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 01/33] scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 02/33] ARM: dts: Add pinmuxing for i2c2 and i2c3 for LogicPD SOM-LV Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 03/33] ARM: dts: Add pinmuxing for i2c2 and i2c3 for LogicPD torpedo Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 04/33] tcp: be more careful in tcp_fragment() Greg Kroah-Hartman
2019-08-20 16:45 ` Matthieu Baerts
2019-08-23 12:50 ` [PATCH] tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue Tim Froidcoeur
2019-08-23 16:56 ` Christoph Paasch
2019-08-23 21:46 ` David Miller
2019-08-24 6:03 ` [PATCH 4.14] " Tim Froidcoeur
2019-08-24 22:05 ` Jonathan Lemon
2019-08-30 23:26 ` Christoph Paasch
2019-08-31 2:20 ` David Miller
2019-08-31 10:53 ` maowenan
2019-08-31 11:44 ` maowenan
[not found] ` <CAOj+RUsqTUF9fuetskRRw26Z=sBM-mELSMcV21Ch06007aP5yQ@mail.gmail.com>
[not found] ` <F95AC9340317A84688A5F0DF0246F3F21AAB8F82@dggeml512-mbx.china.huawei.com>
2019-09-03 6:58 ` Tim Froidcoeur
2019-09-03 8:55 ` maowenan
2019-08-31 12:20 ` Sasha Levin
2019-08-31 13:14 ` Matthieu Baerts
2019-09-01 0:07 ` Sasha Levin
2019-08-08 19:05 ` [PATCH 4.14 05/33] arm64: cpufeature: Fix feature comparison for CTR_EL0.{CWG,ERG} Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 06/33] HID: wacom: fix bit shift for Cintiq Companion 2 Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 07/33] HID: Add quirk for HP X1200 PIXART OEM mouse Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 08/33] RDMA: Directly cast the sockaddr union to sockaddr Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 09/33] [PATCH] IB: directly cast the sockaddr union to aockaddr Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 10/33] objtool: Add machine_real_restart() to the noreturn list Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 11/33] objtool: Add rewind_stack_do_exit() " Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 12/33] atm: iphase: Fix Spectre v1 vulnerability Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 13/33] ife: error out when nla attributes are empty Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 14/33] ip6_tunnel: fix possible use-after-free on xmit Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 15/33] net: bridge: delete local fdb on device init failure Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 16/33] net: bridge: mcast: dont delete permanent entries when fast leave is enabled Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 17/33] net: fix ifindex collision during namespace removal Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 18/33] net/mlx5: Use reversed order when unregister devices Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 19/33] net: phylink: Fix flow control for fixed-link Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 20/33] net: sched: Fix a possible null-pointer dereference in dequeue_func() Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 21/33] NFC: nfcmrvl: fix gpio-handling regression Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 22/33] tipc: compat: allow tipc commands without arguments Greg Kroah-Hartman
2019-08-08 19:05 ` Greg Kroah-Hartman [this message]
2019-08-08 19:05 ` [PATCH 4.14 24/33] net/mlx5e: Prevent encap flow counter update async to user query Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 25/33] tun: mark small packets as owned by the tap sock Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 26/33] mvpp2: refactor MTU change code Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 27/33] bnx2x: Disable multi-cos feature Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 28/33] cgroup: Call cgroup_release() before __exit_signal() Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 29/33] cgroup: Implement css_task_iter_skip() Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 30/33] cgroup: Include dying leaders with live threads in PROCS iterations Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 31/33] cgroup: css_task_iter_skip()d iterators must be advanced before accessed Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 32/33] cgroup: Fix css_task_iter_advance_css_set() cset skip condition Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.14 33/33] spi: bcm2835: Fix 3-wire mode if DMA is enabled Greg Kroah-Hartman
2019-08-09 0:41 ` [PATCH 4.14 00/33] 4.14.138-stable review shuah
2019-08-09 3:16 ` Naresh Kamboju
2019-08-09 15:36 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190808190454.759879073@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=arnd@arndb.de \
--cc=davem@davemloft.net \
--cc=g.nault@alphalink.fr \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.