[PATCH 10/12] megaraid_sas : SMAP restriction-do not access user memory from IOCTL code

linux-scsi.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 10/12] megaraid_sas : SMAP restriction-do not access user memory from IOCTL code
@ 2015-10-15  8:10 sumit.saxena
  2015-10-19 15:32 ` Tomas Henzl
  0 siblings, 1 reply; 2+ messages in thread
From: sumit.saxena @ 2015-10-15  8:10 UTC (permalink / raw)
  To: linux-scsi, stable, thenzl, martin.petersen, hch, jbottomley,
	kashyap.desai, sumit.saxena, kiran-kumar.kasturi
  Cc: uday.lingala

This is an issue on SMAP enabled CPUs and 32 bit apps running on 64 bit OS. Donot access user memory from kernel code.
SMAP bit restricts to access user memory from kernel code. Corresponding Redhat Bugzilla id for this is:[Bug 1267911].

Cc: <stable@vger.kernel.org>
Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com>
Signed-off-by: Kashyap Desai <kashyap.desai@avagotech.com>
---
 drivers/scsi/megaraid/megaraid_sas_base.c |   13 +++++++++++--
 1 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/drivers/scsi/megaraid/megaraid_sas_base.c b/drivers/scsi/megaraid/megaraid_sas_base.c
index c74d7c5..f8d5455 100644
--- a/drivers/scsi/megaraid/megaraid_sas_base.c
+++ b/drivers/scsi/megaraid/megaraid_sas_base.c
@@ -6470,6 +6470,9 @@ static int megasas_mgmt_compat_ioctl_fw(struct file *file, unsigned long arg)
 	int i;
 	int error = 0;
 	compat_uptr_t ptr;
+	unsigned long local_raw_ptr;
+	u32 local_sense_off;
+	u32 local_sense_len;
 
 	if (clear_user(ioc, sizeof(*ioc)))
 		return -EFAULT;
@@ -6487,9 +6490,15 @@ static int megasas_mgmt_compat_ioctl_fw(struct file *file, unsigned long arg)
 	 * sense_len is not null, so prepare the 64bit value under
 	 * the same condition.
 	 */
-	if (ioc->sense_len) {
+	if (get_user(local_raw_ptr, ioc->frame.raw) ||
+		get_user(local_sense_off, &ioc->sense_off) ||
+		get_user(local_sense_len, &ioc->sense_len))
+		return -EFAULT;
+
+
+	if (local_sense_len) {
 		void __user **sense_ioc_ptr =
-			(void __user **)(ioc->frame.raw + ioc->sense_off);
+			(void __user **)((u8*)local_raw_ptr + local_sense_off);
 		compat_uptr_t *sense_cioc_ptr =
 			(compat_uptr_t *)(cioc->frame.raw + cioc->sense_off);
 		if (get_user(ptr, sense_cioc_ptr) ||
-- 
1.7.1

^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH 10/12] megaraid_sas : SMAP restriction-do not access user memory from IOCTL code
  2015-10-15  8:10 [PATCH 10/12] megaraid_sas : SMAP restriction-do not access user memory from IOCTL code sumit.saxena
@ 2015-10-19 15:32 ` Tomas Henzl
  0 siblings, 0 replies; 2+ messages in thread
From: Tomas Henzl @ 2015-10-19 15:32 UTC (permalink / raw)
  To: sumit.saxena, linux-scsi, stable, martin.petersen, hch,
	jbottomley, kashyap.desai, kiran-kumar.kasturi
  Cc: uday.lingala

On 15.10.2015 10:10, sumit.saxena@avagotech.com wrote:
> This is an issue on SMAP enabled CPUs and 32 bit apps running on 64 bit OS. Donot access user memory from kernel code.
> SMAP bit restricts to access user memory from kernel code. Corresponding Redhat Bugzilla id for this is:[Bug 1267911].
>
> Cc: <stable@vger.kernel.org>
> Signed-off-by: Sumit Saxena <sumit.saxena@avagotech.com>
> Signed-off-by: Kashyap Desai <kashyap.desai@avagotech.com>

Reviewed-by: Tomas Henzl <thenzl@redhat.com>

Tomas


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2015-10-19 15:32 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-10-15  8:10 [PATCH 10/12] megaraid_sas : SMAP restriction-do not access user memory from IOCTL code sumit.saxena
2015-10-19 15:32 ` Tomas Henzl

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).