From: Arun Sharma <arun.sharma@intel.com>
To: Andrew Morton <akpm@osdl.org>
Cc: linux-kernel@vger.kernel.org, "Tian, Kevin" <kevin.tian@intel.com>
Subject: [PATCH] ioctl32 fix for bond_ioctl
Date: Wed, 01 Oct 2003 13:41:59 -0700 [thread overview]
Message-ID: <3F7B3C17.10909@intel.com> (raw)
[-- Attachment #1: Type: text/plain, Size: 445 bytes --]
Problem: These four ioctls use ifreq32.ifr_ifru.ifru_data.
case SIOCBONDENSLAVE:
case SIOCBONDRELEASE:
case SIOCBONDSETHWADDR:
case SIOCBONDCHANGEACTIVE:
Whereas these use ifreq32.ifr_ifru.ifru_slave:
case SIOCBONDSLAVEINFOQUERY:
case SIOCBONDINFOQUERY:
The current code assumes ifru_data for all 6 ioctls. This fails with EFAULT for the last two. The attached patch fixes the problem and has been tested on ia64.
-Arun
[-- Attachment #2: bonding.patch --]
[-- Type: text/plain, Size: 2200 bytes --]
Index: linux-2.6/fs/compat_ioctl.c
===================================================================
--- linux-2.6/fs/compat_ioctl.c (revision 13715)
+++ linux-2.6/fs/compat_ioctl.c (working copy)
@@ -576,54 +576,45 @@
static int bond_ioctl(unsigned long fd, unsigned int cmd, unsigned long arg)
{
- struct ifreq ifr;
+ struct ifreq kifr;
+ struct ifreq *uifr;
+ struct ifreq32 *ifr32 = (struct ifreq32 *) arg;
mm_segment_t old_fs;
- int err, len;
+ int err;
u32 data;
-
- if (copy_from_user(&ifr, (struct ifreq32 *)arg, sizeof(struct ifreq32)))
- return -EFAULT;
- ifr.ifr_data = (__kernel_caddr_t)get_zeroed_page(GFP_KERNEL);
- if (!ifr.ifr_data)
- return -EAGAIN;
+ void *datap;
switch (cmd) {
case SIOCBONDENSLAVE:
case SIOCBONDRELEASE:
case SIOCBONDSETHWADDR:
case SIOCBONDCHANGEACTIVE:
- len = IFNAMSIZ * sizeof(char);
- break;
+ if (copy_from_user(&kifr, ifr32, sizeof(struct ifreq32)))
+ return -EFAULT;
+
+ old_fs = get_fs();
+ set_fs (KERNEL_DS);
+ err = sys_ioctl (fd, cmd, (unsigned long)&kifr);
+ set_fs (old_fs);
+
+ return err;
case SIOCBONDSLAVEINFOQUERY:
- len = sizeof(struct ifslave);
- break;
case SIOCBONDINFOQUERY:
- len = sizeof(struct ifbond);
- break;
- default:
- err = -EINVAL;
- goto out;
- };
+ uifr = compat_alloc_user_space(sizeof(*uifr));
+ if (copy_in_user(&uifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ))
+ return -EFAULT;
- __get_user(data, &(((struct ifreq32 *)arg)->ifr_ifru.ifru_data));
- if (copy_from_user(ifr.ifr_data, compat_ptr(data), len)) {
- err = -EFAULT;
- goto out;
- }
+ if (get_user(data, &ifr32->ifr_ifru.ifru_data))
+ return -EFAULT;
- old_fs = get_fs();
- set_fs (KERNEL_DS);
- err = sys_ioctl (fd, cmd, (unsigned long)&ifr);
- set_fs (old_fs);
- if (!err) {
- len = copy_to_user(compat_ptr(data), ifr.ifr_data, len);
- if (len)
- err = -EFAULT;
- }
+ datap = compat_ptr(data);
+ if (put_user(datap, &uifr->ifr_ifru.ifru_data))
+ return -EFAULT;
-out:
- free_page((unsigned long)ifr.ifr_data);
- return err;
+ return sys_ioctl (fd, cmd, (unsigned long)uifr);
+ default:
+ return -EINVAL;
+ };
}
int siocdevprivate_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg)
reply other threads:[~2003-10-01 20:43 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F7B3C17.10909@intel.com \
--to=arun.sharma@intel.com \
--cc=akpm@osdl.org \
--cc=kevin.tian@intel.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox