From: Arnd Bergmann <arnd@kernel.org>
To: netdev@vger.kernel.org
Cc: Arnd Bergmann <arnd@arndb.de>,
linux-kernel@vger.kernel.org, linux-wireless@vger.kernel.org,
bridge@lists.linux-foundation.org, linux-hams@vger.kernel.org,
Jakub Kicinski <kuba@kernel.org>, Christoph Hellwig <hch@lst.de>,
Alexander Viro <viro@zeniv.linux.org.uk>,
Johannes Berg <johannes@sipsolutions.net>,
Andrew Lunn <andrew@lunn.ch>,
Heiner Kallweit <hkallweit1@gmail.com>
Subject: [RFC net-next 19/28] dev_ioctl: pass SIOCDEVPRIVATE data separately
Date: Fri, 6 Nov 2020 23:17:34 +0100 [thread overview]
Message-ID: <20201106221743.3271965-20-arnd@kernel.org> (raw)
In-Reply-To: <20201106221743.3271965-1-arnd@kernel.org>
From: Arnd Bergmann <arnd@arndb.de>
The compat handlers for SIOCDEVPRIVATE are incorrect for any driver that
passes data as part of struct ifreq rather than as an ifr_data pointer, or
that passes data back this way, since the compat_ifr_data_ioctl() helper
overwrites the ifr_data pointer and does not copy anything back out.
Since all drivers using devprivate commands are now converted to the
new .ndo_siocdevprivate callback, fix this by adding the missing piece
and passing the pointer separately the whole way.
This further unifies the native and compat logic for socket ioctls,
as the new code now passes the correct pointer as well as the correct
data for both native and compat ioctls.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
---
include/linux/netdevice.h | 4 +--
net/core/dev_ioctl.c | 22 +++++++++-------
net/ethtool/ioctl.c | 3 +--
net/socket.c | 55 +++++++++------------------------------
4 files changed, 28 insertions(+), 56 deletions(-)
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 93f980e1d69b..931a4a0668f6 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -3833,9 +3833,9 @@ bool dev_valid_name(const char *name);
int get_user_ifreq(struct ifreq *ifr, void __user **ifrdata, void __user *arg);
int put_user_ifreq(struct ifreq *ifr, void __user *arg);
int dev_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr,
- bool *need_copyout);
+ void __user *data, bool *need_copyout);
int dev_ifconf(struct net *net, struct ifconf __user *ifc);
-int dev_ethtool(struct net *net, struct ifreq *);
+int dev_ethtool(struct net *net, struct ifreq *, void __user *userdata);
unsigned int dev_get_flags(const struct net_device *);
int __dev_change_flags(struct net_device *dev, unsigned int flags,
struct netlink_ext_ack *extack);
diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
index 58daf41a4a08..1fdacd7ab210 100644
--- a/net/core/dev_ioctl.c
+++ b/net/core/dev_ioctl.c
@@ -269,11 +269,10 @@ static int dev_do_ioctl(struct net_device *dev,
return err;
}
-static int dev_siocdevprivate(struct net_device *dev,
- struct ifreq *ifr, unsigned int cmd)
+static int dev_siocdevprivate(struct net_device *dev, struct ifreq *ifr,
+ void __user *data, unsigned int cmd)
{
const struct net_device_ops *ops = dev->netdev_ops;
- void __user *data = ifr->ifr_data;
if (ops->ndo_siocdevprivate) {
if (netif_device_present(dev))
@@ -283,13 +282,15 @@ static int dev_siocdevprivate(struct net_device *dev,
}
/* fall back to do_ioctl for drivers not yet converted */
+ ifr->ifr_data = data;
return dev_do_ioctl(dev, ifr, cmd);
}
/*
* Perform the SIOCxIFxxx calls, inside rtnl_lock()
*/
-static int dev_ifsioc(struct net *net, struct ifreq *ifr, unsigned int cmd)
+static int dev_ifsioc(struct net *net, struct ifreq *ifr, void __user *data,
+ unsigned int cmd)
{
int err;
struct net_device *dev = __dev_get_by_name(net, ifr->ifr_name);
@@ -365,7 +366,7 @@ static int dev_ifsioc(struct net *net, struct ifreq *ifr, unsigned int cmd)
default:
if (cmd >= SIOCDEVPRIVATE &&
cmd <= SIOCDEVPRIVATE + 15)
- return dev_siocdevprivate(dev, ifr, cmd);
+ return dev_siocdevprivate(dev, ifr, data, cmd);
if (cmd == SIOCBONDENSLAVE ||
cmd == SIOCBONDRELEASE ||
@@ -434,7 +435,8 @@ EXPORT_SYMBOL(dev_load);
* positive or a negative errno code on error.
*/
-int dev_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr, bool *need_copyout)
+int dev_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr,
+ void __user *data, bool *need_copyout)
{
int ret;
char *colon;
@@ -480,7 +482,7 @@ int dev_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr, bool *need_c
case SIOCETHTOOL:
dev_load(net, ifr->ifr_name);
rtnl_lock();
- ret = dev_ethtool(net, ifr);
+ ret = dev_ethtool(net, ifr, data);
rtnl_unlock();
if (colon)
*colon = ':';
@@ -499,7 +501,7 @@ int dev_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr, bool *need_c
if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
return -EPERM;
rtnl_lock();
- ret = dev_ifsioc(net, ifr, cmd);
+ ret = dev_ifsioc(net, ifr, data, cmd);
rtnl_unlock();
if (colon)
*colon = ':';
@@ -545,7 +547,7 @@ int dev_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr, bool *need_c
case SIOCBONDINFOQUERY:
dev_load(net, ifr->ifr_name);
rtnl_lock();
- ret = dev_ifsioc(net, ifr, cmd);
+ ret = dev_ifsioc(net, ifr, data, cmd);
rtnl_unlock();
if (need_copyout)
*need_copyout = false;
@@ -570,7 +572,7 @@ int dev_ioctl(struct net *net, unsigned int cmd, struct ifreq *ifr, bool *need_c
cmd <= SIOCDEVPRIVATE + 15)) {
dev_load(net, ifr->ifr_name);
rtnl_lock();
- ret = dev_ifsioc(net, ifr, cmd);
+ ret = dev_ifsioc(net, ifr, data, cmd);
rtnl_unlock();
return ret;
}
diff --git a/net/ethtool/ioctl.c b/net/ethtool/ioctl.c
index f9dcb126baf6..3d3306fb28a8 100644
--- a/net/ethtool/ioctl.c
+++ b/net/ethtool/ioctl.c
@@ -2671,10 +2671,9 @@ static int ethtool_set_fecparam(struct net_device *dev, void __user *useraddr)
/* The main entry point in this file. Called from net/core/dev_ioctl.c */
-int dev_ethtool(struct net *net, struct ifreq *ifr)
+int dev_ethtool(struct net *net, struct ifreq *ifr, void __user *useraddr)
{
struct net_device *dev = __dev_get_by_name(net, ifr->ifr_name);
- void __user *useraddr = ifr->ifr_data;
u32 ethcmd, sub_cmd;
int rc;
netdev_features_t old_features;
diff --git a/net/socket.c b/net/socket.c
index 6917835d2f3e..1e077182d0fd 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -1045,6 +1045,7 @@ static long sock_do_ioctl(struct net *net, struct socket *sock,
bool need_copyout;
int err;
void __user *argp = (void __user *)arg;
+ void __user *data;
err = sock->ops->ioctl(sock, cmd, arg);
@@ -1055,11 +1056,11 @@ static long sock_do_ioctl(struct net *net, struct socket *sock,
if (err != -ENOIOCTLCMD)
return err;
- if (copy_from_user(&ifr, argp, sizeof(struct ifreq)))
+ if (get_user_ifreq(&ifr, &data, argp))
return -EFAULT;
- err = dev_ioctl(net, cmd, &ifr, &need_copyout);
+ err = dev_ioctl(net, cmd, &ifr, data, &need_copyout);
if (!err && need_copyout)
- if (copy_to_user(argp, &ifr, sizeof(struct ifreq)))
+ if (put_user_ifreq(&ifr, argp))
return -EFAULT;
return err;
@@ -1096,12 +1097,13 @@ static long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg)
net = sock_net(sk);
if (unlikely(cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))) {
struct ifreq ifr;
+ void __user *data;
bool need_copyout;
- if (copy_from_user(&ifr, argp, sizeof(struct ifreq)))
+ if (get_user_ifreq(&ifr, &data, argp))
return -EFAULT;
- err = dev_ioctl(net, cmd, &ifr, &need_copyout);
+ err = dev_ioctl(net, cmd, &ifr, data, &need_copyout);
if (!err && need_copyout)
- if (copy_to_user(argp, &ifr, sizeof(struct ifreq)))
+ if (put_user_ifreq(&ifr, argp))
return -EFAULT;
} else
#ifdef CONFIG_WEXT_CORE
@@ -3158,7 +3160,7 @@ static int compat_siocwandev(struct net *net, struct compat_ifreq __user *uifr32
saved = ifr.ifr_settings.ifs_ifsu.raw_hdlc;
ifr.ifr_settings.ifs_ifsu.raw_hdlc = compat_ptr(uptr32);
- err = dev_ioctl(net, SIOCWANDEV, &ifr, NULL);
+ err = dev_ioctl(net, SIOCWANDEV, &ifr, NULL, NULL);
if (!err) {
ifr.ifr_settings.ifs_ifsu.raw_hdlc = saved;
if (put_user_ifreq(&ifr, uifr32))
@@ -3172,42 +3174,13 @@ static int compat_ifr_data_ioctl(struct net *net, unsigned int cmd,
struct compat_ifreq __user *u_ifreq32)
{
struct ifreq ifreq;
- u32 data32;
+ void __user *data;
- if (copy_from_user(ifreq.ifr_name, u_ifreq32->ifr_name, IFNAMSIZ))
+ if (get_user_ifreq(&ifreq, &data, u_ifreq32))
return -EFAULT;
- if (get_user(data32, &u_ifreq32->ifr_data))
- return -EFAULT;
- ifreq.ifr_data = compat_ptr(data32);
+ ifreq.ifr_data = data;
- return dev_ioctl(net, cmd, &ifreq, NULL);
-}
-
-static int compat_ifreq_ioctl(struct net *net, struct socket *sock,
- unsigned int cmd,
- struct compat_ifreq __user *uifr32)
-{
- struct ifreq ifr;
- bool need_copyout;
- int err;
-
- err = sock->ops->ioctl(sock, cmd, arg);
-
- /*
- * If this ioctl is unknown try to hand it down
- * to the NIC driver.
- */
- if (err != -ENOIOCTLCMD)
- return err;
-
- if (get_user_ifreq(&ifr, NULL, uifr32))
- return -EFAULT;
- err = dev_ioctl(net, cmd, &ifr, &need_copyout);
- if (!err && need_copyout)
- if (put_user_ifreq(&ifr, uifr32))
- return -EFAULT;
-
- return err;
+ return dev_ioctl(net, cmd, &ifreq, data, NULL);
}
/* Since old style bridge ioctl's endup using SIOCDEVPRIVATE
@@ -3311,8 +3284,6 @@ static int compat_sock_ioctl_trans(struct file *file, struct socket *sock,
case SIOCBONDRELEASE:
case SIOCBONDSETHWADDR:
case SIOCBONDCHANGEACTIVE:
- return compat_ifreq_ioctl(net, sock, cmd, argp);
-
case SIOCSARP:
case SIOCGARP:
case SIOCDARP:
--
2.27.0
next prev parent reply other threads:[~2020-11-06 22:18 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-06 22:17 [RFC net-next 00/28] ndo_ioctl rework Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 01/28] net: split out SIOCDEVPRIVATE handling from dev_ioctl Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 02/28] staging: rtlwifi: use siocdevprivate Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 03/28] staging: wlan-ng: " Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 04/28] hostap: use ndo_siocdevprivate Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 05/28] wireless: remove old ioctls Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 06/28] bridge: use ndo_siocdevprivate Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 07/28] phonet: use siocdevprivate Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 08/28] tulip: use ndo_siocdevprivate Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 09/28] bonding: use siocdevprivate Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 10/28] appletalk: use ndo_siocdevprivate Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 11/28] hamachi: " Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 12/28] tehuti: " Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 13/28] eql: " Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 14/28] fddi: " Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 15/28] net: usb: " Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 16/28] slip/plip: " Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 17/28] qeth: " Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 18/28] cxgb3: " Arnd Bergmann
2020-11-06 22:17 ` Arnd Bergmann [this message]
2020-11-06 22:17 ` [RFC net-next 20/28] dev_ioctl: split out ndo_eth_ioctl Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 21/28] wan: use ndo_siocdevprivate Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 22/28] hamradio: " Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 23/28] airo: " Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 24/28] ip_tunnel: " Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 25/28] hippi: " Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 26/28] sb1000: " Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 27/28] ppp: " Arnd Bergmann
2020-11-06 22:17 ` [RFC net-next 28/28] net: socket: return changed ifreq from SIOCDEVPRIVATE Arnd Bergmann
2020-11-08 0:06 ` [RFC net-next 00/28] ndo_ioctl rework Jakub Kicinski
2020-11-08 8:27 ` Arnd Bergmann
2020-11-08 11:21 ` Kalle Valo
2020-11-08 11:42 ` Arnd Bergmann
2020-11-09 11:25 ` Kalle Valo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201106221743.3271965-20-arnd@kernel.org \
--to=arnd@kernel.org \
--cc=andrew@lunn.ch \
--cc=arnd@arndb.de \
--cc=bridge@lists.linux-foundation.org \
--cc=hch@lst.de \
--cc=hkallweit1@gmail.com \
--cc=johannes@sipsolutions.net \
--cc=kuba@kernel.org \
--cc=linux-hams@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).