lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:	Fri, 20 Jun 2014 20:40:39 -0000
From:	dsneddon@...eaurora.org
To:	linux-spi@...r.kernel.org
Cc:	broonie@...nel.org, linux-kernel@...r.kernel.org,
	linux-arm-msm@...r.kernel.org
Subject: Re: [PATCH] spi: spidev: Fix user-space memory access.

I just noticed this patch breaks when CONFIG_COMPAT isn't defined.  Please
ignore this patch for now.

> When the spidev module tries to access the user space memory passed in via
> an IOCTL the compat_ptr function should be called to ensure
> compatibility between kernel space and user space.
>
> Signed-off-by: Dan Sneddon <dsneddon@...eaurora.org>
> ---
>  drivers/spi/spidev.c | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/spi/spidev.c b/drivers/spi/spidev.c
> index e3bc23b..3a45158 100644
> --- a/drivers/spi/spidev.c
> +++ b/drivers/spi/spidev.c
> @@ -252,14 +252,16 @@ static int spidev_message(struct spidev_data
> *spidev,
>                 if (u_tmp->rx_buf) {
>                         k_tmp->rx_buf = buf;
>                         if (!access_ok(VERIFY_WRITE, (u8 __user *)
> -                                               (uintptr_t) u_tmp->rx_buf,
> +                                               (uintptr_t)compat_ptr( +
>                                                     u_tmp->rx_buf),
>                                                 u_tmp->len))
>                                 goto done;
>                 }
>                 if (u_tmp->tx_buf) {
>                         k_tmp->tx_buf = buf;
>                         if (copy_from_user(buf, (const u8 __user *)
> -                                               (uintptr_t) u_tmp->tx_buf,
> +                                               (uintptr_t)compat_ptr( +
>                                                     u_tmp->tx_buf),
>                                         u_tmp->len))
>                                 goto done;
>                 }
> @@ -294,8 +296,8 @@ static int spidev_message(struct spidev_data *spidev,
>         for (n = n_xfers, u_tmp = u_xfers; n; n--, u_tmp++) {
>                 if (u_tmp->rx_buf) {
>                         if (__copy_to_user((u8 __user *)
> -                                       (uintptr_t) u_tmp->rx_buf, buf, -
>                                      u_tmp->len)) {
> +
> (uintptr_t)compat_ptr(u_tmp->rx_buf),
> +                                       buf, u_tmp->len)) {
>                                 status = -EFAULT;
>                                 goto done;
>                         }
> --
> 1.8.4
>
>
>
>
>
>
> ---
> sent by an employee of the Qualcomm Innovation Center, Inc.
> The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
> hosted by The Linux Foundation
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-arm-msm"
> in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>


-- 
---
sent by an employee of the Qualcomm Innovation Center, Inc.
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
hosted by The Linux Foundation

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists