| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <54C7D346.2080600@mev.co.uk>
Date: Tue, 27 Jan 2015 18:04:54 +0000
From: Ian Abbott <abbotti@....co.uk>
To: Hartley Sweeten <HartleyS@...ionengravers.com>,
"driverdev-devel@...uxdriverproject.org"
<driverdev-devel@...uxdriverproject.org>
CC: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
"stable@...r.kernel.org" <stable@...r.kernel.org>
Subject: Re: [PATCH 1/7] staging: comedi: comedi_compat32.c: fix COMEDI_CMD
copy back
On 27/01/15 17:20, Hartley Sweeten wrote:
> On Tuesday, January 27, 2015 8:59 AM, Ian Abbott wrote:
>> On 27/01/15 15:50, Ian Abbott wrote:
>>> `do_cmd_ioctl()` in "comedi_fops.c" handles the `COMEDI_CMD` ioctl.
>>> This returns `-EAGAIN` if it has copied a modified `struct comedi_cmd`
>>> back to user-space. (This occurs when the low-level Comedi driver's
>>> `do_cmdtest()` handler returns non-zero to indicate a problem with the
>>> contents of the `struct comedi_cmd`, or when the `struct comedi_cmd` has
>>> the `CMDF_BOGUS` flag set.)
>>>
>>> `compat_cmd()` in "comedi_compat32.c" handles the 32-bit compatible
>>> version of the `COMEDI_CMD` ioctl. Currently, it never copies a 32-bit
>>> compatible version of `struct comedi_cmd` back to user-space, which is
>>> at odds with the way the regular `COMEDI_CMD` ioctl is handled. To fix
>>> it, change `compat_cmd()` to copy a 32-bit compatible version of the
>>> `struct comedi_cmd` back to user-space when the main ioctl handler
>>> returns `-EAGAIN`.
>>>
>>> Signed-off-by: Ian Abbott <abbotti@....co.uk>
>>> Cc: <stable@...r.kernel.org>
>>> ---
>>> drivers/staging/comedi/comedi_compat32.c | 13 +++++++++++--
>>> 1 file changed, 11 insertions(+), 2 deletions(-)
>>>
>>> diff --git a/drivers/staging/comedi/comedi_compat32.c b/drivers/staging/comedi/comedi_compat32.c
>>> index 5a4c74f..2440c60 100644
>>> --- a/drivers/staging/comedi/comedi_compat32.c
>>> +++ b/drivers/staging/comedi/comedi_compat32.c
>>> @@ -262,7 +262,8 @@ static int compat_cmd(struct file *file, unsigned long arg)
>>> {
>>> struct comedi_cmd __user *cmd;
>>> struct comedi32_cmd_struct __user *cmd32;
>>> - int rc;
>>> + long rc;
>>> + int err;
>>
>> Gah! That change in type of the 'rc' variable resulted from me changing
>> the order of the patches in the series. It still works, but looks a bit
>> out of place. Should I post an updated version without this niggle?
>
> Please fix it. I does look strange. Actually, the last patch looks strange.
>
> The "normal" return type in the kernel is an 'int'. As you mention in the
> commit message: "The `unlocked_ioctl` and `compat_ioctl` file operations
> are both defined to return a `long` (I don't know why)." It seems cleaner
> to just have all the static functions return an int and just have
> comedi_compat_ioctl() return the long value. Maybe just add a comment
> why...
>
> My 2 cents...
Yes, on reflection I think passing through the `long` return value is
just pandering to an abomination that should be ignored. I'll post a v2
series with the above niggle fixed and the final patch dropped.
--
-=( Ian Abbott @ MEV Ltd. E-mail: <abbotti@....co.uk> )=-
-=( Web: http://www.mev.co.uk/ )=-
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists