lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1455898437-4640-3-git-send-email-abbotti@mev.co.uk>
Date:	Fri, 19 Feb 2016 16:13:51 +0000
From:	Ian Abbott <abbotti@....co.uk>
To:	devel@...verdev.osuosl.org
Cc:	Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
	Ian Abbott <abbotti@....co.uk>,
	H Hartley Sweeten <hsweeten@...ionengravers.com>,
	linux-kernel@...r.kernel.org
Subject: [PATCH 2/8] staging: comedi: COMEDI_BUFINFO: force bytes_read or bytes_written to 0

The `COMEDI_BUFINFO` ioctl is used to advance the current position in
the buffer by a specified amount (which can be 0) and get the new
position.  On input, the `bytes_read` member of `struct comedi_bufinfo`
specifies the amount to advance the "read" position for an asynchronous
command in the "read" direction, and the `bytes_written` member
specifies the amount to advance the "write" position for a command in
the "write" direction.  The handler `do_bufinfo_ioctl()` may adjust
these by the amount the position is actually advanced before copying
them back to the user.  Currently, it ignores the specified `bytes_read`
value for a command in the "write" direction, and ignores the specified
`bytes_written` for a command in the "read" direction, so the values
copied back to the user are unchanged.  Change it to force the ignored
value to 0 before copying the values back to the user.

Signed-off-by: Ian Abbott <abbotti@....co.uk>
---
 drivers/staging/comedi/comedi_fops.c | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/drivers/staging/comedi/comedi_fops.c b/drivers/staging/comedi/comedi_fops.c
index 2cfb61e..04d6040 100644
--- a/drivers/staging/comedi/comedi_fops.c
+++ b/drivers/staging/comedi/comedi_fops.c
@@ -1141,19 +1141,25 @@ static int do_bufinfo_ioctl(struct comedi_device *dev,
 	if (s->busy != file)
 		return -EACCES;
 
-	if (bi.bytes_read && !(async->cmd.flags & CMDF_WRITE)) {
-		comedi_buf_read_alloc(s, bi.bytes_read);
-		bi.bytes_read = comedi_buf_read_free(s, bi.bytes_read);
-
-		if (comedi_is_subdevice_idle(s) &&
-		    comedi_buf_read_n_available(s) == 0) {
-			do_become_nonbusy(dev, s);
+	if (!(async->cmd.flags & CMDF_WRITE)) {
+		/* command was set up in "read" direction */
+		if (bi.bytes_read) {
+			comedi_buf_read_alloc(s, bi.bytes_read);
+			bi.bytes_read = comedi_buf_read_free(s, bi.bytes_read);
+
+			if (comedi_is_subdevice_idle(s) &&
+			    comedi_buf_read_n_available(s) == 0)
+				do_become_nonbusy(dev, s);
 		}
-	}
-
-	if (bi.bytes_written && (async->cmd.flags & CMDF_WRITE)) {
-		comedi_buf_write_alloc(s, bi.bytes_written);
-		bi.bytes_written = comedi_buf_write_free(s, bi.bytes_written);
+		bi.bytes_written = 0;
+	} else {
+		/* command was set up in "write" direction */
+		if (bi.bytes_written) {
+			comedi_buf_write_alloc(s, bi.bytes_written);
+			bi.bytes_written =
+			    comedi_buf_write_free(s, bi.bytes_written);
+		}
+		bi.bytes_read = 0;
 	}
 
 copyback_position:
-- 
2.7.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ