lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f297d82a-f1ba-c985-a2ad-397e26902e78@suse.cz>
Date:   Wed, 17 Apr 2019 08:52:52 +0200
From:   Jiri Slaby <jslaby@...e.cz>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc:     Fuqian Huang <huangfq.daxian@...il.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH v4] tty: rocket: Remove the rp_ioctl

On 17. 04. 19, 8:46, Greg Kroah-Hartman wrote:
> On Wed, Apr 17, 2019 at 08:27:41AM +0200, Jiri Slaby wrote:
>> On 16. 04. 19, 16:53, Fuqian Huang wrote:
>>> --- a/drivers/tty/rocket.c
>>> +++ b/drivers/tty/rocket.c
>> ...
>>> -/*  IOCTL call handler into the driver */
>>> -static int rp_ioctl(struct tty_struct *tty,
>>> -		    unsigned int cmd, unsigned long arg)
>>> -{
>>> -	struct r_port *info = tty->driver_data;
>>> -	void __user *argp = (void __user *)arg;
>>> -	int ret = 0;
>>> -
>>> -	if (cmd != RCKP_GET_PORTS && rocket_paranoia_check(info, "rp_ioctl"))
>>> -		return -ENXIO;
>>> -
>>> -	switch (cmd) {
>>> -	case RCKP_GET_STRUCT:
>>> -		if (copy_to_user(argp, info, sizeof (struct r_port)))
>>> -			ret = -EFAULT;
>>> -		break;
>>
>> I am not sure what Greg meant, but I had only this particular ioctl on
>> mind when I was writing about removal. The other ones might be used _in
>> theory_. Even though they are not exposed to userspace either. So if
>> they are not source of potential issues, I would keep them:
> 
> I was just meaning that one specific ioctl, not the whole thing.
> 
> Although dropping all of these custom ioctls is probably the right thing
> to do in the long-run, for now, let's just get rid of the problem one.

So could you rework the patch to remove only the one? And in a separate
patch, introduce a printk_ratelimited warning to every "case *:" (i.e.
no warning in the "default" case) in rp_ioctl about depreciation of the
ioctl?

thanks,
-- 
js
suse labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ