lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZMtr+WbURFaynK15@nanopsycho>
Date:   Thu, 3 Aug 2023 10:57:29 +0200
From:   Jiri Pirko <jiri@...nulli.us>
To:     justinlai0215 <justinlai0215@...ltek.com>
Cc:     kuba@...nel.org, davem@...emloft.net, edumazet@...gle.com,
        pabeni@...hat.com, linux-kernel@...r.kernel.org,
        netdev@...r.kernel.org
Subject: Re: [PATCH] net/ethernet/realtek: Add Realtek automotive PCIe driver

Thu, Aug 03, 2023 at 10:25:13AM CEST, justinlai0215@...ltek.com wrote:
>This patch is to add the ethernet device driver for the PCIe interface of Realtek Automotive Ethernet Switch,
>applicable to RTL9054, RTL9068, RTL9072, RTL9075, RTL9068, RTL9071.
>
>Signed-off-by: justinlai0215 <justinlai0215@...ltek.com>

[...]


>+
>+static long rtase_swc_ioctl(struct file *p_file, unsigned int cmd, unsigned long arg)

There are *MANY* thing wrong in this patch spotted just during 5 minutes
skimming over the code, but this definitelly tops all of them.
I didn't see so obvious kernel bypass attempt for a long time. Ugh, you
can't be serious :/

I suggest to you take couple of rounds of consulting the patch with
some skilled upstream developer internaly before you make another
submission in order not not to waste time of reviewers.


>+{
>+	long rc = 0;
>+	struct rtase_swc_cmd_t sw_cmd;
>+
>+	(void)p_file;
>+
>+	if (rtase_swc_device.init_flag == 1u) {
>+		rc = -ENXIO;
>+		goto out;
>+	}
>+
>+	rc = (s64)(copy_from_user(&sw_cmd, (void *)arg, sizeof(struct rtase_swc_cmd_t)));
>+
>+	if (rc != 0) {
>+		SWC_DRIVER_INFO("rtase_swc copy_from_user failed.");
>+	} else {
>+		switch (cmd) {
>+		case SWC_CMD_REG_GET:
>+			rtase_swc_reg_get(&sw_cmd);
>+			rc = (s64)(copy_to_user((void *)arg, &sw_cmd,
>+						sizeof(struct rtase_swc_cmd_t)));
>+			break;
>+
>+		case SWC_CMD_REG_SET:
>+			rtase_swc_reg_set(&sw_cmd);
>+			rc = (s64)(copy_to_user((void *)arg, &sw_cmd,
>+						sizeof(struct rtase_swc_cmd_t)));
>+			break;
>+
>+		default:
>+			rc = -ENOTTY;
>+			break;
>+		}
>+	}
>+
>+out:
>+	return rc;
>+}

[...]

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ