| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 3 Aug 2023 13:20:46 +0000
From: Justin Lai <justinlai0215@...ltek.com>
To: Jiri Pirko <jiri@...nulli.us>
CC: "kuba@...nel.org" <kuba@...nel.org>,
"davem@...emloft.net"
<davem@...emloft.net>,
"edumazet@...gle.com" <edumazet@...gle.com>,
"pabeni@...hat.com" <pabeni@...hat.com>,
"linux-kernel@...r.kernel.org"
<linux-kernel@...r.kernel.org>,
"netdev@...r.kernel.org"
<netdev@...r.kernel.org>
Subject: RE: [PATCH] net/ethernet/realtek: Add Realtek automotive PCIe driver
Hi, Jiri Pirko
Our device is multi-function, one of which is netdev and the other is character device. For character devices, we have some custom functions that must use copy_from_user or copy_to_user to pass data.
-----Original Message-----
From: Jiri Pirko <jiri@...nulli.us>
Sent: Thursday, August 3, 2023 4:57 PM
To: Justin Lai <justinlai0215@...ltek.com>
Cc: kuba@...nel.org; davem@...emloft.net; edumazet@...gle.com; pabeni@...hat.com; linux-kernel@...r.kernel.org; netdev@...r.kernel.org
Subject: Re: [PATCH] net/ethernet/realtek: Add Realtek automotive PCIe driver
External mail.
Thu, Aug 03, 2023 at 10:25:13AM CEST, justinlai0215@...ltek.com wrote:
>This patch is to add the ethernet device driver for the PCIe interface
>of Realtek Automotive Ethernet Switch, applicable to RTL9054, RTL9068, RTL9072, RTL9075, RTL9068, RTL9071.
>
>Signed-off-by: justinlai0215 <justinlai0215@...ltek.com>
[...]
>+
>+static long rtase_swc_ioctl(struct file *p_file, unsigned int cmd,
>+unsigned long arg)
There are *MANY* thing wrong in this patch spotted just during 5 minutes skimming over the code, but this definitelly tops all of them.
I didn't see so obvious kernel bypass attempt for a long time. Ugh, you can't be serious :/
I suggest to you take couple of rounds of consulting the patch with some skilled upstream developer internaly before you make another submission in order not not to waste time of reviewers.
>+{
>+ long rc = 0;
>+ struct rtase_swc_cmd_t sw_cmd;
>+
>+ (void)p_file;
>+
>+ if (rtase_swc_device.init_flag == 1u) {
>+ rc = -ENXIO;
>+ goto out;
>+ }
>+
>+ rc = (s64)(copy_from_user(&sw_cmd, (void *)arg, sizeof(struct
>+ rtase_swc_cmd_t)));
>+
>+ if (rc != 0) {
>+ SWC_DRIVER_INFO("rtase_swc copy_from_user failed.");
>+ } else {
>+ switch (cmd) {
>+ case SWC_CMD_REG_GET:
>+ rtase_swc_reg_get(&sw_cmd);
>+ rc = (s64)(copy_to_user((void *)arg, &sw_cmd,
>+ sizeof(struct rtase_swc_cmd_t)));
>+ break;
>+
>+ case SWC_CMD_REG_SET:
>+ rtase_swc_reg_set(&sw_cmd);
>+ rc = (s64)(copy_to_user((void *)arg, &sw_cmd,
>+ sizeof(struct rtase_swc_cmd_t)));
>+ break;
>+
>+ default:
>+ rc = -ENOTTY;
>+ break;
>+ }
>+ }
>+
>+out:
>+ return rc;
>+}
[...]
------Please consider the environment before printing this e-mail.
Powered by blists - more mailing lists