net, compat_ioctl: handle socket ioctl abuses in tty drivers
Arnd Bergmann [Sat, 7 Nov 2009 06:51:16 +0000 (22:51 -0800)]
Slip and a few other drivers use the same ioctl numbers on
tty devices that are normally meant for sockets. This causes
problems with our compat_ioctl handling that tries to convert
the data structures in a different format.

Fortunately, these five drivers all use 32 bit compatible
data structures in the ioctl numbers, so we can just add
a trivial compat_ioctl conversion function to each of them.

SIOCSIFENCAP and SIOCGIFENCAP do not need to live in
fs/compat_ioctl.c after this any more, and they are not
used on any sockets.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: David S. Miller <davem@davemloft.net>

drivers/net/hamradio/6pack.c
drivers/net/hamradio/mkiss.c
drivers/net/slip.c
drivers/net/wan/x25_asy.c
drivers/net/wireless/strip.c
fs/compat_ioctl.c

index fb58830..689b9bd 100644 (file)
@@ -34,6 +34,7 @@
 #include <linux/ip.h>
 #include <linux/tcp.h>
 #include <linux/semaphore.h>
+#include <linux/compat.h>
 #include <asm/atomic.h>
 
 #define SIXPACK_VERSION    "Revision: 0.3.0"
@@ -777,6 +778,23 @@ static int sixpack_ioctl(struct tty_struct *tty, struct file *file,
        return err;
 }
 
+#ifdef CONFIG_COMPAT
+static long sixpack_compat_ioctl(struct tty_struct * tty, struct file * file,
+                               unsigned int cmd, unsigned long arg)
+{
+       switch (cmd) {
+       case SIOCGIFNAME:
+       case SIOCGIFENCAP:
+       case SIOCSIFENCAP:
+       case SIOCSIFHWADDR:
+               return sixpack_ioctl(tty, file, cmd,
+                               (unsigned long)compat_ptr(arg));
+       }
+
+       return -ENOIOCTLCMD;
+}
+#endif
+
 static struct tty_ldisc_ops sp_ldisc = {
        .owner          = THIS_MODULE,
        .magic          = TTY_LDISC_MAGIC,
@@ -784,6 +802,9 @@ static struct tty_ldisc_ops sp_ldisc = {
        .open           = sixpack_open,
        .close          = sixpack_close,
        .ioctl          = sixpack_ioctl,
+#ifdef CONFIG_COMPAT
+       .compat_ioctl   = sixpack_compat_ioctl,
+#endif
        .receive_buf    = sixpack_receive_buf,
        .write_wakeup   = sixpack_write_wakeup,
 };
index db4b7f1..fc9c578 100644 (file)
@@ -36,6 +36,7 @@
 #include <linux/skbuff.h>
 #include <linux/if_arp.h>
 #include <linux/jiffies.h>
+#include <linux/compat.h>
 
 #include <net/ax25.h>
 
@@ -898,6 +899,23 @@ static int mkiss_ioctl(struct tty_struct *tty, struct file *file,
        return err;
 }
 
+#ifdef CONFIG_COMPAT
+static long mkiss_compat_ioctl(struct tty_struct *tty, struct file *file,
+       unsigned int cmd, unsigned long arg)
+{
+       switch (arg) {
+       case SIOCGIFNAME:
+       case SIOCGIFENCAP:
+       case SIOCSIFENCAP:
+       case SIOCSIFHWADDR:
+               return mkiss_ioctl(tty, file, cmd,
+                                  (unsigned long)compat_ptr(arg));
+       }
+
+       return -ENOIOCTLCMD;
+}
+#endif
+
 /*
  * Handle the 'receiver data ready' interrupt.
  * This function is called by the 'tty_io' module in the kernel when
@@ -972,6 +990,9 @@ static struct tty_ldisc_ops ax_ldisc = {
        .open           = mkiss_open,
        .close          = mkiss_close,
        .ioctl          = mkiss_ioctl,
+#ifdef CONFIG_COMPAT
+       .compat_ioctl   = mkiss_compat_ioctl,
+#endif
        .receive_buf    = mkiss_receive_buf,
        .write_wakeup   = mkiss_write_wakeup
 };
index e17c535..ccfe459 100644 (file)
@@ -79,6 +79,7 @@
 #include <linux/rtnetlink.h>
 #include <linux/if_arp.h>
 #include <linux/if_slip.h>
+#include <linux/compat.h>
 #include <linux/delay.h>
 #include <linux/init.h>
 #include "slip.h"
@@ -1168,6 +1169,27 @@ static int slip_ioctl(struct tty_struct *tty, struct file *file,
        }
 }
 
+#ifdef CONFIG_COMPAT
+static long slip_compat_ioctl(struct tty_struct *tty, struct file *file,
+                                       unsigned int cmd, unsigned long arg)
+{
+       switch (cmd) {
+       case SIOCGIFNAME:
+       case SIOCGIFENCAP:
+       case SIOCSIFENCAP:
+       case SIOCSIFHWADDR:
+       case SIOCSKEEPALIVE:
+       case SIOCGKEEPALIVE:
+       case SIOCSOUTFILL:
+       case SIOCGOUTFILL:
+               return slip_ioctl(tty, file, cmd,
+                                 (unsigned long)compat_ptr(arg));
+       }
+
+       return -ENOIOCTLCMD;
+}
+#endif
+
 /* VSV changes start here */
 #ifdef CONFIG_SLIP_SMART
 /* function do_ioctl called from net/core/dev.c
@@ -1260,6 +1282,9 @@ static struct tty_ldisc_ops sl_ldisc = {
        .close          = slip_close,
        .hangup         = slip_hangup,
        .ioctl          = slip_ioctl,
+#ifdef CONFIG_COMPAT
+       .compat_ioctl   = slip_compat_ioctl,
+#endif
        .receive_buf    = slip_receive_buf,
        .write_wakeup   = slip_write_wakeup,
 };
index 2794504..3c325d7 100644 (file)
@@ -33,6 +33,7 @@
 #include <linux/lapb.h>
 #include <linux/init.h>
 #include <linux/rtnetlink.h>
+#include <linux/compat.h>
 #include "x25_asy.h"
 
 #include <net/x25device.h>
@@ -705,6 +706,21 @@ static int x25_asy_ioctl(struct tty_struct *tty, struct file *file,
        }
 }
 
+#ifdef CONFIG_COMPAT
+static long x25_asy_compat_ioctl(struct tty_struct *tty, struct file *file,
+                        unsigned int cmd,  unsigned long arg)
+{
+       switch (cmd) {
+       case SIOCGIFNAME:
+       case SIOCSIFHWADDR:
+               return x25_asy_ioctl(tty, file, cmd,
+                                    (unsigned long)compat_ptr(arg));
+       }
+
+       return -ENOIOCTLCMD;
+}
+#endif
+
 static int x25_asy_open_dev(struct net_device *dev)
 {
        struct x25_asy *sl = netdev_priv(dev);
@@ -754,6 +770,9 @@ static struct tty_ldisc_ops x25_ldisc = {
        .open           = x25_asy_open_tty,
        .close          = x25_asy_close_tty,
        .ioctl          = x25_asy_ioctl,
+#ifdef CONFIG_COMPAT
+       .compat_ioctl   = x25_asy_compat_ioctl,
+#endif
        .receive_buf    = x25_asy_receive_buf,
        .write_wakeup   = x25_asy_write_wakeup,
 };
index ea6a87c..698aade 100644 (file)
@@ -106,6 +106,7 @@ static const char StripVersion[] = "1.3A-STUART.CHESHIRE";
 #include <linux/serial.h>
 #include <linux/serialP.h>
 #include <linux/rcupdate.h>
+#include <linux/compat.h>
 #include <net/arp.h>
 #include <net/net_namespace.h>
 
@@ -2725,6 +2726,19 @@ static int strip_ioctl(struct tty_struct *tty, struct file *file,
        return 0;
 }
 
+#ifdef CONFIG_COMPAT
+static long strip_compat_ioctl(struct tty_struct *tty, struct file *file,
+                      unsigned int cmd, unsigned long arg)
+{
+       switch (cmd) {
+       case SIOCGIFNAME:
+       case SIOCSIFHWADDR:
+               return strip_ioctl(tty, file, cmd,
+                       (unsigned long)compat_ptr(arg));
+       }
+       return -ENOIOCTLCMD;
+}
+#endif
 
 /************************************************************************/
 /* Initialization                                                      */
@@ -2736,6 +2750,9 @@ static struct tty_ldisc_ops strip_ldisc = {
        .open = strip_open,
        .close = strip_close,
        .ioctl = strip_ioctl,
+#ifdef CONFIG_COMPAT
+       .compat_ioctl = strip_compat_ioctl,
+#endif
        .receive_buf = strip_receive_buf,
        .write_wakeup = strip_write_some_more,
 };
index c562e9a..f4a5a01 100644 (file)
@@ -2020,8 +2020,6 @@ COMPATIBLE_IOCTL(FIOGETOWN)
 COMPATIBLE_IOCTL(SIOCGPGRP)
 COMPATIBLE_IOCTL(SIOCATMARK)
 COMPATIBLE_IOCTL(SIOCSIFLINK)
-COMPATIBLE_IOCTL(SIOCSIFENCAP)
-COMPATIBLE_IOCTL(SIOCGIFENCAP)
 COMPATIBLE_IOCTL(SIOCSIFNAME)
 COMPATIBLE_IOCTL(SIOCSARP)
 COMPATIBLE_IOCTL(SIOCGARP)