From patchwork Thu May 26 07:40:32 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Prasun Maiti X-Patchwork-Id: 9136729 X-Patchwork-Delegate: johannes@sipsolutions.net Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 17A77607D3 for ; Thu, 26 May 2016 07:40:51 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id F346728066 for ; Thu, 26 May 2016 07:40:50 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id E7CD5282E8; Thu, 26 May 2016 07:40:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 62FBF28221 for ; Thu, 26 May 2016 07:40:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752860AbcEZHkr (ORCPT ); Thu, 26 May 2016 03:40:47 -0400 Received: from mail-pf0-f194.google.com ([209.85.192.194]:36844 "EHLO mail-pf0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752270AbcEZHkp (ORCPT ); Thu, 26 May 2016 03:40:45 -0400 Received: by mail-pf0-f194.google.com with SMTP id g132so1368592pfb.3 for ; Thu, 26 May 2016 00:40:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id; bh=l/JliN7ZENDbu8msw6od4H8G12E4uurEnrV6MWCnqfU=; b=W1qEqY6ZrNUhK1Sdynhkrhj+8dOLmO56cYlVMDh6F9uzNloleb7rcbTrG0IhiHVmsH oWzr+k6DSVjdacFs98gE6XhTQ3ipFgKnc0fE29fe/30lyyd2ZsSdpFbsao5c/aJV+iOO Ww0j2+TstahM7v8ZFJwrAK8ia9MtpHVqlwE7C/MJcfKB9rh+T156LACCRO12M8OcKMEk tBXHF0Yq9eGuHFeO8HNCNQy7IbJlhzMZTKYeUTJDP62M/aNIO2fq4LbLqjkkum4MljY0 a3b1BqwIQyJjUs1wY/gA9tChMkW+l6NExKluCPV0bUhZZkF36LTjhjeoMh2ZsglO8hNR WR2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=l/JliN7ZENDbu8msw6od4H8G12E4uurEnrV6MWCnqfU=; b=StFoE9R5aipxM58aMkOxfHSreoGqePzGhH3f0bS03OiYKvMBZhKAmE1XKd3tV1e2ld +Mh/OKjOzIHghd75NYcs9gF0ZHA9OMITmPbU3yjXJtM3uA0qBd0YWhlnlCin7oObp2vB 0aQnhs+yJt9MgbXV1WPMZmks4L/t6N5kZ4yiekcAlrcqgeazfTm2aV6B9Sfhh1REfn7D QPNl27v1qklxhOY99SUFWRrgfi4L2d1vX2WUZy/+qmLHsYOLanw0YKoYAPCr/a7OxcZX JbcGE/6Y6awzi+v/9H98uSCyqy2H36hbbEsB4kd/Zy4av+cv/uqRf9ltAi1RoG3bgOIA aEbQ== X-Gm-Message-State: ALyK8tKQVDpsVWYPQDu2JKF6V7qoXoKc4a/916zMJz67yHj7KDKxqCq/5IoeGmL4G07/Sg== X-Received: by 10.98.101.198 with SMTP id z189mr2216611pfb.63.1464248444906; Thu, 26 May 2016 00:40:44 -0700 (PDT) Received: from Lap.alumnus.co.in (gw.alumnux.com. [182.74.215.94]) by smtp.gmail.com with ESMTPSA id i29sm3553338pfi.18.2016.05.26.00.40.42 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 26 May 2016 00:40:44 -0700 (PDT) From: Prasun Maiti To: Johannes Berg Cc: "David S. Miller" , Dibyajyoti Ghosh , Ujjal Roy , WiFi Mailing List Subject: [PATCH] wext: Fix 32 bit iwpriv compatibility issue with 64 bit Kernel Date: Thu, 26 May 2016 13:10:32 +0530 Message-Id: <1464248432-12595-1-git-send-email-prasunmaiti87@gmail.com> X-Mailer: git-send-email 1.9.1 Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP iwpriv app uses iw_point structure to send data to Kernel. The iw_point structure holds a pointer. For compatibility Kernel converts the pointer as required for WEXT IOCTLs (SIOCIWFIRST to SIOCIWLAST). Some drivers may use iw_handler_def.private_args to populate iwpriv commands instead of iw_handler_def.private. For those case, the IOCTLs from SIOCIWFIRSTPRIV to SIOCIWLASTPRIV will follow the path ndo_do_ioctl(). Accordingly when the filled up iw_point structure comes from 32 bit iwpriv to 64 bit Kernel, Kernel will not convert the pointer and sends it to driver. So, the driver may get the invalid data. The pointer conversion for the IOCTLs (SIOCIWFIRSTPRIV to SIOCIWLASTPRIV), which follow the path ndo_do_ioctl(), is mandatory. This patch adds pointer conversion from 32 bit to 64 bit and vice versa, if the ioctl comes from 32 bit iwpriv to 64 bit Kernel. Signed-off-by: Prasun Maiti Signed-off-by: Ujjal Roy Tested-by: Dibyajyoti Ghosh --- net/wireless/wext-core.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-) -- 1.9.1 -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html --- a/net/wireless/wext-core.c +++ b/net/wireless/wext-core.c @@ -955,8 +955,30 @@ static int wireless_process_ioctl(struct net *net, struct ifreq *ifr, return private(dev, iwr, cmd, info, handler); } /* Old driver API : call driver ioctl handler */ - if (dev->netdev_ops->ndo_do_ioctl) - return dev->netdev_ops->ndo_do_ioctl(dev, ifr, cmd); + if (dev->netdev_ops->ndo_do_ioctl) { + if ((info->flags & IW_REQUEST_FLAG_COMPAT) && + (cmd >= SIOCIWFIRSTPRIV && cmd <= SIOCIWLASTPRIV)) { + int ret = 0; + struct compat_iw_point *iwp_compat = (struct compat_iw_point *) &iwr->u.data; + struct iw_point *iwp = &iwr->u.data; + __u16 length = iwp_compat->length, flags = iwp_compat->flags; + + iwp->pointer = compat_ptr(iwp_compat->pointer); + iwp->length = length; + iwp->flags = flags; + + ret = dev->netdev_ops->ndo_do_ioctl(dev, ifr, cmd); + + length = iwp->length; + flags = iwp->flags; + iwp_compat->pointer = ptr_to_compat(iwp->pointer); + iwp_compat->length = length; + iwp_compat->flags = flags; + return ret; + } else { + return dev->netdev_ops->ndo_do_ioctl(dev, ifr, cmd); + } + } return -EOPNOTSUPP; }