From patchwork Mon Jun  6 14:34:19 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Prasun Maiti <prasunmaiti87@gmail.com>
X-Patchwork-Id: 9158355
X-Patchwork-Delegate: johannes@sipsolutions.net
Return-Path: <linux-wireless-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	D32D160573 for <patchwork-linux-wireless@patchwork.kernel.org>;
	Mon,  6 Jun 2016 14:34:36 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C4A9D2040D
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Mon,  6 Jun 2016 14:34:36 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id B96A026490; Mon,  6 Jun 2016 14:34:36 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C4CA020410
	for <patchwork-linux-wireless@patchwork.kernel.org>;
	Mon,  6 Jun 2016 14:34:34 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752779AbcFFOec (ORCPT
	<rfc822;patchwork-linux-wireless@patchwork.kernel.org>);
	Mon, 6 Jun 2016 10:34:32 -0400
Received: from mail-pa0-f66.google.com ([209.85.220.66]:35487 "EHLO
	mail-pa0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752183AbcFFOea (ORCPT
	<rfc822;linux-wireless@vger.kernel.org>);
	Mon, 6 Jun 2016 10:34:30 -0400
Received: by mail-pa0-f66.google.com with SMTP id gp3so11955192pac.2
	for <linux-wireless@vger.kernel.org>;
	Mon, 06 Jun 2016 07:34:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=Ikxyu2TYqze8swnhAgFfGoFqn7SpWYyszLaSz/J7CPs=;
	b=D6vYVDLe8c09qrE1Sa3k7UTckcYmOtV/Adtqw1MlzEzUkjbktEchbKCi7AUuX9B+Kp
	8hHw6Ueg8+dTDGLHWkxaaF+8lKZWPrBQS1pjkvbTo605f1vPvq2gCy04HiM8kW6lr73e
	FCDPmMGL8vQtATI/dTgzr/bF6PPVEDXe+gaa+qpMgYhnL1un0z/xl5/N4FEMRAaz2dSe
	aotzMkIsflZXbL7b2PU0DlwpZx/55dijHkxMxCXbh77M/Ye6KkoPh2D15GGW8KgNJZnf
	28bfUm0a/zBmCI776JoEJFyqKtbP2rSMG8EULQ4zqsNc669oYwxXoGUsOEW5iX0EQ2Nn
	vieg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=Ikxyu2TYqze8swnhAgFfGoFqn7SpWYyszLaSz/J7CPs=;
	b=T2R96IS+oOfq657SsJpcCyzE0CNfeCqXbTw9lq1rNHYOl3bmOQDcf6CxNVYLpMSv4S
	YcQBBLii5FPYJDwFECRrwQE7wwIEfAGgG1b0sXU8vwmWCuG9wQsFQgWRpPj7fTWH80oV
	5NnN0KM2cffjk09VzPMXHiESoVjsec5Rl/M44QinZ6wWM53B9VtwPepRWwbCvwhOh1yW
	yQKVt44PpbA6wY+EiS+3WCkflzEE3+FTq7WXOMp2xMg3/vglJHDnIps7WS2pbBxCUVqQ
	A3wAnK01IUYd93uOKbBYEPzez8kW7/c38lzxX0X5U8v2jnsYea0ABRSkxqNvCamgjmgZ
	VZQw==
X-Gm-Message-State: 
 ALyK8tLtC4ZuDGSfiDlF6RWziTsOEyEporWrOLv+v2pQssWlN5HV0x6jl9lxUWbW3ts0zw==
X-Received: by 10.66.43.172 with SMTP id x12mr24607504pal.111.1465223664991;
	Mon, 06 Jun 2016 07:34:24 -0700 (PDT)
Received: from Lap.alumnus.co.in (gw.alumnux.com. [182.74.215.94])
	by smtp.gmail.com with ESMTPSA id
	y205sm7830974pfb.13.2016.06.06.07.34.22
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
	Mon, 06 Jun 2016 07:34:24 -0700 (PDT)
From: Prasun Maiti <prasunmaiti87@gmail.com>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: "David S. Miller" <davem@davemloft.net>,
	Dibyajyoti Ghosh <dibyajyotig@gmail.com>, Ujjal Roy <royujjal@gmail.com>,
	WiFi Mailing List <linux-wireless@vger.kernel.org>
Subject: [PATCH] wext: Fix 32 bit iwpriv compatibility issue with 64 bit
	Kernel
Date: Mon,  6 Jun 2016 20:04:19 +0530
Message-Id: <1465223659-11530-1-git-send-email-prasunmaiti87@gmail.com>
X-Mailer: git-send-email 1.9.1
In-Reply-To: <1464690345.3076.17.camel@sipsolutions.net>
References: <1464690345.3076.17.camel@sipsolutions.net>
Sender: linux-wireless-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-wireless.vger.kernel.org>
X-Mailing-List: linux-wireless@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

iwpriv app uses iw_point structure to send data to Kernel. The iw_point
structure holds a pointer. For compatibility Kernel converts the pointer
as required for WEXT IOCTLs (SIOCIWFIRST to SIOCIWLAST). Some drivers
may use iw_handler_def.private_args to populate iwpriv commands instead
of iw_handler_def.private. For those case, the IOCTLs from
SIOCIWFIRSTPRIV to SIOCIWLASTPRIV will follow the path ndo_do_ioctl().
Accordingly when the filled up iw_point structure comes from 32 bit
iwpriv to 64 bit Kernel, Kernel will not convert the pointer and sends
it to driver. So, the driver may get the invalid data.

The pointer conversion for the IOCTLs (SIOCIWFIRSTPRIV to
SIOCIWLASTPRIV), which follow the path ndo_do_ioctl(), is mandatory.
This patch adds pointer conversion from 32 bit to 64 bit and vice versa,
if the ioctl comes from 32 bit iwpriv to 64 bit Kernel.

Signed-off-by: Prasun Maiti <prasunmaiti87@gmail.com>
Signed-off-by: Ujjal Roy <royujjal@gmail.com>
Tested-by: Dibyajyoti Ghosh <dibyajyotig@gmail.com>
---
 net/wireless/wext-core.c | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

--
1.9.1

--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c
index 6250b1c..a96dcc6 100644
--- a/net/wireless/wext-core.c
+++ b/net/wireless/wext-core.c
@@ -958,8 +958,28 @@ static int wireless_process_ioctl(struct net *net, struct ifreq *ifr,
 			return private(dev, iwr, cmd, info, handler);
 	}
 	/* Old driver API : call driver ioctl handler */
-	if (dev->netdev_ops->ndo_do_ioctl)
-		return dev->netdev_ops->ndo_do_ioctl(dev, ifr, cmd);
+	if (dev->netdev_ops->ndo_do_ioctl) {
+#ifdef CONFIG_COMPAT
+		if (info->flags & IW_REQUEST_FLAG_COMPAT) {
+			int ret = 0;
+			struct iwreq iwr_lcl;
+			struct compat_iw_point *iwp_compat = (void *) &iwr->u.data;
+
+			memcpy(&iwr_lcl, iwr, sizeof(struct iwreq));
+			iwr_lcl.u.data.pointer = compat_ptr(iwp_compat->pointer);
+			iwr_lcl.u.data.length = iwp_compat->length;
+			iwr_lcl.u.data.flags = iwp_compat->flags;
+
+			ret = dev->netdev_ops->ndo_do_ioctl(dev, (void *) &iwr_lcl, cmd);
+
+			iwp_compat->pointer = ptr_to_compat(iwr_lcl.u.data.pointer);
+			iwp_compat->length = iwr_lcl.u.data.length;
+			iwp_compat->flags = iwr_lcl.u.data.flags;
+			return ret;
+		} else
+#endif
+			return dev->netdev_ops->ndo_do_ioctl(dev, ifr, cmd);
+	}
 	return -EOPNOTSUPP;
 }