Re: [v2] serial_core:recognize invalid pointer from userspace
From: Greg KH
Date: Wed Mar 09 2016 - 22:34:43 EST
On Thu, Mar 10, 2016 at 11:17:23AM +0800, Jiang Lu wrote:
> compat_ioctl use 0xffffffff as a magic number to mark invalid pointer
> for iomem_base in serial_struct when truncating a 64bit pointer into
> 32bit.
>
> Serial driver need recognize this invalid pointer when parsing
> serial_struct from userspace.
>
> Signed-off-by: Jiang Lu <lu.jiang@xxxxxxxxxxxxx>
> ---
> drivers/tty/serial/serial_core.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
> index a5d545e..d293536 100644
> --- a/drivers/tty/serial/serial_core.c
> +++ b/drivers/tty/serial/serial_core.c
> @@ -745,6 +745,9 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port,
> * allocations, we should treat type changes the same as
> * IO port changes.
> */
> + if ((unsigned long)new_info->iomem_base == 0xffffffff)
> + new_info->iomem_base = (void *)(unsigned long)uport->mapbase;
This looks really odd to me, why do we care about userspace issues here?
Shouldn't the compat ioctl code have handled this already all for us?
And why set it to mapbase? Just to keep it from being changed?
this worries me...
greg k-h