Re: [BNEP] Fix compat BNEPGETCONNLIST ioctl.
Hi David, We were making no attempt to deal with the fact that a structure with a uint32_t followed by a pointer is going to be _different_ for 32-bit and 64-bit userspace. Any 32-bit process trying to use BNEPGETCONNLIST will be failing with -EFAULT if it's lucky; suffering from having the connection list dumped at a random address if it's not. it seems that HIDP and CMTP will have the same problem. Regards Marcel - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [BNEP] Fix compat BNEPGETCONNLIST ioctl.
On Mon, 2006-09-18 at 12:38 +0200, Marcel Holtmann wrote:
Hi David,
We were making no attempt to deal with the fact that a structure with a
uint32_t followed by a pointer is going to be _different_ for 32-bit and
64-bit userspace. Any 32-bit process trying to use BNEPGETCONNLIST will
be failing with -EFAULT if it's lucky; suffering from having the
connection list dumped at a random address if it's not.
it seems that HIDP and CMTP will have the same problem.
Indeed they do. This patch fixes 'hidd -l'... although HIDP mouse
movement doesn't seem to be appearing in /dev/input/mice on my G5, while
the 'hcidump' output looks sane enough while I move it.
-
[HIDP] Fix compat HIDPGETCONNLIST ioctl.
Signed-off-by: David Woodhouse [EMAIL PROTECTED]
diff --git a/net/bluetooth/hidp/sock.c b/net/bluetooth/hidp/sock.c
index 099646e..af5a21c 100644
--- a/net/bluetooth/hidp/sock.c
+++ b/net/bluetooth/hidp/sock.c
@@ -35,6 +35,7 @@ #include linux/socket.h
#include linux/ioctl.h
#include linux/file.h
#include linux/init.h
+#include linux/compat.h
#include net/sock.h
#include hidp.h
@@ -143,11 +144,42 @@ static int hidp_sock_ioctl(struct socket
return -EINVAL;
}
+#ifdef CONFIG_COMPAT
+static int hidp_sock_compat_ioctl(struct socket *sock, unsigned int cmd,
unsigned long arg)
+{
+ if (cmd == HIDPGETCONNLIST) {
+ struct hidp_connlist_req cl;
+ uint32_t uci;
+ int err;
+
+ if (get_user(cl.cnum, (uint32_t __user *)arg) ||
+ get_user(uci, (u32 __user *)(arg+4)))
+ return -EFAULT;
+
+ cl.ci = compat_ptr(uci);
+
+ if (cl.cnum = 0)
+ return -EINVAL;
+
+ err = hidp_get_connlist(cl);
+
+ if (!err put_user(cl.cnum, (uint32_t __user *)arg))
+ err = -EFAULT;
+
+ return err;
+ }
+ return hidp_sock_ioctl(sock, cmd, arg);
+}
+#endif
+
static const struct proto_ops hidp_sock_ops = {
.family = PF_BLUETOOTH,
.owner = THIS_MODULE,
.release= hidp_sock_release,
.ioctl = hidp_sock_ioctl,
+#ifdef CONFIG_COMPAT
+ .compat_ioctl = hidp_sock_compat_ioctl,
+#endif
.bind = sock_no_bind,
.getname= sock_no_getname,
.sendmsg= sock_no_sendmsg,
--
dwmw2
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [BNEP] Fix compat BNEPGETCONNLIST ioctl.
On Mon, 2006-09-18 at 14:25 +0100, David Woodhouse wrote:
although HIDP mouse movement doesn't seem to be appearing
in /dev/input/mice on my G5, while the 'hcidump' output looks sane
enough while I move it.
Ew, that's because struct hidp_connadd_req is similarly buggered for
compat. Replacement HIDP patch to fix both at once... I didn't miss
anywhere where we actually change the hidp_connadd_req structure during
the call, did I?
-
[HIDP] Fix compat HIDPGETCONNLIST and HIDPCONNADD ioctls.
Signed-off-by: David Woodhouse [EMAIL PROTECTED]
diff --git a/net/bluetooth/hidp/sock.c b/net/bluetooth/hidp/sock.c
index 099646e..e01fdc5 100644
--- a/net/bluetooth/hidp/sock.c
+++ b/net/bluetooth/hidp/sock.c
@@ -35,6 +35,7 @@ #include linux/socket.h
#include linux/ioctl.h
#include linux/file.h
#include linux/init.h
+#include linux/compat.h
#include net/sock.h
#include hidp.h
@@ -143,11 +144,87 @@ static int hidp_sock_ioctl(struct socket
return -EINVAL;
}
+#ifdef CONFIG_COMPAT
+struct compat_hidp_connadd_req {
+ int ctrl_sock;// Connected control socket
+ int intr_sock;// Connteted interrupt socket
+ __u16 parser;
+ __u16 rd_size;
+ compat_uptr_t rd_data;
+ __u8 country;
+ __u8 subclass;
+ __u16 vendor;
+ __u16 product;
+ __u16 version;
+ __u32 flags;
+ __u32 idle_to;
+ char name[128];
+};
+
+static int hidp_sock_compat_ioctl(struct socket *sock, unsigned int cmd,
unsigned long arg)
+{
+ if (cmd == HIDPGETCONNLIST) {
+ struct hidp_connlist_req cl;
+ uint32_t uci;
+ int err;
+
+ if (get_user(cl.cnum, (uint32_t __user *)arg) ||
+ get_user(uci, (u32 __user *)(arg+4)))
+ return -EFAULT;
+
+ cl.ci = compat_ptr(uci);
+
+ if (cl.cnum = 0)
+ return -EINVAL;
+
+ err = hidp_get_connlist(cl);
+
+ if (!err put_user(cl.cnum, (uint32_t __user *)arg))
+ err = -EFAULT;
+
+ return err;
+ } else if (cmd == HIDPCONNADD) {
+ struct compat_hidp_connadd_req ca;
+ struct hidp_connadd_req __user *uca;
+
+ uca = compat_alloc_user_space(sizeof(*uca));
+
+ if (copy_from_user(ca, (void *)arg, sizeof(ca)))
+ return -EFAULT;
+
+ if (put_user(ca.ctrl_sock, uca-ctrl_sock)
+ || put_user(ca.intr_sock, uca-intr_sock)
+ || put_user(ca.parser, uca-parser)
+ || put_user(ca.rd_size, uca-parser)
+ || put_user(compat_ptr(ca.rd_data), uca-rd_data)
+ || put_user(ca.country, uca-country)
+ || put_user(ca.subclass, uca-subclass)
+ || put_user(ca.vendor, uca-vendor)
+ || put_user(ca.product, uca-product)
+ || put_user(ca.version, uca-version)
+ || put_user(ca.flags, uca-flags)
+ || put_user(ca.idle_to, uca-idle_to)
+ || copy_to_user(uca-name[0], ca.name[0], 128))
+ return -EFAULT;
+
+ arg = (unsigned long)uca;
+ /* Fall through. We don't actually write back any _changes_
+ to the structure anyway, so there's no need to copy back
+ into the original compat version */
+ }
+
+ return hidp_sock_ioctl(sock, cmd, arg);
+}
+#endif
+
static const struct proto_ops hidp_sock_ops = {
.family = PF_BLUETOOTH,
.owner = THIS_MODULE,
.release= hidp_sock_release,
.ioctl = hidp_sock_ioctl,
+#ifdef CONFIG_COMPAT
+ .compat_ioctl = hidp_sock_compat_ioctl,
+#endif
.bind = sock_no_bind,
.getname= sock_no_getname,
.sendmsg= sock_no_sendmsg,
--
dwmw2
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [BNEP] Fix compat BNEPGETCONNLIST ioctl.
On Mon, 2006-09-18 at 12:38 +0200, Marcel Holtmann wrote:
it seems that HIDP and CMTP will have the same problem.
Finally, the CMTP version... this one is untested.
[CMTP] Fix compat CMTPGETCONNLIST ioctl
Signed-off-by: David Woodhouse [EMAIL PROTECTED]
diff --git a/net/bluetooth/cmtp/sock.c b/net/bluetooth/cmtp/sock.c
index 10ad7fd..68e1290 100644
--- a/net/bluetooth/cmtp/sock.c
+++ b/net/bluetooth/cmtp/sock.c
@@ -34,6 +34,7 @@ #include linux/skbuff.h
#include linux/socket.h
#include linux/ioctl.h
#include linux/file.h
+#include linux/compat.h
#include net/sock.h
#include linux/isdn/capilli.h
@@ -137,11 +138,44 @@ static int cmtp_sock_ioctl(struct socket
return -EINVAL;
}
+#ifdef CONFIG_COMPAT
+static int cmtp_sock_compat_ioctl(struct socket *sock, unsigned int cmd,
unsigned long arg)
+{
+
+ if (cmd == CMTPGETCONNLIST) {
+ struct cmtp_connlist_req cl;
+ uint32_t uci;
+ int err;
+
+ if (get_user(cl.cnum, (uint32_t __user *)arg) ||
+ get_user(uci, (u32 __user *)(arg+4)))
+ return -EFAULT;
+
+ cl.ci = compat_ptr(uci);
+
+ if (cl.cnum = 0)
+ return -EINVAL;
+
+ err = cmtp_get_connlist(cl);
+
+ if (!err put_user(cl.cnum, (uint32_t __user *)arg))
+ err = -EFAULT;
+
+ return err;
+ }
+
+ return cmtp_sock_ioctl(sock, cmd, arg);
+}
+#endif
+
static const struct proto_ops cmtp_sock_ops = {
.family = PF_BLUETOOTH,
.owner = THIS_MODULE,
.release= cmtp_sock_release,
.ioctl = cmtp_sock_ioctl,
+#ifdef CONFIG_COMPAT
+ .compat_ioctl = cmtp_sock_compat_ioctl,
+#endif
.bind = sock_no_bind,
.getname= sock_no_getname,
.sendmsg= sock_no_sendmsg,
--
dwmw2
-
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [BNEP] Fix compat BNEPGETCONNLIST ioctl.
Hi David, although HIDP mouse movement doesn't seem to be appearing in /dev/input/mice on my G5, while the 'hcidump' output looks sane enough while I move it. Ew, that's because struct hidp_connadd_req is similarly buggered for compat. Replacement HIDP patch to fix both at once... I didn't miss anywhere where we actually change the hidp_connadd_req structure during the call, did I? that looks ugly, but I assume there is no other way to solve this problem. I will go over all three patches and wrap them up nicely. Linus, will you accept these for inclusion before 2.6.18 final? Regards Marcel - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
