net, compat_ioctl: handle socket ioctl abuses in tty drivers (9646e7ce) · Commits · e / devices / android_kernel_xiaomi_markw

drivers/net/hamradio/6pack.c

+21 −0

Original line number	Diff line number	Diff line
		@@ -34,6 +34,7 @@
		#include <linux/ip.h>
		#include <linux/tcp.h>
		#include <linux/semaphore.h>
		#include <linux/compat.h>
		#include <asm/atomic.h>

		#define SIXPACK_VERSION "Revision: 0.3.0"
		@@ -777,6 +778,23 @@ static int sixpack_ioctl(struct tty_struct tty, struct file file,
		return err;
		}

		#ifdef CONFIG_COMPAT
		static long sixpack_compat_ioctl(struct tty_struct * tty, struct file * file,
		unsigned int cmd, unsigned long arg)
		{
		switch (cmd) {
		case SIOCGIFNAME:
		case SIOCGIFENCAP:
		case SIOCSIFENCAP:
		case SIOCSIFHWADDR:
		return sixpack_ioctl(tty, file, cmd,
		(unsigned long)compat_ptr(arg));
		}

		return -ENOIOCTLCMD;
		}
		#endif

		static struct tty_ldisc_ops sp_ldisc = {
		.owner = THIS_MODULE,
		.magic = TTY_LDISC_MAGIC,
		@@ -784,6 +802,9 @@ static struct tty_ldisc_ops sp_ldisc = {
		.open = sixpack_open,
		.close = sixpack_close,
		.ioctl = sixpack_ioctl,
		#ifdef CONFIG_COMPAT
		.compat_ioctl = sixpack_compat_ioctl,
		#endif
		.receive_buf = sixpack_receive_buf,
		.write_wakeup = sixpack_write_wakeup,
		};

+21 −0

Original line number	Diff line number	Diff line
		@@ -36,6 +36,7 @@
		#include <linux/skbuff.h>
		#include <linux/if_arp.h>
		#include <linux/jiffies.h>
		#include <linux/compat.h>

		#include <net/ax25.h>

		@@ -898,6 +899,23 @@ static int mkiss_ioctl(struct tty_struct tty, struct file file,
		return err;
		}

		#ifdef CONFIG_COMPAT
		static long mkiss_compat_ioctl(struct tty_struct tty, struct file file,
		unsigned int cmd, unsigned long arg)
		{
		switch (arg) {
		case SIOCGIFNAME:
		case SIOCGIFENCAP:
		case SIOCSIFENCAP:
		case SIOCSIFHWADDR:
		return mkiss_ioctl(tty, file, cmd,
		(unsigned long)compat_ptr(arg));
		}

		return -ENOIOCTLCMD;
		}
		#endif

		/*
		* Handle the 'receiver data ready' interrupt.
		* This function is called by the 'tty_io' module in the kernel when
		@@ -972,6 +990,9 @@ static struct tty_ldisc_ops ax_ldisc = {
		.open = mkiss_open,
		.close = mkiss_close,
		.ioctl = mkiss_ioctl,
		#ifdef CONFIG_COMPAT
		.compat_ioctl = mkiss_compat_ioctl,
		#endif
		.receive_buf = mkiss_receive_buf,
		.write_wakeup = mkiss_write_wakeup
		};

+25 −0

Original line number	Diff line number	Diff line
		@@ -79,6 +79,7 @@
		#include <linux/rtnetlink.h>
		#include <linux/if_arp.h>
		#include <linux/if_slip.h>
		#include <linux/compat.h>
		#include <linux/delay.h>
		#include <linux/init.h>
		#include "slip.h"
		@@ -1168,6 +1169,27 @@ static int slip_ioctl(struct tty_struct tty, struct file file,
		}
		}

		#ifdef CONFIG_COMPAT
		static long slip_compat_ioctl(struct tty_struct tty, struct file file,
		unsigned int cmd, unsigned long arg)
		{
		switch (cmd) {
		case SIOCGIFNAME:
		case SIOCGIFENCAP:
		case SIOCSIFENCAP:
		case SIOCSIFHWADDR:
		case SIOCSKEEPALIVE:
		case SIOCGKEEPALIVE:
		case SIOCSOUTFILL:
		case SIOCGOUTFILL:
		return slip_ioctl(tty, file, cmd,
		(unsigned long)compat_ptr(arg));
		}

		return -ENOIOCTLCMD;
		}
		#endif

		/* VSV changes start here */
		#ifdef CONFIG_SLIP_SMART
		/* function do_ioctl called from net/core/dev.c
		@@ -1260,6 +1282,9 @@ static struct tty_ldisc_ops sl_ldisc = {
		.close = slip_close,
		.hangup = slip_hangup,
		.ioctl = slip_ioctl,
		#ifdef CONFIG_COMPAT
		.compat_ioctl = slip_compat_ioctl,
		#endif
		.receive_buf = slip_receive_buf,
		.write_wakeup = slip_write_wakeup,
		};

+19 −0

Original line number	Diff line number	Diff line
		@@ -33,6 +33,7 @@
		#include <linux/lapb.h>
		#include <linux/init.h>
		#include <linux/rtnetlink.h>
		#include <linux/compat.h>
		#include "x25_asy.h"

		#include <net/x25device.h>
		@@ -705,6 +706,21 @@ static int x25_asy_ioctl(struct tty_struct tty, struct file file,
		}
		}

		#ifdef CONFIG_COMPAT
		static long x25_asy_compat_ioctl(struct tty_struct tty, struct file file,
		unsigned int cmd, unsigned long arg)
		{
		switch (cmd) {
		case SIOCGIFNAME:
		case SIOCSIFHWADDR:
		return x25_asy_ioctl(tty, file, cmd,
		(unsigned long)compat_ptr(arg));
		}

		return -ENOIOCTLCMD;
		}
		#endif

		static int x25_asy_open_dev(struct net_device *dev)
		{
		struct x25_asy *sl = netdev_priv(dev);
		@@ -754,6 +770,9 @@ static struct tty_ldisc_ops x25_ldisc = {
		.open = x25_asy_open_tty,
		.close = x25_asy_close_tty,
		.ioctl = x25_asy_ioctl,
		#ifdef CONFIG_COMPAT
		.compat_ioctl = x25_asy_compat_ioctl,
		#endif
		.receive_buf = x25_asy_receive_buf,
		.write_wakeup = x25_asy_write_wakeup,
		};

+17 −0

Original line number	Diff line number	Diff line
		@@ -106,6 +106,7 @@ static const char StripVersion[] = "1.3A-STUART.CHESHIRE";
		#include <linux/serial.h>
		#include <linux/serialP.h>
		#include <linux/rcupdate.h>
		#include <linux/compat.h>
		#include <net/arp.h>
		#include <net/net_namespace.h>

		@@ -2725,6 +2726,19 @@ static int strip_ioctl(struct tty_struct tty, struct file file,
		return 0;
		}

		#ifdef CONFIG_COMPAT
		static long strip_compat_ioctl(struct tty_struct tty, struct file file,
		unsigned int cmd, unsigned long arg)
		{
		switch (cmd) {
		case SIOCGIFNAME:
		case SIOCSIFHWADDR:
		return strip_ioctl(tty, file, cmd,
		(unsigned long)compat_ptr(arg));
		}
		return -ENOIOCTLCMD;
		}
		#endif

		/************************************************************************/
		/* Initialization */
		@@ -2736,6 +2750,9 @@ static struct tty_ldisc_ops strip_ldisc = {
		.open = strip_open,
		.close = strip_close,
		.ioctl = strip_ioctl,
		#ifdef CONFIG_COMPAT
		.compat_ioctl = strip_compat_ioctl,
		#endif
		.receive_buf = strip_receive_buf,
		.write_wakeup = strip_write_some_more,
		};