1
linux/drivers
Stephen Tweedie 68f66feb30 [PATCH] Fix root hole in raw device
[Patch] Fix raw device ioctl pass-through

Raw character devices are supposed to pass ioctls through to the block
devices they are bound to.  Unfortunately, they are using the wrong
function for this: ioctl_by_bdev(), instead of blkdev_ioctl().

ioctl_by_bdev() performs a set_fs(KERNEL_DS) before calling the ioctl,
redirecting the user-space buffer access to the kernel address space.
This is, needless to say, a bad thing.

This was noticed first on s390, where raw IO was non-functioning.  The
s390 driver config does not actually allow raw IO to be enabled, which
was the first part of the problem.  Secondly, the s390 kernel address
space is distinct from user, causing legal raw ioctls to fail.  I've
reproduced this on a kernel built with 4G:4G split on x86, which fails
in the same way (-EFAULT if the address does not exist kernel-side;
returns success without actually populating the user buffer if it does.)

The patch below fixes both the config and address-space problems.  It's
based closely on a patch by Jan Glauber <jang@de.ibm.com>, which has
been tested on s390 at IBM.  I've tested it on x86 4G:4G (split address
space) and x86_64 (common address space).

Kernel-address-space access has been assigned CAN-2005-1264.

Signed-off-by: Stephen Tweedie <sct@redhat.com>
Signed-off-by: Dave Jones <davej@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2005-05-16 21:07:21 -07:00
..
acorn Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
acpi [PATCH] DocBook: fix some descriptions 2005-05-01 08:59:26 -07:00
atm [ATM]: ENI155P error handling fix 2005-04-24 19:14:36 -07:00
base [PATCH] drivers/base/bus.c: fix iteration in driver_detach() 2005-05-04 23:44:38 -07:00
block [PATCH] Fix root hole in raw device 2005-05-16 21:07:21 -07:00
bluetooth Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
cdrom [PATCH] make some things static 2005-05-05 16:36:47 -07:00
char [PATCH] Fix root hole in raw device 2005-05-16 21:07:21 -07:00
cpufreq [PATCH] cpufreq annoying warning fix 2005-05-02 08:15:22 -07:00
crypto Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
dio Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
eisa Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
fc4 Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
firmware Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
i2c [PATCH] ppc annotations: i2c-mpc 2005-04-25 18:32:12 -07:00
ide [PATCH] drivers/ide/pci/sis5513.c: section fixes 2005-05-05 16:36:41 -07:00
ieee1394 [PATCH] Fix non-legacy ISO receive regression 2005-04-21 14:09:42 -07:00
infiniband [PATCH] fix include order in mthca_memfree.c 2005-05-01 08:59:14 -07:00
input [PATCH] drivers/input/joystick/spaceorb.c: fix an array overflow 2005-05-01 08:59:30 -07:00
isdn [PATCH] make lots of things static 2005-05-01 08:59:29 -07:00
macintosh [PATCH] ppc32: Fix might_sleep() warning with clock spreading 2005-05-02 08:15:22 -07:00
mca Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
md [PATCH] make some things static 2005-05-05 16:36:47 -07:00
media [PATCH] video/tuner: add VIDEO_G_FREQUENCY and freq range to VIDIOC_G_TUNER 2005-05-06 22:09:28 -07:00
message [PATCH] Convert i2o to compat_ioctl 2005-04-18 12:34:15 -05:00
misc Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
mmc [PATCH] MMC: wbsd update 2005-05-08 19:35:27 +01:00
mtd [PATCH] fix u32 vs. pm_message_t in drivers/mmc,mtd,scsi 2005-04-16 15:25:29 -07:00
net [PATCH] wireless: 3CRWE154G72 Kconfig help fix 2005-05-16 00:04:29 -04:00
nubus Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
oprofile [PATCH] oprofile trivial user annotations 2005-04-26 07:43:42 -07:00
parisc Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
parport [PATCH] ISA_DMA Kconfig fixes - part 2 (parport_pc) 2005-05-04 07:33:13 -07:00
pci [PATCH] PCI: drivers/pci/pci.c: remove pci_dac_set_dma_mask 2005-05-03 23:45:17 -07:00
pcmcia [PATCH] pcmcia: yenta TI: align irq of func1 to func0 if INTRTIE is set 2005-05-05 16:36:43 -07:00
pnp [PATCH] drivers/pnp/pnpacpi/rsparser.c: fix an array overflow 2005-05-01 08:59:30 -07:00
s390 Automatic merge of rsync://www.parisc-linux.org/~jejb/git/scsi-for-linus-2.6.git 2005-05-06 16:46:40 -07:00
sbus [PATCH] mostek bogus sparse annotations fixed 2005-04-24 12:28:36 -07:00
scsi Automatic merge of rsync://www.parisc-linux.org/~jejb/git/scsi-for-linus-2.6.git 2005-05-06 16:46:40 -07:00
serial [PATCH] Serial: Add uart_insert_char() 2005-05-09 23:21:59 +01:00
sh Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sn Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
tc Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
telephony [PATCH] ixj* - compile warning cleanup 2005-05-05 16:36:48 -07:00
usb [PATCH] USB cypress_m8: update kernel driver with current source 2005-05-03 23:31:52 -07:00
video [PATCH] make some things static 2005-05-05 16:36:47 -07:00
w1 [PATCH] w1_smem: w1 ID is only 8 bytes long. 2005-04-18 21:16:57 -07:00
zorro Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
Kconfig Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
Makefile Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00