unfiltered netdev rio_ioctl access by users (rhbz 818820)
This commit is contained in:
parent
de33fd2fea
commit
b4b239926d
|
@ -0,0 +1,120 @@
|
|||
From 1bb57e940e1958e40d51f2078f50c3a96a9b2d75 Mon Sep 17 00:00:00 2001
|
||||
From: Jeff Mahoney <jeffm@suse.com>
|
||||
Date: Wed, 25 Apr 2012 14:32:09 +0000
|
||||
Subject: [PATCH] dl2k: Clean up rio_ioctl
|
||||
|
||||
The dl2k driver's rio_ioctl call has a few issues:
|
||||
- No permissions checking
|
||||
- Implements SIOCGMIIREG and SIOCGMIIREG using the SIOCDEVPRIVATE numbers
|
||||
- Has a few ioctls that may have been used for debugging at one point
|
||||
but have no place in the kernel proper.
|
||||
|
||||
This patch removes all but the MII ioctls, renumbers them to use the
|
||||
standard ones, and adds the proper permission check for SIOCSMIIREG.
|
||||
|
||||
We can also get rid of the dl2k-specific struct mii_data in favor of
|
||||
the generic struct mii_ioctl_data.
|
||||
|
||||
Since we have the phyid on hand, we can add the SIOCGMIIPHY ioctl too.
|
||||
|
||||
Most of the MII code for the driver could probably be converted to use
|
||||
the generic MII library but I don't have a device to test the results.
|
||||
|
||||
Reported-by: Stephan Mueller <stephan.mueller@atsec.com>
|
||||
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
drivers/net/ethernet/dlink/dl2k.c | 52 ++++++------------------------------
|
||||
drivers/net/ethernet/dlink/dl2k.h | 7 -----
|
||||
2 files changed, 9 insertions(+), 50 deletions(-)
|
||||
|
||||
diff --git a/drivers/net/ethernet/dlink/dl2k.c b/drivers/net/ethernet/dlink/dl2k.c
|
||||
index b2dc2c8..2e09edb 100644
|
||||
--- a/drivers/net/ethernet/dlink/dl2k.c
|
||||
+++ b/drivers/net/ethernet/dlink/dl2k.c
|
||||
@@ -1259,55 +1259,21 @@ rio_ioctl (struct net_device *dev, struct ifreq *rq, int cmd)
|
||||
{
|
||||
int phy_addr;
|
||||
struct netdev_private *np = netdev_priv(dev);
|
||||
- struct mii_data *miidata = (struct mii_data *) &rq->ifr_ifru;
|
||||
-
|
||||
- struct netdev_desc *desc;
|
||||
- int i;
|
||||
+ struct mii_ioctl_data *miidata = if_mii(rq);
|
||||
|
||||
phy_addr = np->phy_addr;
|
||||
switch (cmd) {
|
||||
- case SIOCDEVPRIVATE:
|
||||
- break;
|
||||
-
|
||||
- case SIOCDEVPRIVATE + 1:
|
||||
- miidata->out_value = mii_read (dev, phy_addr, miidata->reg_num);
|
||||
+ case SIOCGMIIPHY:
|
||||
+ miidata->phy_id = phy_addr;
|
||||
break;
|
||||
- case SIOCDEVPRIVATE + 2:
|
||||
- mii_write (dev, phy_addr, miidata->reg_num, miidata->in_value);
|
||||
+ case SIOCGMIIREG:
|
||||
+ miidata->val_out = mii_read (dev, phy_addr, miidata->reg_num);
|
||||
break;
|
||||
- case SIOCDEVPRIVATE + 3:
|
||||
- break;
|
||||
- case SIOCDEVPRIVATE + 4:
|
||||
- break;
|
||||
- case SIOCDEVPRIVATE + 5:
|
||||
- netif_stop_queue (dev);
|
||||
+ case SIOCSMIIREG:
|
||||
+ if (!capable(CAP_NET_ADMIN))
|
||||
+ return -EPERM;
|
||||
+ mii_write (dev, phy_addr, miidata->reg_num, miidata->val_in);
|
||||
break;
|
||||
- case SIOCDEVPRIVATE + 6:
|
||||
- netif_wake_queue (dev);
|
||||
- break;
|
||||
- case SIOCDEVPRIVATE + 7:
|
||||
- printk
|
||||
- ("tx_full=%x cur_tx=%lx old_tx=%lx cur_rx=%lx old_rx=%lx\n",
|
||||
- netif_queue_stopped(dev), np->cur_tx, np->old_tx, np->cur_rx,
|
||||
- np->old_rx);
|
||||
- break;
|
||||
- case SIOCDEVPRIVATE + 8:
|
||||
- printk("TX ring:\n");
|
||||
- for (i = 0; i < TX_RING_SIZE; i++) {
|
||||
- desc = &np->tx_ring[i];
|
||||
- printk
|
||||
- ("%02x:cur:%08x next:%08x status:%08x frag1:%08x frag0:%08x",
|
||||
- i,
|
||||
- (u32) (np->tx_ring_dma + i * sizeof (*desc)),
|
||||
- (u32)le64_to_cpu(desc->next_desc),
|
||||
- (u32)le64_to_cpu(desc->status),
|
||||
- (u32)(le64_to_cpu(desc->fraginfo) >> 32),
|
||||
- (u32)le64_to_cpu(desc->fraginfo));
|
||||
- printk ("\n");
|
||||
- }
|
||||
- printk ("\n");
|
||||
- break;
|
||||
-
|
||||
default:
|
||||
return -EOPNOTSUPP;
|
||||
}
|
||||
diff --git a/drivers/net/ethernet/dlink/dl2k.h b/drivers/net/ethernet/dlink/dl2k.h
|
||||
index ba0adca..30c2da3 100644
|
||||
--- a/drivers/net/ethernet/dlink/dl2k.h
|
||||
+++ b/drivers/net/ethernet/dlink/dl2k.h
|
||||
@@ -365,13 +365,6 @@ struct ioctl_data {
|
||||
char *data;
|
||||
};
|
||||
|
||||
-struct mii_data {
|
||||
- __u16 reserved;
|
||||
- __u16 reg_num;
|
||||
- __u16 in_value;
|
||||
- __u16 out_value;
|
||||
-};
|
||||
-
|
||||
/* The Rx and Tx buffer descriptors. */
|
||||
struct netdev_desc {
|
||||
__le64 next_desc;
|
||||
--
|
||||
1.7.7.6
|
||||
|
11
kernel.spec
11
kernel.spec
|
@ -42,7 +42,7 @@ Summary: The Linux kernel
|
|||
# When changing real_sublevel below, reset this by hand to 1
|
||||
# (or to 0 and then use rpmdev-bumpspec).
|
||||
#
|
||||
%global baserelease 2
|
||||
%global baserelease 3
|
||||
%global fedora_build %{baserelease}
|
||||
|
||||
# real_sublevel is the 3.x kernel version we're starting with
|
||||
|
@ -716,6 +716,9 @@ Patch22012: ipw2200-Fix-race-condition-in-the-command-completion-acknowledge.pat
|
|||
#rhbz 817298
|
||||
Patch22013: ipw2x00-add-supported-cipher-suites-to-wiphy-initialization.patch
|
||||
|
||||
#rhbz 818820
|
||||
Patch22016: dl2k-Clean-up-rio_ioctl.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
@ -1325,6 +1328,9 @@ ApplyPatch ipw2200-Fix-race-condition-in-the-command-completion-acknowledge.patc
|
|||
#rhbz 817298
|
||||
ApplyPatch ipw2x00-add-supported-cipher-suites-to-wiphy-initialization.patch
|
||||
|
||||
#rhbz 818820
|
||||
ApplyPatch dl2k-Clean-up-rio_ioctl.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
|
@ -1977,6 +1983,9 @@ fi
|
|||
# and build.
|
||||
|
||||
%changelog
|
||||
* Fri May 04 2012 Josh Boyer <jwboyer@redhat.com>
|
||||
- unfiltered netdev rio_ioctl access by users (rhbz 818820)
|
||||
|
||||
* Mon Apr 30 2012 Josh Boyer <jwboyer@redhat.com>
|
||||
- Backport ipw2x00 nl80211 cipher suite reporting (rhbz 817298)
|
||||
|
||||
|
|
Loading…
Reference in New Issue