unfiltered netdev rio_ioctl access by users (rhbz 818820)
This commit is contained in:
parent
33847bf37e
commit
ba63b0eddb
|
@ -0,0 +1,120 @@
|
|||
From 1bb57e940e1958e40d51f2078f50c3a96a9b2d75 Mon Sep 17 00:00:00 2001
|
||||
From: Jeff Mahoney <jeffm@suse.com>
|
||||
Date: Wed, 25 Apr 2012 14:32:09 +0000
|
||||
Subject: [PATCH] dl2k: Clean up rio_ioctl
|
||||
|
||||
The dl2k driver's rio_ioctl call has a few issues:
|
||||
- No permissions checking
|
||||
- Implements SIOCGMIIREG and SIOCGMIIREG using the SIOCDEVPRIVATE numbers
|
||||
- Has a few ioctls that may have been used for debugging at one point
|
||||
but have no place in the kernel proper.
|
||||
|
||||
This patch removes all but the MII ioctls, renumbers them to use the
|
||||
standard ones, and adds the proper permission check for SIOCSMIIREG.
|
||||
|
||||
We can also get rid of the dl2k-specific struct mii_data in favor of
|
||||
the generic struct mii_ioctl_data.
|
||||
|
||||
Since we have the phyid on hand, we can add the SIOCGMIIPHY ioctl too.
|
||||
|
||||
Most of the MII code for the driver could probably be converted to use
|
||||
the generic MII library but I don't have a device to test the results.
|
||||
|
||||
Reported-by: Stephan Mueller <stephan.mueller@atsec.com>
|
||||
Signed-off-by: Jeff Mahoney <jeffm@suse.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
drivers/net/ethernet/dlink/dl2k.c | 52 ++++++------------------------------
|
||||
drivers/net/ethernet/dlink/dl2k.h | 7 -----
|
||||
2 files changed, 9 insertions(+), 50 deletions(-)
|
||||
|
||||
diff --git a/drivers/net/ethernet/dlink/dl2k.c b/drivers/net/ethernet/dlink/dl2k.c
|
||||
index b2dc2c8..2e09edb 100644
|
||||
--- a/drivers/net/ethernet/dlink/dl2k.c
|
||||
+++ b/drivers/net/ethernet/dlink/dl2k.c
|
||||
@@ -1259,55 +1259,21 @@ rio_ioctl (struct net_device *dev, struct ifreq *rq, int cmd)
|
||||
{
|
||||
int phy_addr;
|
||||
struct netdev_private *np = netdev_priv(dev);
|
||||
- struct mii_data *miidata = (struct mii_data *) &rq->ifr_ifru;
|
||||
-
|
||||
- struct netdev_desc *desc;
|
||||
- int i;
|
||||
+ struct mii_ioctl_data *miidata = if_mii(rq);
|
||||
|
||||
phy_addr = np->phy_addr;
|
||||
switch (cmd) {
|
||||
- case SIOCDEVPRIVATE:
|
||||
- break;
|
||||
-
|
||||
- case SIOCDEVPRIVATE + 1:
|
||||
- miidata->out_value = mii_read (dev, phy_addr, miidata->reg_num);
|
||||
+ case SIOCGMIIPHY:
|
||||
+ miidata->phy_id = phy_addr;
|
||||
break;
|
||||
- case SIOCDEVPRIVATE + 2:
|
||||
- mii_write (dev, phy_addr, miidata->reg_num, miidata->in_value);
|
||||
+ case SIOCGMIIREG:
|
||||
+ miidata->val_out = mii_read (dev, phy_addr, miidata->reg_num);
|
||||
break;
|
||||
- case SIOCDEVPRIVATE + 3:
|
||||
- break;
|
||||
- case SIOCDEVPRIVATE + 4:
|
||||
- break;
|
||||
- case SIOCDEVPRIVATE + 5:
|
||||
- netif_stop_queue (dev);
|
||||
+ case SIOCSMIIREG:
|
||||
+ if (!capable(CAP_NET_ADMIN))
|
||||
+ return -EPERM;
|
||||
+ mii_write (dev, phy_addr, miidata->reg_num, miidata->val_in);
|
||||
break;
|
||||
- case SIOCDEVPRIVATE + 6:
|
||||
- netif_wake_queue (dev);
|
||||
- break;
|
||||
- case SIOCDEVPRIVATE + 7:
|
||||
- printk
|
||||
- ("tx_full=%x cur_tx=%lx old_tx=%lx cur_rx=%lx old_rx=%lx\n",
|
||||
- netif_queue_stopped(dev), np->cur_tx, np->old_tx, np->cur_rx,
|
||||
- np->old_rx);
|
||||
- break;
|
||||
- case SIOCDEVPRIVATE + 8:
|
||||
- printk("TX ring:\n");
|
||||
- for (i = 0; i < TX_RING_SIZE; i++) {
|
||||
- desc = &np->tx_ring[i];
|
||||
- printk
|
||||
- ("%02x:cur:%08x next:%08x status:%08x frag1:%08x frag0:%08x",
|
||||
- i,
|
||||
- (u32) (np->tx_ring_dma + i * sizeof (*desc)),
|
||||
- (u32)le64_to_cpu(desc->next_desc),
|
||||
- (u32)le64_to_cpu(desc->status),
|
||||
- (u32)(le64_to_cpu(desc->fraginfo) >> 32),
|
||||
- (u32)le64_to_cpu(desc->fraginfo));
|
||||
- printk ("\n");
|
||||
- }
|
||||
- printk ("\n");
|
||||
- break;
|
||||
-
|
||||
default:
|
||||
return -EOPNOTSUPP;
|
||||
}
|
||||
diff --git a/drivers/net/ethernet/dlink/dl2k.h b/drivers/net/ethernet/dlink/dl2k.h
|
||||
index ba0adca..30c2da3 100644
|
||||
--- a/drivers/net/ethernet/dlink/dl2k.h
|
||||
+++ b/drivers/net/ethernet/dlink/dl2k.h
|
||||
@@ -365,13 +365,6 @@ struct ioctl_data {
|
||||
char *data;
|
||||
};
|
||||
|
||||
-struct mii_data {
|
||||
- __u16 reserved;
|
||||
- __u16 reg_num;
|
||||
- __u16 in_value;
|
||||
- __u16 out_value;
|
||||
-};
|
||||
-
|
||||
/* The Rx and Tx buffer descriptors. */
|
||||
struct netdev_desc {
|
||||
__le64 next_desc;
|
||||
--
|
||||
1.7.7.6
|
||||
|
11
kernel.spec
11
kernel.spec
|
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||
# For non-released -rc kernels, this will be appended after the rcX and
|
||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||
#
|
||||
%global baserelease 3
|
||||
%global baserelease 4
|
||||
%global fedora_build %{baserelease}
|
||||
|
||||
# base_sublevel is the kernel version we're starting with and patching
|
||||
|
@ -812,6 +812,9 @@ Patch22014: efifb-skip-DMI-checks-if-bootloader-knows.patch
|
|||
#Lots of fixes from 3.3.5 stable queue
|
||||
Patch22015: stable-queue-3.3.5-0502.patch
|
||||
|
||||
#rhbz 818820
|
||||
Patch22016: dl2k-Clean-up-rio_ioctl.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
@ -1572,6 +1575,9 @@ ApplyPatch efifb-skip-DMI-checks-if-bootloader-knows.patch
|
|||
#Lots of fixes from 3.3.5 stable queue
|
||||
ApplyPatch stable-queue-3.3.5-0502.patch
|
||||
|
||||
#rhbz 818820
|
||||
ApplyPatch dl2k-Clean-up-rio_ioctl.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
|
@ -2426,6 +2432,9 @@ fi
|
|||
# '-' | |
|
||||
# '-'
|
||||
%changelog
|
||||
* Fri May 04 2012 Josh Boyer <jwboyer@redhat.com>
|
||||
- unfiltered netdev rio_ioctl access by users (rhbz 818820)
|
||||
|
||||
* Thu May 03 2012 Dennis Gilmore <dennis@ausil.us>
|
||||
- enable the kms omap driver
|
||||
|
||||
|
|
Loading…
Reference in New Issue