wext: Fix 32 bit iwpriv compatibility issue with 64 bit Kernel

iwpriv app uses iw_point structure to send data to Kernel. The iw_point structure holds a pointer. For compatibility Kernel converts the pointer as required for WEXT IOCTLs (SIOCIWFIRST to SIOCIWLAST). Some drivers may use iw_handler_def.private_args to populate iwpriv commands instead of iw_handler_def.private. For those case, the IOCTLs from SIOCIWFIRSTPRIV to SIOCIWLASTPRIV will follow the path ndo_do_ioctl(). Accordingly when the filled up iw_point structure comes from 32 bit iwpriv to 64 bit Kernel, Kernel will not convert the pointer and sends it to driver. So, the driver may get the invalid data. The pointer conversion for the IOCTLs (SIOCIWFIRSTPRIV to SIOCIWLASTPRIV), which follow the path ndo_do_ioctl(), is mandatory. This patch adds pointer conversion from 32 bit to 64 bit and vice versa, if the ioctl comes from 32 bit iwpriv to 64 bit Kernel. Cc: stable@vger.kernel.org Signed-off-by: Prasun Maiti <prasunmaiti87@gmail.com> Signed-off-by: Ujjal Roy <royujjal@gmail.com> Tested-by: Dibyajyoti Ghosh <dibyajyotig@gmail.com> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
author: Prasun Maiti <prasunmaiti87@gmail.com> 2016-06-06 10:34:19 -0400
committer: Johannes Berg <johannes.berg@intel.com> 2016-06-09 03:56:11 -0400
commit: 3d5fdff46c4b2b9534fa2f9fc78e90a48e0ff724 (patch)
tree: 40bd726dc1a385da9f3c43652b12f3a3df7c9dab /net
parent: 6cbf6236d54c24b9a29e6892549c25b6902b44ce (diff)
1 files changed, 23 insertions, 2 deletions
diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c
index 6250b1cfcde5..dbb2738e356a 100644
--- a/net/wireless/wext-core.c
+++ b/net/wireless/wext-core.c
@@ -958,8 +958,29 @@ static int wireless_process_ioctl(struct net *net, struct ifreq *ifr,
                        return private(dev, iwr, cmd, info, handler);
        }
        /* Old driver API : call driver ioctl handler */
-        if (dev->netdev_ops->ndo_do_ioctl)
+        if (dev->netdev_ops->ndo_do_ioctl) {
-                return dev->netdev_ops->ndo_do_ioctl(dev, ifr, cmd);
+#ifdef CONFIG_COMPAT
+                if (info->flags & IW_REQUEST_FLAG_COMPAT) {
+                        int ret = 0;
+                        struct iwreq iwr_lcl;
+                        struct compat_iw_point *iwp_compat = (void *) &iwr->u.data;
+                        memcpy(&iwr_lcl, iwr, sizeof(struct iwreq));
+                        iwr_lcl.u.data.pointer = compat_ptr(iwp_compat->pointer);
+                        iwr_lcl.u.data.length = iwp_compat->length;
+                        iwr_lcl.u.data.flags = iwp_compat->flags;
+                        ret = dev->netdev_ops->ndo_do_ioctl(dev, (void *) &iwr_lcl, cmd);
+                        iwp_compat->pointer = ptr_to_compat(iwr_lcl.u.data.pointer);
+                        iwp_compat->length = iwr_lcl.u.data.length;
+                        iwp_compat->flags = iwr_lcl.u.data.flags;
+                        return ret;
+                } else
+#endif
+                        return dev->netdev_ops->ndo_do_ioctl(dev, ifr, cmd);
+        }
        return -EOPNOTSUPP;
 }
author	Prasun Maiti <prasunmaiti87@gmail.com>	2016-06-06 10:34:19 -0400
committer	Johannes Berg <johannes.berg@intel.com>	2016-06-09 03:56:11 -0400
commit	3d5fdff46c4b2b9534fa2f9fc78e90a48e0ff724 (patch)
tree	40bd726dc1a385da9f3c43652b12f3a3df7c9dab /net
parent	6cbf6236d54c24b9a29e6892549c25b6902b44ce (diff)

diff --git a/net/wireless/wext-core.c b/net/wireless/wext-core.c index 6250b1cfcde5..dbb2738e356a 100644 --- a/net/wireless/wext-core.c +++ b/net/wireless/wext-core.c
@@ -958,8 +958,29 @@ static int wireless_process_ioctl(struct net net, struct ifreq ifr,
958	return private(dev, iwr, cmd, info, handler);	958	return private(dev, iwr, cmd, info, handler);
959	}	959	}
960	/* Old driver API : call driver ioctl handler */	960	/* Old driver API : call driver ioctl handler */
961	if (dev->netdev_ops->ndo_do_ioctl)	961	if (dev->netdev_ops->ndo_do_ioctl) {
962	return dev->netdev_ops->ndo_do_ioctl(dev, ifr, cmd);	962	#ifdef CONFIG_COMPAT
		963	if (info->flags & IW_REQUEST_FLAG_COMPAT) {
		964	int ret = 0;
		965	struct iwreq iwr_lcl;
		966	struct compat_iw_point iwp_compat = (void ) &iwr->u.data;
		967
		968	memcpy(&iwr_lcl, iwr, sizeof(struct iwreq));
		969	iwr_lcl.u.data.pointer = compat_ptr(iwp_compat->pointer);
		970	iwr_lcl.u.data.length = iwp_compat->length;
		971	iwr_lcl.u.data.flags = iwp_compat->flags;
		972
		973	ret = dev->netdev_ops->ndo_do_ioctl(dev, (void *) &iwr_lcl, cmd);
		974
		975	iwp_compat->pointer = ptr_to_compat(iwr_lcl.u.data.pointer);
		976	iwp_compat->length = iwr_lcl.u.data.length;
		977	iwp_compat->flags = iwr_lcl.u.data.flags;
		978
		979	return ret;
		980	} else
		981	#endif
		982	return dev->netdev_ops->ndo_do_ioctl(dev, ifr, cmd);
		983	}
963	return -EOPNOTSUPP;	984	return -EOPNOTSUPP;
964	}	985	}
965		986