tty: rocket: Remove RCPK_GET_STRUCT ioctl

If the cmd is RCPK_GET_STRUCT, copy_to_user will copy info to user space. As info->port.ops is the address of a constant object rocket_port_ops (assigned in init_r_port), a kernel address leakage happens. Remove the RCPK_GET_STRUCT ioctl. Signed-off-by: Fuqian Huang <huangfq.daxian@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Fuqian Huang <huangfq.daxian@gmail.com> 2019-04-18 00:35:57 -0400
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-04-25 05:58:56 -0400
commit: 29973f8a88b001ebc605c88cdee124f7256ecdbf (patch)
tree: 8606f14cb8e4a3c6f186d8e049f15266be01c59e
parent: 8daa89e099708db1ffc694c812cb3c0737f1e22b (diff)
2 files changed, 0 insertions, 5 deletions
diff --git a/drivers/tty/rocket.c b/drivers/tty/rocket.c
index b121d8f8f3d7..b6543e28bd8b 100644
--- a/drivers/tty/rocket.c
+++ b/drivers/tty/rocket.c
@@ -1283,10 +1283,6 @@ static int rp_ioctl(struct tty_struct *tty,
                return -ENXIO;
        switch (cmd) {
-        case RCKP_GET_STRUCT:
-                if (copy_to_user(argp, info, sizeof (struct r_port)))
-                        ret = -EFAULT;
-                break;
        case RCKP_GET_CONFIG:
                ret = get_config(info, argp);
                break;
diff --git a/drivers/tty/rocket.h b/drivers/tty/rocket.h
index d0560203f215..d62ed6587f32 100644
--- a/drivers/tty/rocket.h
+++ b/drivers/tty/rocket.h
@@ -71,7 +71,6 @@ struct rocket_version {
 /*
 * Rocketport ioctls -- "RP"
 */
-#define RCKP_GET_STRUCT         0x00525001
 #define RCKP_GET_CONFIG         0x00525002
 #define RCKP_SET_CONFIG         0x00525003
 #define RCKP_GET_PORTS          0x00525004
author	Fuqian Huang <huangfq.daxian@gmail.com>	2019-04-18 00:35:57 -0400
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-04-25 05:58:56 -0400
commit	29973f8a88b001ebc605c88cdee124f7256ecdbf (patch)
tree	8606f14cb8e4a3c6f186d8e049f15266be01c59e
parent	8daa89e099708db1ffc694c812cb3c0737f1e22b (diff)