if (_IOC_TYPE(cmd) != PP_IOCTL)
return -ENOTTY;
Invalid ioctl command check normally performs by “default” case.
if (_IOC_DIR(cmd) != _IOC_NONE) {
argp = (void __user *)arg;
if (!argp)
return -EINVAL; }
And for checking ioctl arguments, copy_from_user()/copy_to_user()
checks are enough.
Signed-off-by: Harshal Chaudhari <[email protected]>
---
drivers/misc/xilinx_sdfec.c | 16 +++-------------
1 file changed, 3 insertions(+), 13 deletions(-)
diff --git a/drivers/misc/xilinx_sdfec.c b/drivers/misc/xilinx_sdfec.c
index 92291292756a..ff104c894b3b 100644
--- a/drivers/misc/xilinx_sdfec.c
+++ b/drivers/misc/xilinx_sdfec.c
@@ -944,8 +944,8 @@ static long xsdfec_dev_ioctl(struct file *fptr, unsigned int cmd,
unsigned long data)
{
struct xsdfec_dev *xsdfec;
- void __user *arg = NULL;
- int rval = -EINVAL;
+ void __user *arg = (void __user *)data;
+ int rval;
xsdfec = container_of(fptr->private_data, struct xsdfec_dev, miscdev);
@@ -956,16 +956,6 @@ static long xsdfec_dev_ioctl(struct file *fptr, unsigned int cmd,
return -EPERM;
}
- if (_IOC_TYPE(cmd) != XSDFEC_MAGIC)
- return -ENOTTY;
-
- /* check if ioctl argument is present and valid */
- if (_IOC_DIR(cmd) != _IOC_NONE) {
- arg = (void __user *)data;
- if (!arg)
- return rval;
- }
-
switch (cmd) {
case XSDFEC_START_DEV:
rval = xsdfec_start(xsdfec);
@@ -1010,7 +1000,7 @@ static long xsdfec_dev_ioctl(struct file *fptr, unsigned int cmd,
rval = xsdfec_is_active(xsdfec, (bool __user *)arg);
break;
default:
- /* Should not get here */
+ rval = -ENOTTY;
break;
}
return rval;
--
2.17.1
On Sun, Nov 1, 2020 at 6:09 PM Harshal Chaudhari
<[email protected]> wrote:
>
> if (_IOC_TYPE(cmd) != PP_IOCTL)
> return -ENOTTY;
>
> Invalid ioctl command check normally performs by “default” case.
>
> if (_IOC_DIR(cmd) != _IOC_NONE) {
> argp = (void __user *)arg;
> if (!argp)
> return -EINVAL; }
>
> And for checking ioctl arguments, copy_from_user()/copy_to_user()
> checks are enough.
>
> Signed-off-by: Harshal Chaudhari <[email protected]>
Thanks for following up on this,
Reviewed-by: Arnd Bergmann <[email protected]>
> -----Original Message-----
> From: Harshal Chaudhari <[email protected]>
> Sent: Sunday 1 November 2020 17:10
> To: [email protected]; Dragan Cvetic <[email protected]>
> Cc: Derek Kiernan <[email protected]>; [email protected]; Michal Simek <[email protected]>; linux-arm-
> [email protected]; [email protected]
> Subject: [PATCH] misc: xilinx-sdfec: remove check for ioctl cmd and argument.
>
> if (_IOC_TYPE(cmd) != PP_IOCTL)
> return -ENOTTY;
>
> Invalid ioctl command check normally performs by “default” case.
>
> if (_IOC_DIR(cmd) != _IOC_NONE) {
> argp = (void __user *)arg;
> if (!argp)
> return -EINVAL; }
>
> And for checking ioctl arguments, copy_from_user()/copy_to_user()
> checks are enough.
>
> Signed-off-by: Harshal Chaudhari <[email protected]>
> ---
> drivers/misc/xilinx_sdfec.c | 16 +++-------------
> 1 file changed, 3 insertions(+), 13 deletions(-)
>
> diff --git a/drivers/misc/xilinx_sdfec.c b/drivers/misc/xilinx_sdfec.c
> index 92291292756a..ff104c894b3b 100644
> --- a/drivers/misc/xilinx_sdfec.c
> +++ b/drivers/misc/xilinx_sdfec.c
> @@ -944,8 +944,8 @@ static long xsdfec_dev_ioctl(struct file *fptr, unsigned int cmd,
> unsigned long data)
> {
> struct xsdfec_dev *xsdfec;
> - void __user *arg = NULL;
> - int rval = -EINVAL;
> + void __user *arg = (void __user *)data;
> + int rval;
>
> xsdfec = container_of(fptr->private_data, struct xsdfec_dev, miscdev);
>
> @@ -956,16 +956,6 @@ static long xsdfec_dev_ioctl(struct file *fptr, unsigned int cmd,
> return -EPERM;
> }
>
> - if (_IOC_TYPE(cmd) != XSDFEC_MAGIC)
> - return -ENOTTY;
> -
> - /* check if ioctl argument is present and valid */
> - if (_IOC_DIR(cmd) != _IOC_NONE) {
> - arg = (void __user *)data;
> - if (!arg)
> - return rval;
> - }
> -
> switch (cmd) {
> case XSDFEC_START_DEV:
> rval = xsdfec_start(xsdfec);
> @@ -1010,7 +1000,7 @@ static long xsdfec_dev_ioctl(struct file *fptr, unsigned int cmd,
> rval = xsdfec_is_active(xsdfec, (bool __user *)arg);
> break;
> default:
> - /* Should not get here */
> + rval = -ENOTTY;
> break;
> }
> return rval;
> --
> 2.17.1
Acked-by: Dragan Cvetic <[email protected]>