Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp338675ybl; Fri, 9 Aug 2019 06:48:48 -0700 (PDT) X-Google-Smtp-Source: APXvYqxYUUHmILMMxnVmSGSB7H8QOYSxY8zLGwYGPtZyziAshSdDgPIyDHDEe7tIeSyRvNe/ut/s X-Received: by 2002:a17:90a:8d0c:: with SMTP id c12mr9244281pjo.140.1565358528452; Fri, 09 Aug 2019 06:48:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565358528; cv=none; d=google.com; s=arc-20160816; b=uGGypUaI4Mj+alnasJasHT0w/e9GgQhKgZDImni0ubmaJCzFhLuRyHw2cuqVEPLOk5 DxM6EcQb8hl9ONcd2pZ14vPkvIaSHcGb7RUrIE3/nq9bB6BirKW+QAxxRGxkj97AkXM3 ucFQkQea5kmRmnfOthd2B2kZWVLmgJtcPzSn0uWc0PuQ6u0DnBO6/S/BWVgyPLt/akOV WQEOpltTQRnzJ0RI9OjUPztbLGqWJz7FdGSTIwQJzJwDdxqktN1KtR8lDiSlQs2vcAAV 7Kps7ROHQRUd5pwdvOEPLanKuYlZI5HaMoH+RaTzGY5xOnH1IQCTjPhOI/yq14b79XPA 7fyw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=qXEpdpmbPkLFmm7PAaGBqlPPpu9fOrN8eUBorveMqB0=; b=Y3rhRkYCjoyHeIu8bOSHm6FZtvvtv8Hyrp+PNr1PQn5mtKW/5X56W+RIpFBQ/EMD4F 2K1T6g40UJRh4TSe465I8BNxz2OaRq27ewsrUnorQnwIKNx8EJI/VRwmaPeROAaX/rmz vf5rNINaBAni1xVqKP1ShX7WIaWoSZzNOYJN0uN/r1XRD32BWCJiNQZlbcjhGGeaceGu HBWXgk7ykj4APw4+EW7BqAlx+uaRdLo0mG/ds8rIcC6ZAlljQIrCysxqPbzO1OoDztLB R7j9h/oxE/NnSg5NkMFXOh0Kp/NEC/FpBBugl53q46U6a/WLsg9869VJjo8KLkWEeQwh 9MSA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="rmQBb/wn"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t63si53921020pfb.5.2019.08.09.06.48.32; Fri, 09 Aug 2019 06:48:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="rmQBb/wn"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2407238AbfHINrV (ORCPT + 99 others); Fri, 9 Aug 2019 09:47:21 -0400 Received: from mail.kernel.org ([198.145.29.99]:37184 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2436581AbfHINrO (ORCPT ); Fri, 9 Aug 2019 09:47:14 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id A7298214C6; Fri, 9 Aug 2019 13:47:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1565358433; bh=U3I60eBloYH8iXvNq5ZWbVj8YNAVrhNeUtJjf/naJ28=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=rmQBb/wnfCFRP2cgw5AmQNcu3PmDEOf9PobiXAN9k6pu+p9n2VX9ftRKWFnF3SfUr RCT2YKhg58N6bYv0mT9XNVlDtyPS09zU3K4+dbingF1VLqkgRawvZDKf9dbx7Bv79D ttwpCrn/l5XDMJtvr67fqIB8T2umH1oRd0Umq+dc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Guillaume Nault , Arnd Bergmann , "David S. Miller" Subject: [PATCH 4.9 22/32] compat_ioctl: pppoe: fix PPPOEIOCSFWD handling Date: Fri, 9 Aug 2019 15:45:25 +0200 Message-Id: <20190809133923.657520709@linuxfoundation.org> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190809133922.945349906@linuxfoundation.org> References: <20190809133922.945349906@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Arnd Bergmann [ Upstream commit 055d88242a6046a1ceac3167290f054c72571cd9 ] Support for handling the PPPOEIOCSFWD ioctl in compat mode was added in linux-2.5.69 along with hundreds of other commands, but was always broken sincen only the structure is compatible, but the command number is not, due to the size being sizeof(size_t), or at first sizeof(sizeof((struct sockaddr_pppox)), which is different on 64-bit architectures. Guillaume Nault adds: And the implementation was broken until 2016 (see 29e73269aa4d ("pppoe: fix reference counting in PPPoE proxy")), and nobody ever noticed. I should probably have removed this ioctl entirely instead of fixing it. Clearly, it has never been used. Fix it by adding a compat_ioctl handler for all pppoe variants that translates the command number and then calls the regular ioctl function. All other ioctl commands handled by pppoe are compatible between 32-bit and 64-bit, and require compat_ptr() conversion. This should apply to all stable kernels. Acked-by: Guillaume Nault Signed-off-by: Arnd Bergmann Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- drivers/net/ppp/pppoe.c | 3 +++ drivers/net/ppp/pppox.c | 13 +++++++++++++ drivers/net/ppp/pptp.c | 3 +++ fs/compat_ioctl.c | 3 --- include/linux/if_pppox.h | 3 +++ net/l2tp/l2tp_ppp.c | 3 +++ 6 files changed, 25 insertions(+), 3 deletions(-) --- a/drivers/net/ppp/pppoe.c +++ b/drivers/net/ppp/pppoe.c @@ -1134,6 +1134,9 @@ static const struct proto_ops pppoe_ops .recvmsg = pppoe_recvmsg, .mmap = sock_no_mmap, .ioctl = pppox_ioctl, +#ifdef CONFIG_COMPAT + .compat_ioctl = pppox_compat_ioctl, +#endif }; static const struct pppox_proto pppoe_proto = { --- a/drivers/net/ppp/pppox.c +++ b/drivers/net/ppp/pppox.c @@ -22,6 +22,7 @@ #include #include #include +#include #include #include #include @@ -103,6 +104,18 @@ int pppox_ioctl(struct socket *sock, uns EXPORT_SYMBOL(pppox_ioctl); +#ifdef CONFIG_COMPAT +int pppox_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) +{ + if (cmd == PPPOEIOCSFWD32) + cmd = PPPOEIOCSFWD; + + return pppox_ioctl(sock, cmd, (unsigned long)compat_ptr(arg)); +} + +EXPORT_SYMBOL(pppox_compat_ioctl); +#endif + static int pppox_create(struct net *net, struct socket *sock, int protocol, int kern) { --- a/drivers/net/ppp/pptp.c +++ b/drivers/net/ppp/pptp.c @@ -638,6 +638,9 @@ static const struct proto_ops pptp_ops = .recvmsg = sock_no_recvmsg, .mmap = sock_no_mmap, .ioctl = pppox_ioctl, +#ifdef CONFIG_COMPAT + .compat_ioctl = pppox_compat_ioctl, +#endif }; static const struct pppox_proto pppox_pptp_proto = { --- a/fs/compat_ioctl.c +++ b/fs/compat_ioctl.c @@ -1038,9 +1038,6 @@ COMPATIBLE_IOCTL(PPPIOCDISCONN) COMPATIBLE_IOCTL(PPPIOCATTCHAN) COMPATIBLE_IOCTL(PPPIOCGCHAN) COMPATIBLE_IOCTL(PPPIOCGL2TPSTATS) -/* PPPOX */ -COMPATIBLE_IOCTL(PPPOEIOCSFWD) -COMPATIBLE_IOCTL(PPPOEIOCDFWD) /* Big A */ /* sparc only */ /* Big Q for sound/OSS */ --- a/include/linux/if_pppox.h +++ b/include/linux/if_pppox.h @@ -84,6 +84,9 @@ extern int register_pppox_proto(int prot extern void unregister_pppox_proto(int proto_num); extern void pppox_unbind_sock(struct sock *sk);/* delete ppp-channel binding */ extern int pppox_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg); +extern int pppox_compat_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg); + +#define PPPOEIOCSFWD32 _IOW(0xB1 ,0, compat_size_t) /* PPPoX socket states */ enum { --- a/net/l2tp/l2tp_ppp.c +++ b/net/l2tp/l2tp_ppp.c @@ -1790,6 +1790,9 @@ static const struct proto_ops pppol2tp_o .recvmsg = pppol2tp_recvmsg, .mmap = sock_no_mmap, .ioctl = pppox_ioctl, +#ifdef CONFIG_COMPAT + .compat_ioctl = pppox_compat_ioctl, +#endif }; static const struct pppox_proto pppol2tp_proto = {