On Mon, 2013-06-24 at 13:01 -0700, David Miller wrote:
> From: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
> Date: Mon, 24 Jun 2013 19:05:03 +0300
>
> > If we "cmd == SIOCDEVPRIVATE" then we use data[] without initializing
> > it. The most common case is that we would return -EOPNOTSUPP. The
> > other case is that we'd end up reading and writing to randomish places.
> > This requires CAP_SYS_RAWIO so it's not very bad.
> >
> > The fix is to not allow SIOCDEVPRIVATE because it doesn't work. I
> > returned -EOPNOTSUPP instead of -ENOTTY because that's what is used in
> > the rest of the file.
> >
> > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
>
> I think the intention is to only allow SIOCDEVPRIVATE, rather than
> accept any and all values other than it which are inside of the
> private ioctl range.
>
> The 'cmd' validation is one step, and it determines the interpretation
> of data[0].
But data is only initialised on the error path. So this whole function
is useless. It might as well be removed entirely.
(Also, drivers generally should not assign SIOCDEVPRIVATE+{0,1,2}, as
those numbers used to be conventionally used for MII operations.)
Ben.
--
Ben Hutchings, Staff Engineer, Solarflare
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
