Page MenuHomeFreeBSD
Differential D23933

bnxt(4): Fix ioctls when user addresses are inaccessable.
ClosedPublic
Actions

Authored by brooks on Mar 2 2020, 11:15 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 1, 4:16 AM
Unknown Object (File)
Oct 4 2024, 9:39 PM
Unknown Object (File)
Oct 4 2024, 7:05 PM
Unknown Object (File)
Oct 1 2024, 5:48 AM
Unknown Object (File)
Sep 30 2024, 11:21 PM
Unknown Object (File)
Sep 30 2024, 6:41 AM
Unknown Object (File)
Sep 26 2024, 2:27 PM
Unknown Object (File)
Sep 5 2024, 2:30 AM
View All 52 Files
Subscribers
ae
imp
melifaro

Details

Reviewers
shurd
jhb
cem
Commits
rS359026: MFC r358630:
rS359025: MFC r358630:
rS358630: bnxt(4): Fix ioctls when user addresses are inaccessable.
Summary

Check copyin's error code (differ adding copyout checks at this time).

Don't directly access user memory in the switch statement.

Since bnxt_ioctl_data isn't all that big, use a stack allocation.

Diff Detail

Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 29741
Build 27579: arc lint + arc unit

Event Timeline

brooks created this revision.Mar 2 2020, 11:15 PM
Herald added subscribers: melifaro, ae. · View Herald TranscriptMar 2 2020, 11:15 PM
Harbormaster completed remote builds in B29741: Diff 69094.Mar 2 2020, 11:15 PM
cem resigned from this revision.Mar 3 2020, 12:05 AM
jhb added a comment.Mar 3 2020, 5:33 PM

I would maybe do it as two commits (bnxt on its own)? I was going to suggest checking the copyin/copyout return errors in bnxt, but that's a non-trivial change worthy of its own commit if someone does it. The copyin in particular really should be checked to avoid using malloc garbage as inputs to the routines the ioctls invoke.

jhb accepted this revision.Mar 3 2020, 5:33 PM
This revision is now accepted and ready to land.Mar 3 2020, 5:33 PM
brooks mentioned this in rS358592: Expose ifr_buffer_get_(buffer|length) outside if.c..Mar 3 2020, 6:05 PM
brooks updated this revision to Diff 69137.Mar 3 2020, 7:05 PM
  • Rebase
  • Check copyin's error code.
  • Don't free a stack pointer.
This revision now requires review to proceed.Mar 3 2020, 7:05 PM
Harbormaster completed remote builds in B29763: Diff 69137.Mar 3 2020, 7:05 PM
brooks updated this revision to Diff 69138.Mar 3 2020, 7:11 PM
  • Don't copy too much.
Harbormaster completed remote builds in B29764: Diff 69138.Mar 3 2020, 7:11 PM
brooks edited the summary of this revision. (Show Details)Mar 3 2020, 7:11 PM
jhb accepted this revision.Mar 3 2020, 10:39 PM
This revision is now accepted and ready to land.Mar 3 2020, 10:39 PM
Closed by commit rS358630: bnxt(4): Fix ioctls when user addresses are inaccessable. (authored by brooks). · Explain WhyMar 4 2020, 5:56 PM
This revision was automatically updated to reflect the committed changes.
brooks added a commit: rS358630: bnxt(4): Fix ioctls when user addresses are inaccessable..
Herald added a subscriber: imp. · View Herald TranscriptMar 4 2020, 5:56 PM
brooks mentioned this in rS359023: MFC r358592:.Mar 16 2020, 11:09 PM
brooks mentioned this in rS359024: MFC r358592:.Mar 16 2020, 11:15 PM
brooks added a commit: rS359025: MFC r358630:.Mar 16 2020, 11:21 PM
brooks added a commit: rS359026: MFC r358630:.Mar 16 2020, 11:29 PM

Revision Contents
Changeset List

PathSize
sys/
dev/
bnxt/
45 lines
net/
4 lines
2 lines

Diff 69094

View Options

sys/dev/bnxt/if_bnxt.c

Loading...
View Options

sys/net/if.c

Loading...
View Options

sys/net/if_var.h

Loading...