summaryrefslogtreecommitdiffstats
path: root/block/blk-core.c
diff options
context:
space:
mode:
authorJann Horn <jann@thejh.net>2016-01-05 18:27:30 +0100
committerAl Viro <viro@zeniv.linux.org.uk>2016-01-09 03:18:13 +0100
commita7f61e89af73e9bf760826b20dba4e637221fcb9 (patch)
tree1a789dfbe2d49a18745416914e090425c44ae454 /block/blk-core.c
parentcompat_ioctl: don't pass fd around when not needed (diff)
downloadlinux-a7f61e89af73e9bf760826b20dba4e637221fcb9.tar.xz
linux-a7f61e89af73e9bf760826b20dba4e637221fcb9.zip
compat_ioctl: don't call do_ioctl under set_fs(KERNEL_DS)
This replaces all code in fs/compat_ioctl.c that translated ioctl arguments into a in-kernel structure, then performed do_ioctl under set_fs(KERNEL_DS), with code that allocates data on the user stack and can call the VFS ioctl handler under USER_DS. This is done as a hardening measure because the caller does not know what kind of ioctl handler will be invoked, only that no corresponding compat_ioctl handler exists and what the ioctl command number is. The accidental invocation of an unlocked_ioctl handler that unexpectedly calls copy_to_user could be a severe security issue. Signed-off-by: Jann Horn <jann@thejh.net> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'block/blk-core.c')
0 files changed, 0 insertions, 0 deletions