Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Mar 2018 17:35:15 +0000 (UTC)
From:      Brooks Davis <brooks@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r331629 - in stable/11/sys: cam/scsi modules/cam
Message-ID:  <201803271735.w2RHZFs5064777@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: brooks
Date: Tue Mar 27 17:35:15 2018
New Revision: 331629
URL: https://svnweb.freebsd.org/changeset/base/331629

Log:
  MFC r330819, r330885, r330934
  
  r330819:
  Reject CAMIOGET and CAMIOQUEUE ioctl's on pass(4) in 32-bit compat mode.
  
  These take a union ccb argument which is full of kernel pointers.
  Substantial translation efforts would be required to make this work.
  By rejecting the request we avoid processing or returning entierly
  wrong data.
  
  Reviewed by:	imp, ken, markj, cem
  Obtained from:	CheriBSD
  Sponsored by:	DARPA, AFRL
  Differential Revision:	https://reviews.freebsd.org/D14654
  
  r330885:
  We need opt_compat.h after r330819 and 330820.
  
  Add opt_compat.h to fix the stand-alone build case.
  
  Sponsored by: Netflix.
  
  r330934:
  This should have been += so clean builds work.
  
  Noticed by: hps@

Modified:
  stable/11/sys/cam/scsi/scsi_pass.c
  stable/11/sys/modules/cam/Makefile
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/cam/scsi/scsi_pass.c
==============================================================================
--- stable/11/sys/cam/scsi/scsi_pass.c	Tue Mar 27 17:34:28 2018	(r331628)
+++ stable/11/sys/cam/scsi/scsi_pass.c	Tue Mar 27 17:35:15 2018	(r331629)
@@ -28,6 +28,8 @@
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");
 
+#include "opt_compat.h"
+
 #include <sys/param.h>
 #include <sys/systm.h>
 #include <sys/kernel.h>
@@ -43,6 +45,7 @@ __FBSDID("$FreeBSD$");
 #include <sys/poll.h>
 #include <sys/selinfo.h>
 #include <sys/sdt.h>
+#include <sys/sysent.h>
 #include <sys/taskqueue.h>
 #include <vm/uma.h>
 #include <vm/vm.h>
@@ -1860,6 +1863,12 @@ passdoioctl(struct cdev *dev, u_long cmd, caddr_t addr
 		union ccb **user_ccb, *ccb;
 		xpt_opcode fc;
 
+#ifdef COMPAT_FREEBSD32
+		if (SV_PROC_FLAG(td->td_proc, SV_ILP32)) {
+			error = ENOTTY;
+			goto bailout;
+		}
+#endif
 		if ((softc->flags & PASS_FLAG_ZONE_VALID) == 0) {
 			error = passcreatezone(periph);
 			if (error != 0)
@@ -2030,6 +2039,12 @@ camioqueue_error:
 		struct pass_io_req *io_req;
 		int old_error;
 
+#ifdef COMPAT_FREEBSD32
+		if (SV_PROC_FLAG(td->td_proc, SV_ILP32)) {
+			error = ENOTTY;
+			goto bailout;
+		}
+#endif
 		user_ccb = (union ccb **)addr;
 		old_error = 0;
 

Modified: stable/11/sys/modules/cam/Makefile
==============================================================================
--- stable/11/sys/modules/cam/Makefile	Tue Mar 27 17:34:28 2018	(r331628)
+++ stable/11/sys/modules/cam/Makefile	Tue Mar 27 17:35:15 2018	(r331629)
@@ -8,6 +8,7 @@ KMOD=	cam
 
 # See sys/conf/options for the flags that go into the different opt_*.h files.
 SRCS=	opt_cam.h
+SRCS+=	opt_compat.h
 SRCS+=	opt_ada.h
 SRCS+=	opt_scsi.h
 SRCS+=	opt_cd.h



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803271735.w2RHZFs5064777>