On Thu, Mar 10, 2016 at 11:17:23AM +0800, Jiang Lu wrote:When getting serial struct, compat ioctl code just set it to 0xffffffff when 64bit iomem_base is beyond 32bit in kernel.
compat_ioctl use 0xffffffff as a magic number to mark invalid pointerThis looks really odd to me, why do we care about userspace issues here?
for iomem_base in serial_struct when truncating a 64bit pointer into
Serial driver need recognize this invalid pointer when parsing
serial_struct from userspace.
Signed-off-by: Jiang Lu <lu.jiang@xxxxxxxxxxxxx>
drivers/tty/serial/serial_core.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/tty/serial/serial_core.c b/drivers/tty/serial/serial_core.c
index a5d545e..d293536 100644
@@ -745,6 +745,9 @@ static int uart_set_info(struct tty_struct *tty, struct tty_port *port,
* allocations, we should treat type changes the same as
* IO port changes.
+ if ((unsigned long)new_info->iomem_base == 0xffffffff)
+ new_info->iomem_base = (void *)(unsigned long)uport->mapbase;
Shouldn't the compat ioctl code have handled this already all for us?
And why set it to mapbase? Just to keep it from being changed?
this worries me...