RE: [PATCH] net/ethernet/realtek: Add Realtek automotive PCIe driver

From: Justin Lai
Date: Thu Aug 03 2023 - 09:22:09 EST


Hi, Jiri Pirko

Our device is multi-function, one of which is netdev and the other is character device. For character devices, we have some custom functions that must use copy_from_user or copy_to_user to pass data.

-----Original Message-----
From: Jiri Pirko <jiri@xxxxxxxxxxx>
Sent: Thursday, August 3, 2023 4:57 PM
To: Justin Lai <justinlai0215@xxxxxxxxxxx>
Cc: kuba@xxxxxxxxxx; davem@xxxxxxxxxxxxx; edumazet@xxxxxxxxxx; pabeni@xxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; netdev@xxxxxxxxxxxxxxx
Subject: Re: [PATCH] net/ethernet/realtek: Add Realtek automotive PCIe driver


External mail.



Thu, Aug 03, 2023 at 10:25:13AM CEST, justinlai0215@xxxxxxxxxxx wrote:
>This patch is to add the ethernet device driver for the PCIe interface
>of Realtek Automotive Ethernet Switch, applicable to RTL9054, RTL9068, RTL9072, RTL9075, RTL9068, RTL9071.
>
>Signed-off-by: justinlai0215 <justinlai0215@xxxxxxxxxxx>

[...]


>+
>+static long rtase_swc_ioctl(struct file *p_file, unsigned int cmd,
>+unsigned long arg)

There are *MANY* thing wrong in this patch spotted just during 5 minutes skimming over the code, but this definitelly tops all of them.
I didn't see so obvious kernel bypass attempt for a long time. Ugh, you can't be serious :/

I suggest to you take couple of rounds of consulting the patch with some skilled upstream developer internaly before you make another submission in order not not to waste time of reviewers.


>+{
>+ long rc = 0;
>+ struct rtase_swc_cmd_t sw_cmd;
>+
>+ (void)p_file;
>+
>+ if (rtase_swc_device.init_flag == 1u) {
>+ rc = -ENXIO;
>+ goto out;
>+ }
>+
>+ rc = (s64)(copy_from_user(&sw_cmd, (void *)arg, sizeof(struct
>+ rtase_swc_cmd_t)));
>+
>+ if (rc != 0) {
>+ SWC_DRIVER_INFO("rtase_swc copy_from_user failed.");
>+ } else {
>+ switch (cmd) {
>+ case SWC_CMD_REG_GET:
>+ rtase_swc_reg_get(&sw_cmd);
>+ rc = (s64)(copy_to_user((void *)arg, &sw_cmd,
>+ sizeof(struct rtase_swc_cmd_t)));
>+ break;
>+
>+ case SWC_CMD_REG_SET:
>+ rtase_swc_reg_set(&sw_cmd);
>+ rc = (s64)(copy_to_user((void *)arg, &sw_cmd,
>+ sizeof(struct rtase_swc_cmd_t)));
>+ break;
>+
>+ default:
>+ rc = -ENOTTY;
>+ break;
>+ }
>+ }
>+
>+out:
>+ return rc;
>+}

[...]

------Please consider the environment before printing this e-mail.