From owner-svn-src-head@freebsd.org Mon Mar 12 22:58:08 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 14731F52A16; Mon, 12 Mar 2018 22:58:08 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B978B79150; Mon, 12 Mar 2018 22:58:07 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A57A311E8E; Mon, 12 Mar 2018 22:58:07 +0000 (UTC) (envelope-from brooks@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w2CMw7LH078833; Mon, 12 Mar 2018 22:58:07 GMT (envelope-from brooks@FreeBSD.org) Received: (from brooks@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w2CMw7qb078832; Mon, 12 Mar 2018 22:58:07 GMT (envelope-from brooks@FreeBSD.org) Message-Id: <201803122258.w2CMw7qb078832@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: brooks set sender to brooks@FreeBSD.org using -f From: Brooks Davis Date: Mon, 12 Mar 2018 22:58:07 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r330819 - head/sys/cam/scsi X-SVN-Group: head X-SVN-Commit-Author: brooks X-SVN-Commit-Paths: head/sys/cam/scsi X-SVN-Commit-Revision: 330819 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2018 22:58:08 -0000 Author: brooks Date: Mon Mar 12 22:58:07 2018 New Revision: 330819 URL: https://svnweb.freebsd.org/changeset/base/330819 Log: Reject CAMIOGET and CAMIOQUEUE ioctl's on pass(4) in 32-bit compat mode. These take a union ccb argument which is full of kernel pointers. Substantial translation efforts would be required to make this work. By rejecting the request we avoid processing or returning entierly wrong data. Reviewed by: imp, ken, markj, cem Obtained from: CheriBSD MFC after: 1 week Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D14654 Modified: head/sys/cam/scsi/scsi_pass.c Modified: head/sys/cam/scsi/scsi_pass.c ============================================================================== --- head/sys/cam/scsi/scsi_pass.c Mon Mar 12 22:17:14 2018 (r330818) +++ head/sys/cam/scsi/scsi_pass.c Mon Mar 12 22:58:07 2018 (r330819) @@ -30,6 +30,8 @@ #include __FBSDID("$FreeBSD$"); +#include "opt_compat.h" + #include #include #include @@ -45,6 +47,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include #include @@ -1859,6 +1862,12 @@ passdoioctl(struct cdev *dev, u_long cmd, caddr_t addr union ccb **user_ccb, *ccb; xpt_opcode fc; +#ifdef COMPAT_FREEBSD32 + if (SV_PROC_FLAG(td->td_proc, SV_ILP32)) { + error = ENOTTY; + goto bailout; + } +#endif if ((softc->flags & PASS_FLAG_ZONE_VALID) == 0) { error = passcreatezone(periph); if (error != 0) @@ -2033,6 +2042,12 @@ camioqueue_error: struct pass_io_req *io_req; int old_error; +#ifdef COMPAT_FREEBSD32 + if (SV_PROC_FLAG(td->td_proc, SV_ILP32)) { + error = ENOTTY; + goto bailout; + } +#endif user_ccb = (union ccb **)addr; old_error = 0;