summaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorHeiko Carstens <heiko.carstens@de.ibm.com>2009-01-14 14:14:02 +0100
committerHeiko Carstens <heiko.carstens@de.ibm.com>2009-01-14 14:15:18 +0100
commit6673e0c3fbeaed2cd08e2fd4a4aa97382d6fedb0 (patch)
treeeb33a94f5e4b0e035001f7c96ef44cade0fbb489 /fs
parented6bb6194350dc6ae97a65dbf2d621a3dbe6bbe9 (diff)
downloadlwn-6673e0c3fbeaed2cd08e2fd4a4aa97382d6fedb0.tar.gz
lwn-6673e0c3fbeaed2cd08e2fd4a4aa97382d6fedb0.zip
[CVE-2009-0029] System call wrapper special cases
System calls with an unsigned long long argument can't be converted with the standard wrappers since that would include a cast to long, which in turn means that we would lose the upper 32 bit on 32 bit architectures. Also semctl can't use the standard wrapper since it has a 'union' parameter. So we handle them as special case and add some extra wrappers instead. Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Diffstat (limited to 'fs')
-rw-r--r--fs/dcookies.c10
-rw-r--r--fs/open.c27
-rw-r--r--fs/read_write.c24
-rw-r--r--fs/sync.c26
4 files changed, 74 insertions, 13 deletions
diff --git a/fs/dcookies.c b/fs/dcookies.c
index 180e9fec4ad8..a21cabdbd87b 100644
--- a/fs/dcookies.c
+++ b/fs/dcookies.c
@@ -145,7 +145,7 @@ out:
/* And here is where the userspace process can look up the cookie value
* to retrieve the path.
*/
-asmlinkage long sys_lookup_dcookie(u64 cookie64, char __user * buf, size_t len)
+SYSCALL_DEFINE(lookup_dcookie)(u64 cookie64, char __user * buf, size_t len)
{
unsigned long cookie = (unsigned long)cookie64;
int err = -EINVAL;
@@ -198,7 +198,13 @@ out:
mutex_unlock(&dcookie_mutex);
return err;
}
-
+#ifdef CONFIG_HAVE_SYSCALL_WRAPPERS
+asmlinkage long SyS_lookup_dcookie(u64 cookie64, long buf, long len)
+{
+ return SYSC_lookup_dcookie(cookie64, (char __user *) buf, (size_t) len);
+}
+SYSCALL_ALIAS(sys_lookup_dcookie, SyS_lookup_dcookie);
+#endif
static int dcookie_init(void)
{
diff --git a/fs/open.c b/fs/open.c
index d882fd2351d6..e349013fc790 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -351,21 +351,35 @@ asmlinkage long sys_ftruncate(unsigned int fd, unsigned long length)
/* LFS versions of truncate are only needed on 32 bit machines */
#if BITS_PER_LONG == 32
-asmlinkage long sys_truncate64(const char __user * path, loff_t length)
+SYSCALL_DEFINE(truncate64)(const char __user * path, loff_t length)
{
return do_sys_truncate(path, length);
}
+#ifdef CONFIG_HAVE_SYSCALL_WRAPPERS
+asmlinkage long SyS_truncate64(long path, loff_t length)
+{
+ return SYSC_truncate64((const char __user *) path, length);
+}
+SYSCALL_ALIAS(sys_truncate64, SyS_truncate64);
+#endif
-asmlinkage long sys_ftruncate64(unsigned int fd, loff_t length)
+SYSCALL_DEFINE(ftruncate64)(unsigned int fd, loff_t length)
{
long ret = do_sys_ftruncate(fd, length, 0);
/* avoid REGPARM breakage on x86: */
asmlinkage_protect(2, ret, fd, length);
return ret;
}
+#ifdef CONFIG_HAVE_SYSCALL_WRAPPERS
+asmlinkage long SyS_ftruncate64(long fd, loff_t length)
+{
+ return SYSC_ftruncate64((unsigned int) fd, length);
+}
+SYSCALL_ALIAS(sys_ftruncate64, SyS_ftruncate64);
#endif
+#endif /* BITS_PER_LONG == 32 */
-asmlinkage long sys_fallocate(int fd, int mode, loff_t offset, loff_t len)
+SYSCALL_DEFINE(fallocate)(int fd, int mode, loff_t offset, loff_t len)
{
struct file *file;
struct inode *inode;
@@ -422,6 +436,13 @@ out_fput:
out:
return ret;
}
+#ifdef CONFIG_HAVE_SYSCALL_WRAPPERS
+asmlinkage long SyS_fallocate(long fd, long mode, loff_t offset, loff_t len)
+{
+ return SYSC_fallocate((int)fd, (int)mode, offset, len);
+}
+SYSCALL_ALIAS(sys_fallocate, SyS_fallocate);
+#endif
/*
* access() needs to use the real uid/gid, not the effective uid/gid.
diff --git a/fs/read_write.c b/fs/read_write.c
index 940367f51f2a..7a8326bc5903 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -403,8 +403,8 @@ asmlinkage long sys_write(unsigned int fd, const char __user * buf, size_t count
return ret;
}
-asmlinkage long sys_pread64(unsigned int fd, char __user *buf,
- size_t count, loff_t pos)
+SYSCALL_DEFINE(pread64)(unsigned int fd, char __user *buf,
+ size_t count, loff_t pos)
{
struct file *file;
ssize_t ret = -EBADF;
@@ -423,9 +423,17 @@ asmlinkage long sys_pread64(unsigned int fd, char __user *buf,
return ret;
}
+#ifdef CONFIG_HAVE_SYSCALL_WRAPPERS
+asmlinkage long SyS_pread64(long fd, long buf, long count, loff_t pos)
+{
+ return SYSC_pread64((unsigned int) fd, (char __user *) buf,
+ (size_t) count, pos);
+}
+SYSCALL_ALIAS(sys_pread64, SyS_pread64);
+#endif
-asmlinkage long sys_pwrite64(unsigned int fd, const char __user *buf,
- size_t count, loff_t pos)
+SYSCALL_DEFINE(pwrite64)(unsigned int fd, const char __user *buf,
+ size_t count, loff_t pos)
{
struct file *file;
ssize_t ret = -EBADF;
@@ -444,6 +452,14 @@ asmlinkage long sys_pwrite64(unsigned int fd, const char __user *buf,
return ret;
}
+#ifdef CONFIG_HAVE_SYSCALL_WRAPPERS
+asmlinkage long SyS_pwrite64(long fd, long buf, long count, loff_t pos)
+{
+ return SYSC_pwrite64((unsigned int) fd, (const char __user *) buf,
+ (size_t) count, pos);
+}
+SYSCALL_ALIAS(sys_pwrite64, SyS_pwrite64);
+#endif
/*
* Reduce an iovec's length in-place. Return the resulting number of segments
diff --git a/fs/sync.c b/fs/sync.c
index ac02b56548bc..23ebbd72ecc9 100644
--- a/fs/sync.c
+++ b/fs/sync.c
@@ -201,8 +201,8 @@ asmlinkage long sys_fdatasync(unsigned int fd)
* already-instantiated disk blocks, there are no guarantees here that the data
* will be available after a crash.
*/
-asmlinkage long sys_sync_file_range(int fd, loff_t offset, loff_t nbytes,
- unsigned int flags)
+SYSCALL_DEFINE(sync_file_range)(int fd, loff_t offset, loff_t nbytes,
+ unsigned int flags)
{
int ret;
struct file *file;
@@ -262,14 +262,32 @@ out_put:
out:
return ret;
}
+#ifdef CONFIG_HAVE_SYSCALL_WRAPPERS
+asmlinkage long SyS_sync_file_range(long fd, loff_t offset, loff_t nbytes,
+ long flags)
+{
+ return SYSC_sync_file_range((int) fd, offset, nbytes,
+ (unsigned int) flags);
+}
+SYSCALL_ALIAS(sys_sync_file_range, SyS_sync_file_range);
+#endif
/* It would be nice if people remember that not all the world's an i386
when they introduce new system calls */
-asmlinkage long sys_sync_file_range2(int fd, unsigned int flags,
- loff_t offset, loff_t nbytes)
+SYSCALL_DEFINE(sync_file_range2)(int fd, unsigned int flags,
+ loff_t offset, loff_t nbytes)
{
return sys_sync_file_range(fd, offset, nbytes, flags);
}
+#ifdef CONFIG_HAVE_SYSCALL_WRAPPERS
+asmlinkage long SyS_sync_file_range2(long fd, long flags,
+ loff_t offset, loff_t nbytes)
+{
+ return SYSC_sync_file_range2((int) fd, (unsigned int) flags,
+ offset, nbytes);
+}
+SYSCALL_ALIAS(sys_sync_file_range2, SyS_sync_file_range2);
+#endif
/*
* `endbyte' is inclusive