From ce5a983191ce466cbe35e240ac09e28cca3e50c9 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 14 Sep 2018 14:46:18 -0400 Subject: [PATCH] kill TIOCSERGSTRUCT Once upon a time a bunch of serial drivers used to provide that; today it's only amiserial and it's FUBAR - the structure being copied to userland includes kernel pointers, fields with config-dependent size, etc. No userland code using it could possibly survive - e.g. enabling lockdep definitely changes the layout. Besides, it's a massive infoleak. Kill it. If somebody needs that data for debugging purposes, they can bloody well expose it saner ways. Assuming anyone does debugging of amiserial in the first place, that is. Signed-off-by: Al Viro --- arch/ia64/hp/sim/simserial.c | 4 +--- drivers/tty/amiserial.c | 8 +------- net/bluetooth/rfcomm/tty.c | 4 ---- 3 files changed, 2 insertions(+), 14 deletions(-) diff --git a/arch/ia64/hp/sim/simserial.c b/arch/ia64/hp/sim/simserial.c index 759a3bbec183..7aeb48a18576 100644 --- a/arch/ia64/hp/sim/simserial.c +++ b/arch/ia64/hp/sim/simserial.c @@ -309,14 +309,12 @@ static int rs_getserial(struct tty_struct *tty, struct serial_struct *ss) static int rs_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned long arg) { - if ((cmd != TIOCSERCONFIG) && (cmd != TIOCSERGSTRUCT) && - (cmd != TIOCMIWAIT)) { + if ((cmd != TIOCSERCONFIG) && (cmd != TIOCMIWAIT)) { if (tty_io_error(tty)) return -EIO; } switch (cmd) { - case TIOCSERGSTRUCT: case TIOCMIWAIT: return 0; case TIOCSERCONFIG: diff --git a/drivers/tty/amiserial.c b/drivers/tty/amiserial.c index 6992adf826f4..8330fd809a05 100644 --- a/drivers/tty/amiserial.c +++ b/drivers/tty/amiserial.c @@ -1215,7 +1215,7 @@ static int rs_ioctl(struct tty_struct *tty, if (serial_paranoia_check(info, tty->name, "rs_ioctl")) return -ENODEV; - if ((cmd != TIOCSERCONFIG) && (cmd != TIOCSERGSTRUCT) && + if ((cmd != TIOCSERCONFIG) && (cmd != TIOCMIWAIT) && (cmd != TIOCGICOUNT)) { if (tty_io_error(tty)) return -EIO; @@ -1228,12 +1228,6 @@ static int rs_ioctl(struct tty_struct *tty, case TIOCSERGETLSR: /* Get line status register */ return get_lsr_info(info, argp); - case TIOCSERGSTRUCT: - if (copy_to_user(argp, - info, sizeof(struct serial_state))) - return -EFAULT; - return 0; - /* * Wait for any of the 4 modem inputs (DCD,RI,DSR,CTS) to change * - mask passed in arg for lines of interest diff --git a/net/bluetooth/rfcomm/tty.c b/net/bluetooth/rfcomm/tty.c index ba4f59389405..0c7d31c6c18c 100644 --- a/net/bluetooth/rfcomm/tty.c +++ b/net/bluetooth/rfcomm/tty.c @@ -839,10 +839,6 @@ static int rfcomm_tty_ioctl(struct tty_struct *tty, unsigned int cmd, unsigned l BT_DBG("TIOCMIWAIT"); break; - case TIOCSERGSTRUCT: - BT_ERR("TIOCSERGSTRUCT is not supported"); - return -ENOIOCTLCMD; - case TIOCSERGETLSR: BT_ERR("TIOCSERGETLSR is not supported"); return -ENOIOCTLCMD;