summaryrefslogtreecommitdiffstats
path: root/drivers/cdrom
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2017-02-13 19:25:26 -0500
committerJens Axboe <axboe@fb.com>2017-02-14 10:29:56 -0500
commit853fe1bf7554155376bb3b231112cdff9ff79177 (patch)
tree7d8b38a77574919d078443cecffcae9dd380a692 /drivers/cdrom
parentd1a987f35ebf859a771ac530e95a89933b6fcce8 (diff)
cdrom: Make device operations read-only
Since function tables are a common target for attackers, it's best to keep them in read-only memory. As such, this makes the CDROM device ops tables const. This drops additionally n_minors, since it isn't used meaningfully, and sets the only user of cdrom_dummy_generic_packet explicitly so the variables can all be const. Inspired by similar changes in grsecurity/PaX. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Jens Axboe <axboe@fb.com>
Diffstat (limited to 'drivers/cdrom')
-rw-r--r--drivers/cdrom/cdrom.c58
-rw-r--r--drivers/cdrom/gdrom.c4
2 files changed, 30 insertions, 32 deletions
diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c
index 59cca72647a6..bbbd3caa927c 100644
--- a/drivers/cdrom/cdrom.c
+++ b/drivers/cdrom/cdrom.c
@@ -342,8 +342,8 @@ static void cdrom_sysctl_register(void);
342 342
343static LIST_HEAD(cdrom_list); 343static LIST_HEAD(cdrom_list);
344 344
345static int cdrom_dummy_generic_packet(struct cdrom_device_info *cdi, 345int cdrom_dummy_generic_packet(struct cdrom_device_info *cdi,
346 struct packet_command *cgc) 346 struct packet_command *cgc)
347{ 347{
348 if (cgc->sense) { 348 if (cgc->sense) {
349 cgc->sense->sense_key = 0x05; 349 cgc->sense->sense_key = 0x05;
@@ -354,6 +354,7 @@ static int cdrom_dummy_generic_packet(struct cdrom_device_info *cdi,
354 cgc->stat = -EIO; 354 cgc->stat = -EIO;
355 return -EIO; 355 return -EIO;
356} 356}
357EXPORT_SYMBOL(cdrom_dummy_generic_packet);
357 358
358static int cdrom_flush_cache(struct cdrom_device_info *cdi) 359static int cdrom_flush_cache(struct cdrom_device_info *cdi)
359{ 360{
@@ -371,7 +372,7 @@ static int cdrom_flush_cache(struct cdrom_device_info *cdi)
371static int cdrom_get_disc_info(struct cdrom_device_info *cdi, 372static int cdrom_get_disc_info(struct cdrom_device_info *cdi,
372 disc_information *di) 373 disc_information *di)
373{ 374{
374 struct cdrom_device_ops *cdo = cdi->ops; 375 const struct cdrom_device_ops *cdo = cdi->ops;
375 struct packet_command cgc; 376 struct packet_command cgc;
376 int ret, buflen; 377 int ret, buflen;
377 378
@@ -586,7 +587,7 @@ static int cdrom_mrw_set_lba_space(struct cdrom_device_info *cdi, int space)
586int register_cdrom(struct cdrom_device_info *cdi) 587int register_cdrom(struct cdrom_device_info *cdi)
587{ 588{
588 static char banner_printed; 589 static char banner_printed;
589 struct cdrom_device_ops *cdo = cdi->ops; 590 const struct cdrom_device_ops *cdo = cdi->ops;
590 int *change_capability = (int *)&cdo->capability; /* hack */ 591 int *change_capability = (int *)&cdo->capability; /* hack */
591 592
592 cd_dbg(CD_OPEN, "entering register_cdrom\n"); 593 cd_dbg(CD_OPEN, "entering register_cdrom\n");
@@ -610,7 +611,6 @@ int register_cdrom(struct cdrom_device_info *cdi)
610 ENSURE(reset, CDC_RESET); 611 ENSURE(reset, CDC_RESET);
611 ENSURE(generic_packet, CDC_GENERIC_PACKET); 612 ENSURE(generic_packet, CDC_GENERIC_PACKET);
612 cdi->mc_flags = 0; 613 cdi->mc_flags = 0;
613 cdo->n_minors = 0;
614 cdi->options = CDO_USE_FFLAGS; 614 cdi->options = CDO_USE_FFLAGS;
615 615
616 if (autoclose == 1 && CDROM_CAN(CDC_CLOSE_TRAY)) 616 if (autoclose == 1 && CDROM_CAN(CDC_CLOSE_TRAY))
@@ -630,8 +630,7 @@ int register_cdrom(struct cdrom_device_info *cdi)
630 else 630 else
631 cdi->cdda_method = CDDA_OLD; 631 cdi->cdda_method = CDDA_OLD;
632 632
633 if (!cdo->generic_packet) 633 WARN_ON(!cdo->generic_packet);
634 cdo->generic_packet = cdrom_dummy_generic_packet;
635 634
636 cd_dbg(CD_REG_UNREG, "drive \"/dev/%s\" registered\n", cdi->name); 635 cd_dbg(CD_REG_UNREG, "drive \"/dev/%s\" registered\n", cdi->name);
637 mutex_lock(&cdrom_mutex); 636 mutex_lock(&cdrom_mutex);
@@ -652,7 +651,6 @@ void unregister_cdrom(struct cdrom_device_info *cdi)
652 if (cdi->exit) 651 if (cdi->exit)
653 cdi->exit(cdi); 652 cdi->exit(cdi);
654 653
655 cdi->ops->n_minors--;
656 cd_dbg(CD_REG_UNREG, "drive \"/dev/%s\" unregistered\n", cdi->name); 654 cd_dbg(CD_REG_UNREG, "drive \"/dev/%s\" unregistered\n", cdi->name);
657} 655}
658 656
@@ -1036,7 +1034,7 @@ static
1036int open_for_data(struct cdrom_device_info *cdi) 1034int open_for_data(struct cdrom_device_info *cdi)
1037{ 1035{
1038 int ret; 1036 int ret;
1039 struct cdrom_device_ops *cdo = cdi->ops; 1037 const struct cdrom_device_ops *cdo = cdi->ops;
1040 tracktype tracks; 1038 tracktype tracks;
1041 cd_dbg(CD_OPEN, "entering open_for_data\n"); 1039 cd_dbg(CD_OPEN, "entering open_for_data\n");
1042 /* Check if the driver can report drive status. If it can, we 1040 /* Check if the driver can report drive status. If it can, we
@@ -1198,8 +1196,8 @@ err:
1198/* This code is similar to that in open_for_data. The routine is called 1196/* This code is similar to that in open_for_data. The routine is called
1199 whenever an audio play operation is requested. 1197 whenever an audio play operation is requested.
1200*/ 1198*/
1201static int check_for_audio_disc(struct cdrom_device_info * cdi, 1199static int check_for_audio_disc(struct cdrom_device_info *cdi,
1202 struct cdrom_device_ops * cdo) 1200 const struct cdrom_device_ops *cdo)
1203{ 1201{
1204 int ret; 1202 int ret;
1205 tracktype tracks; 1203 tracktype tracks;
@@ -1254,7 +1252,7 @@ static int check_for_audio_disc(struct cdrom_device_info * cdi,
1254 1252
1255void cdrom_release(struct cdrom_device_info *cdi, fmode_t mode) 1253void cdrom_release(struct cdrom_device_info *cdi, fmode_t mode)
1256{ 1254{
1257 struct cdrom_device_ops *cdo = cdi->ops; 1255 const struct cdrom_device_ops *cdo = cdi->ops;
1258 int opened_for_data; 1256 int opened_for_data;
1259 1257
1260 cd_dbg(CD_CLOSE, "entering cdrom_release\n"); 1258 cd_dbg(CD_CLOSE, "entering cdrom_release\n");
@@ -1294,7 +1292,7 @@ static int cdrom_read_mech_status(struct cdrom_device_info *cdi,
1294 struct cdrom_changer_info *buf) 1292 struct cdrom_changer_info *buf)
1295{ 1293{
1296 struct packet_command cgc; 1294 struct packet_command cgc;
1297 struct cdrom_device_ops *cdo = cdi->ops; 1295 const struct cdrom_device_ops *cdo = cdi->ops;
1298 int length; 1296 int length;
1299 1297
1300 /* 1298 /*
@@ -1643,7 +1641,7 @@ static int dvd_do_auth(struct cdrom_device_info *cdi, dvd_authinfo *ai)
1643 int ret; 1641 int ret;
1644 u_char buf[20]; 1642 u_char buf[20];
1645 struct packet_command cgc; 1643 struct packet_command cgc;
1646 struct cdrom_device_ops *cdo = cdi->ops; 1644 const struct cdrom_device_ops *cdo = cdi->ops;
1647 rpc_state_t rpc_state; 1645 rpc_state_t rpc_state;
1648 1646
1649 memset(buf, 0, sizeof(buf)); 1647 memset(buf, 0, sizeof(buf));
@@ -1791,7 +1789,7 @@ static int dvd_read_physical(struct cdrom_device_info *cdi, dvd_struct *s,
1791{ 1789{
1792 unsigned char buf[21], *base; 1790 unsigned char buf[21], *base;
1793 struct dvd_layer *layer; 1791 struct dvd_layer *layer;
1794 struct cdrom_device_ops *cdo = cdi->ops; 1792 const struct cdrom_device_ops *cdo = cdi->ops;
1795 int ret, layer_num = s->physical.layer_num; 1793 int ret, layer_num = s->physical.layer_num;
1796 1794
1797 if (layer_num >= DVD_LAYERS) 1795 if (layer_num >= DVD_LAYERS)
@@ -1842,7 +1840,7 @@ static int dvd_read_copyright(struct cdrom_device_info *cdi, dvd_struct *s,
1842{ 1840{
1843 int ret; 1841 int ret;
1844 u_char buf[8]; 1842 u_char buf[8];
1845 struct cdrom_device_ops *cdo = cdi->ops; 1843 const struct cdrom_device_ops *cdo = cdi->ops;
1846 1844
1847 init_cdrom_command(cgc, buf, sizeof(buf), CGC_DATA_READ); 1845 init_cdrom_command(cgc, buf, sizeof(buf), CGC_DATA_READ);
1848 cgc->cmd[0] = GPCMD_READ_DVD_STRUCTURE; 1846 cgc->cmd[0] = GPCMD_READ_DVD_STRUCTURE;
@@ -1866,7 +1864,7 @@ static int dvd_read_disckey(struct cdrom_device_info *cdi, dvd_struct *s,
1866{ 1864{
1867 int ret, size; 1865 int ret, size;
1868 u_char *buf; 1866 u_char *buf;
1869 struct cdrom_device_ops *cdo = cdi->ops; 1867 const struct cdrom_device_ops *cdo = cdi->ops;
1870 1868
1871 size = sizeof(s->disckey.value) + 4; 1869 size = sizeof(s->disckey.value) + 4;
1872 1870
@@ -1894,7 +1892,7 @@ static int dvd_read_bca(struct cdrom_device_info *cdi, dvd_struct *s,
1894{ 1892{
1895 int ret, size = 4 + 188; 1893 int ret, size = 4 + 188;
1896 u_char *buf; 1894 u_char *buf;
1897 struct cdrom_device_ops *cdo = cdi->ops; 1895 const struct cdrom_device_ops *cdo = cdi->ops;
1898 1896
1899 buf = kmalloc(size, GFP_KERNEL); 1897 buf = kmalloc(size, GFP_KERNEL);
1900 if (!buf) 1898 if (!buf)
@@ -1928,7 +1926,7 @@ static int dvd_read_manufact(struct cdrom_device_info *cdi, dvd_struct *s,
1928{ 1926{
1929 int ret = 0, size; 1927 int ret = 0, size;
1930 u_char *buf; 1928 u_char *buf;
1931 struct cdrom_device_ops *cdo = cdi->ops; 1929 const struct cdrom_device_ops *cdo = cdi->ops;
1932 1930
1933 size = sizeof(s->manufact.value) + 4; 1931 size = sizeof(s->manufact.value) + 4;
1934 1932
@@ -1995,7 +1993,7 @@ int cdrom_mode_sense(struct cdrom_device_info *cdi,
1995 struct packet_command *cgc, 1993 struct packet_command *cgc,
1996 int page_code, int page_control) 1994 int page_code, int page_control)
1997{ 1995{
1998 struct cdrom_device_ops *cdo = cdi->ops; 1996 const struct cdrom_device_ops *cdo = cdi->ops;
1999 1997
2000 memset(cgc->cmd, 0, sizeof(cgc->cmd)); 1998 memset(cgc->cmd, 0, sizeof(cgc->cmd));
2001 1999
@@ -2010,7 +2008,7 @@ int cdrom_mode_sense(struct cdrom_device_info *cdi,
2010int cdrom_mode_select(struct cdrom_device_info *cdi, 2008int cdrom_mode_select(struct cdrom_device_info *cdi,
2011 struct packet_command *cgc) 2009 struct packet_command *cgc)
2012{ 2010{
2013 struct cdrom_device_ops *cdo = cdi->ops; 2011 const struct cdrom_device_ops *cdo = cdi->ops;
2014 2012
2015 memset(cgc->cmd, 0, sizeof(cgc->cmd)); 2013 memset(cgc->cmd, 0, sizeof(cgc->cmd));
2016 memset(cgc->buffer, 0, 2); 2014 memset(cgc->buffer, 0, 2);
@@ -2025,7 +2023,7 @@ int cdrom_mode_select(struct cdrom_device_info *cdi,
2025static int cdrom_read_subchannel(struct cdrom_device_info *cdi, 2023static int cdrom_read_subchannel(struct cdrom_device_info *cdi,
2026 struct cdrom_subchnl *subchnl, int mcn) 2024 struct cdrom_subchnl *subchnl, int mcn)
2027{ 2025{
2028 struct cdrom_device_ops *cdo = cdi->ops; 2026 const struct cdrom_device_ops *cdo = cdi->ops;
2029 struct packet_command cgc; 2027 struct packet_command cgc;
2030 char buffer[32]; 2028 char buffer[32];
2031 int ret; 2029 int ret;
@@ -2073,7 +2071,7 @@ static int cdrom_read_cd(struct cdrom_device_info *cdi,
2073 struct packet_command *cgc, int lba, 2071 struct packet_command *cgc, int lba,
2074 int blocksize, int nblocks) 2072 int blocksize, int nblocks)
2075{ 2073{
2076 struct cdrom_device_ops *cdo = cdi->ops; 2074 const struct cdrom_device_ops *cdo = cdi->ops;
2077 2075
2078 memset(&cgc->cmd, 0, sizeof(cgc->cmd)); 2076 memset(&cgc->cmd, 0, sizeof(cgc->cmd));
2079 cgc->cmd[0] = GPCMD_READ_10; 2077 cgc->cmd[0] = GPCMD_READ_10;
@@ -2093,7 +2091,7 @@ static int cdrom_read_block(struct cdrom_device_info *cdi,
2093 struct packet_command *cgc, 2091 struct packet_command *cgc,
2094 int lba, int nblocks, int format, int blksize) 2092 int lba, int nblocks, int format, int blksize)
2095{ 2093{
2096 struct cdrom_device_ops *cdo = cdi->ops; 2094 const struct cdrom_device_ops *cdo = cdi->ops;
2097 2095
2098 memset(&cgc->cmd, 0, sizeof(cgc->cmd)); 2096 memset(&cgc->cmd, 0, sizeof(cgc->cmd));
2099 cgc->cmd[0] = GPCMD_READ_CD; 2097 cgc->cmd[0] = GPCMD_READ_CD;
@@ -2764,7 +2762,7 @@ static int cdrom_ioctl_audioctl(struct cdrom_device_info *cdi,
2764 */ 2762 */
2765static int cdrom_switch_blocksize(struct cdrom_device_info *cdi, int size) 2763static int cdrom_switch_blocksize(struct cdrom_device_info *cdi, int size)
2766{ 2764{
2767 struct cdrom_device_ops *cdo = cdi->ops; 2765 const struct cdrom_device_ops *cdo = cdi->ops;
2768 struct packet_command cgc; 2766 struct packet_command cgc;
2769 struct modesel_head mh; 2767 struct modesel_head mh;
2770 2768
@@ -2790,7 +2788,7 @@ static int cdrom_switch_blocksize(struct cdrom_device_info *cdi, int size)
2790static int cdrom_get_track_info(struct cdrom_device_info *cdi, 2788static int cdrom_get_track_info(struct cdrom_device_info *cdi,
2791 __u16 track, __u8 type, track_information *ti) 2789 __u16 track, __u8 type, track_information *ti)
2792{ 2790{
2793 struct cdrom_device_ops *cdo = cdi->ops; 2791 const struct cdrom_device_ops *cdo = cdi->ops;
2794 struct packet_command cgc; 2792 struct packet_command cgc;
2795 int ret, buflen; 2793 int ret, buflen;
2796 2794
@@ -3049,7 +3047,7 @@ static noinline int mmc_ioctl_cdrom_play_msf(struct cdrom_device_info *cdi,
3049 void __user *arg, 3047 void __user *arg,
3050 struct packet_command *cgc) 3048 struct packet_command *cgc)
3051{ 3049{
3052 struct cdrom_device_ops *cdo = cdi->ops; 3050 const struct cdrom_device_ops *cdo = cdi->ops;
3053 struct cdrom_msf msf; 3051 struct cdrom_msf msf;
3054 cd_dbg(CD_DO_IOCTL, "entering CDROMPLAYMSF\n"); 3052 cd_dbg(CD_DO_IOCTL, "entering CDROMPLAYMSF\n");
3055 if (copy_from_user(&msf, (struct cdrom_msf __user *)arg, sizeof(msf))) 3053 if (copy_from_user(&msf, (struct cdrom_msf __user *)arg, sizeof(msf)))
@@ -3069,7 +3067,7 @@ static noinline int mmc_ioctl_cdrom_play_blk(struct cdrom_device_info *cdi,
3069 void __user *arg, 3067 void __user *arg,
3070 struct packet_command *cgc) 3068 struct packet_command *cgc)
3071{ 3069{
3072 struct cdrom_device_ops *cdo = cdi->ops; 3070 const struct cdrom_device_ops *cdo = cdi->ops;
3073 struct cdrom_blk blk; 3071 struct cdrom_blk blk;
3074 cd_dbg(CD_DO_IOCTL, "entering CDROMPLAYBLK\n"); 3072 cd_dbg(CD_DO_IOCTL, "entering CDROMPLAYBLK\n");
3075 if (copy_from_user(&blk, (struct cdrom_blk __user *)arg, sizeof(blk))) 3073 if (copy_from_user(&blk, (struct cdrom_blk __user *)arg, sizeof(blk)))
@@ -3164,7 +3162,7 @@ static noinline int mmc_ioctl_cdrom_start_stop(struct cdrom_device_info *cdi,
3164 struct packet_command *cgc, 3162 struct packet_command *cgc,
3165 int cmd) 3163 int cmd)
3166{ 3164{
3167 struct cdrom_device_ops *cdo = cdi->ops; 3165 const struct cdrom_device_ops *cdo = cdi->ops;
3168 cd_dbg(CD_DO_IOCTL, "entering CDROMSTART/CDROMSTOP\n"); 3166 cd_dbg(CD_DO_IOCTL, "entering CDROMSTART/CDROMSTOP\n");
3169 cgc->cmd[0] = GPCMD_START_STOP_UNIT; 3167 cgc->cmd[0] = GPCMD_START_STOP_UNIT;
3170 cgc->cmd[1] = 1; 3168 cgc->cmd[1] = 1;
@@ -3177,7 +3175,7 @@ static noinline int mmc_ioctl_cdrom_pause_resume(struct cdrom_device_info *cdi,
3177 struct packet_command *cgc, 3175 struct packet_command *cgc,
3178 int cmd) 3176 int cmd)
3179{ 3177{
3180 struct cdrom_device_ops *cdo = cdi->ops; 3178 const struct cdrom_device_ops *cdo = cdi->ops;
3181 cd_dbg(CD_DO_IOCTL, "entering CDROMPAUSE/CDROMRESUME\n"); 3179 cd_dbg(CD_DO_IOCTL, "entering CDROMPAUSE/CDROMRESUME\n");
3182 cgc->cmd[0] = GPCMD_PAUSE_RESUME; 3180 cgc->cmd[0] = GPCMD_PAUSE_RESUME;
3183 cgc->cmd[8] = (cmd == CDROMRESUME) ? 1 : 0; 3181 cgc->cmd[8] = (cmd == CDROMRESUME) ? 1 : 0;
diff --git a/drivers/cdrom/gdrom.c b/drivers/cdrom/gdrom.c
index 46ecd95d7161..1afab6558d0c 100644
--- a/drivers/cdrom/gdrom.c
+++ b/drivers/cdrom/gdrom.c
@@ -481,7 +481,7 @@ static int gdrom_audio_ioctl(struct cdrom_device_info *cdi, unsigned int cmd,
481 return -EINVAL; 481 return -EINVAL;
482} 482}
483 483
484static struct cdrom_device_ops gdrom_ops = { 484static const struct cdrom_device_ops gdrom_ops = {
485 .open = gdrom_open, 485 .open = gdrom_open,
486 .release = gdrom_release, 486 .release = gdrom_release,
487 .drive_status = gdrom_drivestatus, 487 .drive_status = gdrom_drivestatus,
@@ -489,9 +489,9 @@ static struct cdrom_device_ops gdrom_ops = {
489 .get_last_session = gdrom_get_last_session, 489 .get_last_session = gdrom_get_last_session,
490 .reset = gdrom_hardreset, 490 .reset = gdrom_hardreset,
491 .audio_ioctl = gdrom_audio_ioctl, 491 .audio_ioctl = gdrom_audio_ioctl,
492 .generic_packet = cdrom_dummy_generic_packet,
492 .capability = CDC_MULTI_SESSION | CDC_MEDIA_CHANGED | 493 .capability = CDC_MULTI_SESSION | CDC_MEDIA_CHANGED |
493 CDC_RESET | CDC_DRIVE_STATUS | CDC_CD_R, 494 CDC_RESET | CDC_DRIVE_STATUS | CDC_CD_R,
494 .n_minors = 1,
495}; 495};
496 496
497static int gdrom_bdops_open(struct block_device *bdev, fmode_t mode) 497static int gdrom_bdops_open(struct block_device *bdev, fmode_t mode)