diff options
author | FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp> | 2008-07-26 05:03:24 -0400 |
---|---|---|
committer | Jens Axboe <jens.axboe@oracle.com> | 2008-08-27 03:50:19 -0400 |
commit | 14e507b852e7dcea142b98757181bfa785cb4c05 (patch) | |
tree | ef8cdb387c26d9ffc23354653b072818e884d9f8 | |
parent | abf5439370491dd6fbb4fe1a7939680d2a9bc9d4 (diff) |
sg: restore command permission for TYPE_SCANNER
sg allowed any command for TYPE_SCANNER. The cmd_filter patchset
doesn't. We can't change sg's permission since it might break the
existing software.
Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
-rw-r--r-- | drivers/scsi/sg.c | 22 |
1 files changed, 14 insertions, 8 deletions
diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c index 9d28b9f74d90..661f9f21650a 100644 --- a/drivers/scsi/sg.c +++ b/drivers/scsi/sg.c | |||
@@ -217,6 +217,18 @@ static int sg_last_dev(void); | |||
217 | #define SZ_SG_IOVEC sizeof(sg_iovec_t) | 217 | #define SZ_SG_IOVEC sizeof(sg_iovec_t) |
218 | #define SZ_SG_REQ_INFO sizeof(sg_req_info_t) | 218 | #define SZ_SG_REQ_INFO sizeof(sg_req_info_t) |
219 | 219 | ||
220 | static int sg_allow_access(struct file *filp, unsigned char *cmd) | ||
221 | { | ||
222 | struct sg_fd *sfp = (struct sg_fd *)filp->private_data; | ||
223 | struct request_queue *q = sfp->parentdp->device->request_queue; | ||
224 | |||
225 | if (sfp->parentdp->device->type == TYPE_SCANNER) | ||
226 | return 0; | ||
227 | |||
228 | return blk_verify_command(&q->cmd_filter, | ||
229 | cmd, filp->f_mode & FMODE_WRITE); | ||
230 | } | ||
231 | |||
220 | static int | 232 | static int |
221 | sg_open(struct inode *inode, struct file *filp) | 233 | sg_open(struct inode *inode, struct file *filp) |
222 | { | 234 | { |
@@ -641,7 +653,6 @@ sg_new_write(Sg_fd *sfp, struct file *file, const char __user *buf, | |||
641 | unsigned char cmnd[MAX_COMMAND_SIZE]; | 653 | unsigned char cmnd[MAX_COMMAND_SIZE]; |
642 | int timeout; | 654 | int timeout; |
643 | unsigned long ul_timeout; | 655 | unsigned long ul_timeout; |
644 | struct request_queue *q; | ||
645 | 656 | ||
646 | if (count < SZ_SG_IO_HDR) | 657 | if (count < SZ_SG_IO_HDR) |
647 | return -EINVAL; | 658 | return -EINVAL; |
@@ -690,9 +701,7 @@ sg_new_write(Sg_fd *sfp, struct file *file, const char __user *buf, | |||
690 | sg_remove_request(sfp, srp); | 701 | sg_remove_request(sfp, srp); |
691 | return -EFAULT; | 702 | return -EFAULT; |
692 | } | 703 | } |
693 | q = sfp->parentdp->device->request_queue; | 704 | if (read_only && sg_allow_access(file, cmnd)) { |
694 | if (read_only && blk_verify_command(&q->cmd_filter, cmnd, | ||
695 | file->f_mode & FMODE_WRITE)) { | ||
696 | sg_remove_request(sfp, srp); | 705 | sg_remove_request(sfp, srp); |
697 | return -EPERM; | 706 | return -EPERM; |
698 | } | 707 | } |
@@ -1061,14 +1070,11 @@ sg_ioctl(struct inode *inode, struct file *filp, | |||
1061 | return -ENODEV; | 1070 | return -ENODEV; |
1062 | if (read_only) { | 1071 | if (read_only) { |
1063 | unsigned char opcode = WRITE_6; | 1072 | unsigned char opcode = WRITE_6; |
1064 | struct request_queue *q = sdp->device->request_queue; | ||
1065 | Scsi_Ioctl_Command __user *siocp = p; | 1073 | Scsi_Ioctl_Command __user *siocp = p; |
1066 | 1074 | ||
1067 | if (copy_from_user(&opcode, siocp->data, 1)) | 1075 | if (copy_from_user(&opcode, siocp->data, 1)) |
1068 | return -EFAULT; | 1076 | return -EFAULT; |
1069 | if (blk_verify_command(&q->cmd_filter, | 1077 | if (sg_allow_access(filp, &opcode)) |
1070 | &opcode, | ||
1071 | filp->f_mode & FMODE_WRITE)) | ||
1072 | return -EPERM; | 1078 | return -EPERM; |
1073 | } | 1079 | } |
1074 | return sg_scsi_ioctl(filp, sdp->device->request_queue, NULL, p); | 1080 | return sg_scsi_ioctl(filp, sdp->device->request_queue, NULL, p); |