diff options
| author | Nigel Hislop <hislop_nigel@emc.com> | 2010-03-08 06:25:16 -0500 |
|---|---|---|
| committer | Martin Schwidefsky <sky@mschwide.boeblingen.de.ibm.com> | 2010-03-08 06:25:30 -0500 |
| commit | 52898025cf7d458d029c18773d0ef49b4789d829 (patch) | |
| tree | f7a7b99a6001d4edb625d669fc6d59073269bb82 /drivers/s390/block | |
| parent | 91a970d9889c7d6f451ee91ed361d0f0119d3778 (diff) | |
[S390] dasd: security and PSF update patch for EMC CKD ioctl
Remove the PSF order/suborder check from the Symmetrix CKD dasd ioctl.
In exchange restrict the ioctl to CAP_SYS_ADMIN and CAP_SYS_RAWIO.
Signed-off-by: Nigel Hislop <hislop_nigel@emc.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
Diffstat (limited to 'drivers/s390/block')
| -rw-r--r-- | drivers/s390/block/dasd_eckd.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/drivers/s390/block/dasd_eckd.c b/drivers/s390/block/dasd_eckd.c index 1cca21aafaba..d7163f904f40 100644 --- a/drivers/s390/block/dasd_eckd.c +++ b/drivers/s390/block/dasd_eckd.c | |||
| @@ -2839,8 +2839,13 @@ static int dasd_symm_io(struct dasd_device *device, void __user *argp) | |||
| 2839 | char *psf_data, *rssd_result; | 2839 | char *psf_data, *rssd_result; |
| 2840 | struct dasd_ccw_req *cqr; | 2840 | struct dasd_ccw_req *cqr; |
| 2841 | struct ccw1 *ccw; | 2841 | struct ccw1 *ccw; |
| 2842 | char psf0, psf1; | ||
| 2842 | int rc; | 2843 | int rc; |
| 2843 | 2844 | ||
| 2845 | if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RAWIO)) | ||
| 2846 | return -EACCES; | ||
| 2847 | psf0 = psf1 = 0; | ||
| 2848 | |||
| 2844 | /* Copy parms from caller */ | 2849 | /* Copy parms from caller */ |
| 2845 | rc = -EFAULT; | 2850 | rc = -EFAULT; |
| 2846 | if (copy_from_user(&usrparm, argp, sizeof(usrparm))) | 2851 | if (copy_from_user(&usrparm, argp, sizeof(usrparm))) |
| @@ -2869,12 +2874,8 @@ static int dasd_symm_io(struct dasd_device *device, void __user *argp) | |||
| 2869 | (void __user *)(unsigned long) usrparm.psf_data, | 2874 | (void __user *)(unsigned long) usrparm.psf_data, |
| 2870 | usrparm.psf_data_len)) | 2875 | usrparm.psf_data_len)) |
| 2871 | goto out_free; | 2876 | goto out_free; |
| 2872 | 2877 | psf0 = psf_data[0]; | |
| 2873 | /* sanity check on syscall header */ | 2878 | psf1 = psf_data[1]; |
| 2874 | if (psf_data[0] != 0x17 && psf_data[1] != 0xce) { | ||
| 2875 | rc = -EINVAL; | ||
| 2876 | goto out_free; | ||
| 2877 | } | ||
| 2878 | 2879 | ||
| 2879 | /* setup CCWs for PSF + RSSD */ | 2880 | /* setup CCWs for PSF + RSSD */ |
| 2880 | cqr = dasd_smalloc_request(DASD_ECKD_MAGIC, 2 , 0, device); | 2881 | cqr = dasd_smalloc_request(DASD_ECKD_MAGIC, 2 , 0, device); |
| @@ -2925,7 +2926,9 @@ out_free: | |||
| 2925 | kfree(rssd_result); | 2926 | kfree(rssd_result); |
| 2926 | kfree(psf_data); | 2927 | kfree(psf_data); |
| 2927 | out: | 2928 | out: |
| 2928 | DBF_DEV_EVENT(DBF_WARNING, device, "Symmetrix ioctl: rc=%d", rc); | 2929 | DBF_DEV_EVENT(DBF_WARNING, device, |
| 2930 | "Symmetrix ioctl (0x%02x 0x%02x): rc=%d", | ||
| 2931 | (int) psf0, (int) psf1, rc); | ||
| 2929 | return rc; | 2932 | return rc; |
| 2930 | } | 2933 | } |
| 2931 | 2934 | ||