Commit bb749b31 authored Oct 18, 2017 by Ilya Dryomov Committed by Jens Axboe Oct 25, 2017

block: move CAP_SYS_ADMIN check in blkdev_roset()



Check for CAP_SYS_ADMIN before calling into the driver, similar to
blkdev_flushbuf().  This is safer and can spare a check in the driver.

(Currently BLKROSET is overridden by md and rbd, rbd is missing the
check.  md has the check, but it covers a lot more than BLKROSET.)

Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>

parent 351499a1

block/ioctl.c

+3 −2

Original line number	Diff line number	Diff line
		@@ -443,11 +443,12 @@ static int blkdev_roset(struct block_device *bdev, fmode_t mode,
		{
		int ret, n;

		if (!capable(CAP_SYS_ADMIN))
		return -EACCES;

		ret = __blkdev_driver_ioctl(bdev, mode, cmd, arg);
		if (!is_unrecognized_ioctl(ret))
		return ret;
		if (!capable(CAP_SYS_ADMIN))
		return -EACCES;
		if (get_user(n, (int __user *)arg))
		return -EFAULT;
		set_device_ro(bdev, n);