Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-23 04:31:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

sg: restore command permission for TYPE_SCANNER

Browse Source 
sg allowed any command for TYPE_SCANNER. The cmd_filter patchset
doesn't. We can't change sg's permission since it might break the
existing software.

Signed-off-by: FUJITA Tomonori <fujita.tomonori@lab.ntt.co.jp>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
This commit is contained in:
FUJITA Tomonori 2008-07-26 18:03:24 +09:00 committed by Jens Axboe
parent abf5439370
commit 14e507b852
1 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
drivers/scsi/sg.c
View File

@ -217,6 +217,18 @@ static int sg_last_dev(void);
#define SZ_SG_IOVEC sizeof(sg_iovec_t) #define SZ_SG_IOVEC sizeof(sg_iovec_t)
#define SZ_SG_REQ_INFO sizeof(sg_req_info_t) #define SZ_SG_REQ_INFO sizeof(sg_req_info_t)
static int sg_allow_access(struct file *filp, unsigned char *cmd)
{
struct sg_fd *sfp = (struct sg_fd *)filp->private_data;
struct request_queue *q = sfp->parentdp->device->request_queue;
if (sfp->parentdp->device->type == TYPE_SCANNER)
return 0;
return blk_verify_command(&q->cmd_filter,
cmd, filp->f_mode & FMODE_WRITE);
}
static int static int
sg_open(struct inode *inode, struct file *filp) sg_open(struct inode *inode, struct file *filp)
{ {
@ -641,7 +653,6 @@ sg_new_write(Sg_fd *sfp, struct file *file, const char __user *buf,
unsigned char cmnd[MAX_COMMAND_SIZE]; unsigned char cmnd[MAX_COMMAND_SIZE];
int timeout; int timeout;
unsigned long ul_timeout; unsigned long ul_timeout;
struct request_queue *q;
if (count < SZ_SG_IO_HDR) if (count < SZ_SG_IO_HDR)
return -EINVAL; return -EINVAL;
@ -690,9 +701,7 @@ sg_new_write(Sg_fd *sfp, struct file *file, const char __user *buf,
sg_remove_request(sfp, srp); sg_remove_request(sfp, srp);
return -EFAULT; return -EFAULT;
} }
q = sfp->parentdp->device->request_queue; if (read_only && sg_allow_access(file, cmnd)) {
if (read_only && blk_verify_command(&q->cmd_filter, cmnd,
file->f_mode & FMODE_WRITE)) {
sg_remove_request(sfp, srp); sg_remove_request(sfp, srp);
return -EPERM; return -EPERM;
} }
@ -1061,14 +1070,11 @@ sg_ioctl(struct inode *inode, struct file *filp,
return -ENODEV; return -ENODEV;
if (read_only) { if (read_only) {
unsigned char opcode = WRITE_6; unsigned char opcode = WRITE_6;
struct request_queue *q = sdp->device->request_queue;
Scsi_Ioctl_Command __user *siocp = p; Scsi_Ioctl_Command __user *siocp = p;
if (copy_from_user(&opcode, siocp->data, 1)) if (copy_from_user(&opcode, siocp->data, 1))
return -EFAULT; return -EFAULT;
if (blk_verify_command(&q->cmd_filter, if (sg_allow_access(filp, &opcode))
&opcode,
filp->f_mode & FMODE_WRITE))
return -EPERM; return -EPERM;
} }
return sg_scsi_ioctl(filp, sdp->device->request_queue, NULL, p); return sg_scsi_ioctl(filp, sdp->device->request_queue, NULL, p);