aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNigel Hislop <hislop_nigel@emc.com>2010-03-08 12:25:16 +0100
committerMartin Schwidefsky <sky@mschwide.boeblingen.de.ibm.com>2010-03-08 12:25:30 +0100
commit52898025cf7d458d029c18773d0ef49b4789d829 (patch)
treef7a7b99a6001d4edb625d669fc6d59073269bb82
parent91a970d9889c7d6f451ee91ed361d0f0119d3778 (diff)
[S390] dasd: security and PSF update patch for EMC CKD ioctl
Remove the PSF order/suborder check from the Symmetrix CKD dasd ioctl. In exchange restrict the ioctl to CAP_SYS_ADMIN and CAP_SYS_RAWIO. Signed-off-by: Nigel Hislop <hislop_nigel@emc.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
-rw-r--r--drivers/s390/block/dasd_eckd.c17
1 files changed, 10 insertions, 7 deletions
diff --git a/drivers/s390/block/dasd_eckd.c b/drivers/s390/block/dasd_eckd.c
index 1cca21aafab..d7163f904f4 100644
--- a/drivers/s390/block/dasd_eckd.c
+++ b/drivers/s390/block/dasd_eckd.c
@@ -2839,8 +2839,13 @@ static int dasd_symm_io(struct dasd_device *device, void __user *argp)
char *psf_data, *rssd_result;
struct dasd_ccw_req *cqr;
struct ccw1 *ccw;
+ char psf0, psf1;
int rc;
+ if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RAWIO))
+ return -EACCES;
+ psf0 = psf1 = 0;
+
/* Copy parms from caller */
rc = -EFAULT;
if (copy_from_user(&usrparm, argp, sizeof(usrparm)))
@@ -2869,12 +2874,8 @@ static int dasd_symm_io(struct dasd_device *device, void __user *argp)
(void __user *)(unsigned long) usrparm.psf_data,
usrparm.psf_data_len))
goto out_free;
-
- /* sanity check on syscall header */
- if (psf_data[0] != 0x17 && psf_data[1] != 0xce) {
- rc = -EINVAL;
- goto out_free;
- }
+ psf0 = psf_data[0];
+ psf1 = psf_data[1];
/* setup CCWs for PSF + RSSD */
cqr = dasd_smalloc_request(DASD_ECKD_MAGIC, 2 , 0, device);
@@ -2925,7 +2926,9 @@ out_free:
kfree(rssd_result);
kfree(psf_data);
out:
- DBF_DEV_EVENT(DBF_WARNING, device, "Symmetrix ioctl: rc=%d", rc);
+ DBF_DEV_EVENT(DBF_WARNING, device,
+ "Symmetrix ioctl (0x%02x 0x%02x): rc=%d",
+ (int) psf0, (int) psf1, rc);
return rc;
}