diff options
author | Ilya Dryomov <idryomov@gmail.com> | 2017-10-18 14:38:38 +0200 |
---|---|---|
committer | Jens Axboe <axboe@kernel.dk> | 2017-10-25 12:25:00 -0600 |
commit | bb749b31c25e9b11f8f974baac8d507298ffbb70 (patch) | |
tree | 7ac80dc67d5ea61bc42896d5aea13a193ba28f14 | |
parent | 351499a172c0c5fc52d65ee2c62b344f369ea02a (diff) | |
download | lwn-bb749b31c25e9b11f8f974baac8d507298ffbb70.tar.gz lwn-bb749b31c25e9b11f8f974baac8d507298ffbb70.zip |
block: move CAP_SYS_ADMIN check in blkdev_roset()
Check for CAP_SYS_ADMIN before calling into the driver, similar to
blkdev_flushbuf(). This is safer and can spare a check in the driver.
(Currently BLKROSET is overridden by md and rbd, rbd is missing the
check. md has the check, but it covers a lot more than BLKROSET.)
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
-rw-r--r-- | block/ioctl.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/block/ioctl.c b/block/ioctl.c index c0fc32bd8ed1..1668506d8ed8 100644 --- a/block/ioctl.c +++ b/block/ioctl.c @@ -443,11 +443,12 @@ static int blkdev_roset(struct block_device *bdev, fmode_t mode, { int ret, n; + if (!capable(CAP_SYS_ADMIN)) + return -EACCES; + ret = __blkdev_driver_ioctl(bdev, mode, cmd, arg); if (!is_unrecognized_ioctl(ret)) return ret; - if (!capable(CAP_SYS_ADMIN)) - return -EACCES; if (get_user(n, (int __user *)arg)) return -EFAULT; set_device_ro(bdev, n); |