Commit 52898025 authored by Nigel Hislop's avatar Nigel Hislop Committed by Martin Schwidefsky

[S390] dasd: security and PSF update patch for EMC CKD ioctl

Remove the PSF order/suborder check from the Symmetrix CKD dasd ioctl.
In exchange restrict the ioctl to CAP_SYS_ADMIN and CAP_SYS_RAWIO.
Signed-off-by: default avatarNigel Hislop <hislop_nigel@emc.com>
Signed-off-by: default avatarMartin Schwidefsky <schwidefsky@de.ibm.com>
parent 91a970d9
...@@ -2839,8 +2839,13 @@ static int dasd_symm_io(struct dasd_device *device, void __user *argp) ...@@ -2839,8 +2839,13 @@ static int dasd_symm_io(struct dasd_device *device, void __user *argp)
char *psf_data, *rssd_result; char *psf_data, *rssd_result;
struct dasd_ccw_req *cqr; struct dasd_ccw_req *cqr;
struct ccw1 *ccw; struct ccw1 *ccw;
char psf0, psf1;
int rc; int rc;
if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RAWIO))
return -EACCES;
psf0 = psf1 = 0;
/* Copy parms from caller */ /* Copy parms from caller */
rc = -EFAULT; rc = -EFAULT;
if (copy_from_user(&usrparm, argp, sizeof(usrparm))) if (copy_from_user(&usrparm, argp, sizeof(usrparm)))
...@@ -2869,12 +2874,8 @@ static int dasd_symm_io(struct dasd_device *device, void __user *argp) ...@@ -2869,12 +2874,8 @@ static int dasd_symm_io(struct dasd_device *device, void __user *argp)
(void __user *)(unsigned long) usrparm.psf_data, (void __user *)(unsigned long) usrparm.psf_data,
usrparm.psf_data_len)) usrparm.psf_data_len))
goto out_free; goto out_free;
psf0 = psf_data[0];
/* sanity check on syscall header */ psf1 = psf_data[1];
if (psf_data[0] != 0x17 && psf_data[1] != 0xce) {
rc = -EINVAL;
goto out_free;
}
/* setup CCWs for PSF + RSSD */ /* setup CCWs for PSF + RSSD */
cqr = dasd_smalloc_request(DASD_ECKD_MAGIC, 2 , 0, device); cqr = dasd_smalloc_request(DASD_ECKD_MAGIC, 2 , 0, device);
...@@ -2925,7 +2926,9 @@ out_free: ...@@ -2925,7 +2926,9 @@ out_free:
kfree(rssd_result); kfree(rssd_result);
kfree(psf_data); kfree(psf_data);
out: out:
DBF_DEV_EVENT(DBF_WARNING, device, "Symmetrix ioctl: rc=%d", rc); DBF_DEV_EVENT(DBF_WARNING, device,
"Symmetrix ioctl (0x%02x 0x%02x): rc=%d",
(int) psf0, (int) psf1, rc);
return rc; return rc;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment