[S390] dasd: security and PSF update patch for EMC CKD ioctl
authorNigel Hislop <hislop_nigel@emc.com>
Mon, 8 Mar 2010 11:25:16 +0000 (12:25 +0100)
committerMartin Schwidefsky <sky@mschwide.boeblingen.de.ibm.com>
Mon, 8 Mar 2010 11:25:30 +0000 (12:25 +0100)
Remove the PSF order/suborder check from the Symmetrix CKD dasd ioctl.
In exchange restrict the ioctl to CAP_SYS_ADMIN and CAP_SYS_RAWIO.

Signed-off-by: Nigel Hislop <hislop_nigel@emc.com>
Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
drivers/s390/block/dasd_eckd.c

index 1cca21aafaba30920ecd933324b25e7ebbf11122..d7163f904f40440d12b7239e31891d47553bcaa7 100644 (file)
@@ -2839,8 +2839,13 @@ static int dasd_symm_io(struct dasd_device *device, void __user *argp)
        char *psf_data, *rssd_result;
        struct dasd_ccw_req *cqr;
        struct ccw1 *ccw;
+       char psf0, psf1;
        int rc;
 
+       if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RAWIO))
+               return -EACCES;
+       psf0 = psf1 = 0;
+
        /* Copy parms from caller */
        rc = -EFAULT;
        if (copy_from_user(&usrparm, argp, sizeof(usrparm)))
@@ -2869,12 +2874,8 @@ static int dasd_symm_io(struct dasd_device *device, void __user *argp)
                           (void __user *)(unsigned long) usrparm.psf_data,
                           usrparm.psf_data_len))
                goto out_free;
-
-       /* sanity check on syscall header */
-       if (psf_data[0] != 0x17 && psf_data[1] != 0xce) {
-               rc = -EINVAL;
-               goto out_free;
-       }
+       psf0 = psf_data[0];
+       psf1 = psf_data[1];
 
        /* setup CCWs for PSF + RSSD */
        cqr = dasd_smalloc_request(DASD_ECKD_MAGIC, 2 , 0, device);
@@ -2925,7 +2926,9 @@ out_free:
        kfree(rssd_result);
        kfree(psf_data);
 out:
-       DBF_DEV_EVENT(DBF_WARNING, device, "Symmetrix ioctl: rc=%d", rc);
+       DBF_DEV_EVENT(DBF_WARNING, device,
+                     "Symmetrix ioctl (0x%02x 0x%02x): rc=%d",
+                     (int) psf0, (int) psf1, rc);
        return rc;
 }