[Devel] [PATCH 2/4] blk-cbt: Factor out common capability check

Tue Feb 21 22:24:30 MSK 2023

On 21.02.23 г. 20:19 ч., Konstantin Khorenko wrote:
> On 27.01.2023 12:34, Nikolay Borisov wrote:
>> Instead of duplicating CAP_SYS_ADMIN check for every block-cbt ioctl
>> apart from BLKCBTGET simply factor out the check in the beginning of
>> blk_cbt_ioctl.
>>
>> Signed-off-by: Nikolay Borisov <nikolay.borisov at virtuozzo.com>
>> ---
>>   block/blk-cbt.c | 17 +++--------------
>>   1 file changed, 3 insertions(+), 14 deletions(-)
>>
>> diff --git a/block/blk-cbt.c b/block/blk-cbt.c
>> index e2a9be83ac0d..269709c7589b 100644
>> --- a/block/blk-cbt.c
>> +++ b/block/blk-cbt.c
>> @@ -992,32 +992,21 @@ int blk_cbt_ioctl(struct block_device *bdev, 
>> unsigned cmd, char __user *arg)
>>   {
>>       struct blk_user_cbt_info __user *ucbt_ioc = (struct 
>> blk_user_cbt_info __user *) arg;
>> +    if (cmd != BLKCBTGET && !capable(CAP_SYS_ADMIN))
>> +        return -EACCES;
>> +
> 
> BTW, this changes the behavior a bit.
> In case the cmd provided is unknown previously we hit BUG() in any case,
> and now we get -EACCES in case !capable(CAP_SYS_ADMIN).
> 
> Though i don't think this is a show stopper for this patch.

This means anyone would be able to crash the machine if they sent a 
bogus IOCTL.

> 
>>       switch(cmd) {
>>       case BLKCBTSTART:
>> -        if (!capable(CAP_SYS_ADMIN))
>> -            return -EACCES;
>>           return cbt_ioc_init(bdev, ucbt_ioc);
>>       case BLKCBTSTOP:
>> -        if (!capable(CAP_SYS_ADMIN))
>> -            return -EACCES;
>> -
>>           return cbt_ioc_stop(bdev);
>>       case BLKCBTGET:
>>           return cbt_ioc_get(bdev, ucbt_ioc);
>>       case BLKCBTSET:
>> -        if (!capable(CAP_SYS_ADMIN))
>> -            return -EACCES;
>> -
>>           return cbt_ioc_set(bdev, ucbt_ioc, 1);
>>       case BLKCBTCLR:
>> -        if (!capable(CAP_SYS_ADMIN))
>> -            return -EACCES;
>> -
>>           return cbt_ioc_set(bdev, ucbt_ioc, 0);
>>       case BLKCBTMISC:
>> -        if (!capable(CAP_SYS_ADMIN))
>> -            return -EACCES;
>> -
>>           return cbt_ioc_misc(bdev, arg);
>>       default:
>>           BUG();