From: John Feeney <jfeeney@redhat.com> Date: Tue, 12 Oct 2010 22:11:39 -0400 Subject: [s390] dasd_eckd: remove PSF order/suborder ioctl check Message-id: <4CB4DD1B.402@redhat.com> Patchwork-id: 28720 O-Subject: [RHEL5.6 PATCH] Remove PSF order/suborder check for dasd ioctl Bugzilla: 565973 RH-Acked-by: Bob Picco <bpicco@redhat.com> RH-Acked-by: Dean Nelson <dnelson@redhat.com> RH-Acked-by: Don Zickus <dzickus@redhat.com> bz565973 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=565973 [EMC 5.6 bug] security and PSF update patch for EMC CKD ioctl Description of problem: The EMC Symmetrix CKD dasd ioctl has an unnecessary order/ suborder check. Solution: Remove the unnecessary check but do restrict the ioctl to root only. Upstream status: The upstream commit: From: Nigel Hislop <hislop_nigel@emc.com> Date: Mon, 8 Mar 2010 11:25:16 +0000 (+0100) Subject: [S390] dasd: security and PSF update patch for EMC CKD ioctl 52898025cf7d458d029c18773d0ef49b4789d829 [S390] dasd: security and PSF update patch for EMC CKD ioctl Remove the PSF order/suborder check from the Symmetrix CKD dasd ioctl. In exchange restrict the ioctl to CAP_SYS_ADMIN and CAP_SYS_RAWIO. Brew: Successfully built for all arches in Brew (task_2812247) Testing: EMC successfully tested this fix (refer to comment #11 in bz). Acks would be appreciated. Thanks. Signed-off-by: Jarod Wilson <jarod@redhat.com> diff --git a/drivers/s390/block/dasd_eckd.c b/drivers/s390/block/dasd_eckd.c index e61b91a..cb314c7 100644 --- a/drivers/s390/block/dasd_eckd.c +++ b/drivers/s390/block/dasd_eckd.c @@ -1799,8 +1799,13 @@ static int dasd_symm_io(struct dasd_device *device, void __user *argp) char *psf_data, *rssd_result; struct dasd_ccw_req *cqr; struct ccw1 *ccw; + char psf0, psf1; int rc; + if (!capable(CAP_SYS_ADMIN) && !capable(CAP_SYS_RAWIO)) + return -EACCES; + psf0 = psf1 = 0; + /* Copy parms from caller */ rc = -EFAULT; if (copy_from_user(&usrparm, argp, sizeof(usrparm))) @@ -1826,12 +1831,8 @@ static int dasd_symm_io(struct dasd_device *device, void __user *argp) (void __user *)(unsigned long) usrparm.psf_data, usrparm.psf_data_len)) goto out_free; - - /* sanity check on syscall header */ - if (psf_data[0] != 0x17 && psf_data[1] != 0xce) { - rc = -EINVAL; - goto out_free; - } + psf0 = psf_data[0]; + psf1 = psf_data[1]; /* setup CCWs for PSF + RSSD */ cqr = dasd_smalloc_request("ECKD", 2 , 0, device); @@ -1881,7 +1882,9 @@ out_free: kfree(rssd_result); kfree(psf_data); out: - DBF_DEV_EVENT(DBF_WARNING, device, "Symmetrix ioctl: rc=%d", rc); + DBF_DEV_EVENT(DBF_WARNING, device, + "Symmetrix ioctl (0x%02x 0x%02x): rc=%d", + (int) psf0, (int) psf1, rc); return rc; }