From: Todd Poynor <toddpoynor@xxxxxxxxxx> Always allow root to open device for writing. Drop special-casing of ioctl permissions for root vs. owner. Convert to bool types as appropriate. Reported-by: Dmitry Torokhov <dtor@xxxxxxxxxxxx> Signed-off-by: Zhongze Hu <frankhu@xxxxxxxxxxxx> Signed-off-by: Todd Poynor <toddpoynor@xxxxxxxxxx> --- drivers/staging/gasket/apex_driver.c | 15 ++++---------- drivers/staging/gasket/gasket_core.c | 8 ++++--- drivers/staging/gasket/gasket_ioctl.c | 30 +++++++++++++-------------- 3 files changed, 23 insertions(+), 30 deletions(-) diff --git a/drivers/staging/gasket/apex_driver.c b/drivers/staging/gasket/apex_driver.c index a01b1f2b827ea..4c00f3609f081 100644 --- a/drivers/staging/gasket/apex_driver.c +++ b/drivers/staging/gasket/apex_driver.c @@ -140,7 +140,7 @@ static int apex_reset(struct gasket_dev *gasket_dev, uint type); static int apex_get_status(struct gasket_dev *gasket_dev); -static uint apex_ioctl_check_permissions(struct file *file, uint cmd); +static bool apex_ioctl_check_permissions(struct file *file, uint cmd); static long apex_ioctl(struct file *file, uint cmd, ulong arg); @@ -625,18 +625,11 @@ static bool is_gcb_in_reset(struct gasket_dev *gasket_dev) * @file: File pointer from ioctl. * @cmd: ioctl command. * - * Returns 1 if the current user may execute this ioctl, and 0 otherwise. + * Returns true if the current user may execute this ioctl, and false otherwise. */ -static uint apex_ioctl_check_permissions(struct file *filp, uint cmd) +static bool apex_ioctl_check_permissions(struct file *filp, uint cmd) { - struct gasket_dev *gasket_dev = filp->private_data; - int root = capable(CAP_SYS_ADMIN); - int is_owner = gasket_dev->dev_info.ownership.is_owned && - current->tgid == gasket_dev->dev_info.ownership.owner; - - if (root || is_owner) - return 1; - return 0; + return !!(filp->f_mode & FMODE_WRITE); } /* diff --git a/drivers/staging/gasket/gasket_core.c b/drivers/staging/gasket/gasket_core.c index ba48a379b0ada..254fb392c05c1 100644 --- a/drivers/staging/gasket/gasket_core.c +++ b/drivers/staging/gasket/gasket_core.c @@ -1072,6 +1072,7 @@ static int gasket_open(struct inode *inode, struct file *filp) char task_name[TASK_COMM_LEN]; struct gasket_cdev_info *dev_info = container_of(inode->i_cdev, struct gasket_cdev_info, cdev); + int is_root = capable(CAP_SYS_ADMIN); gasket_dev = dev_info->gasket_dev_ptr; driver_desc = gasket_dev->internal_desc->driver_desc; @@ -1085,7 +1086,7 @@ static int gasket_open(struct inode *inode, struct file *filp) "Attempting to open with tgid %u (%s) (f_mode: 0%03o, " "fmode_write: %d is_root: %u)", current->tgid, task_name, filp->f_mode, - (filp->f_mode & FMODE_WRITE), capable(CAP_SYS_ADMIN)); + (filp->f_mode & FMODE_WRITE), is_root); /* Always allow non-writing accesses. */ if (!(filp->f_mode & FMODE_WRITE)) { @@ -1099,8 +1100,9 @@ static int gasket_open(struct inode *inode, struct file *filp) gasket_dev, "Current owner open count (owning tgid %u): %d.", ownership->owner, ownership->write_open_count); - /* Opening a node owned by another TGID is an error (even root.) */ - if (ownership->is_owned && ownership->owner != current->tgid) { + /* Opening a node owned by another TGID is an error (unless root) */ + if (ownership->is_owned && ownership->owner != current->tgid && + !is_root) { gasket_log_error( gasket_dev, "Process %u is opening a node held by %u.", diff --git a/drivers/staging/gasket/gasket_ioctl.c b/drivers/staging/gasket/gasket_ioctl.c index d0142ed048a65..8fd44979fe713 100644 --- a/drivers/staging/gasket/gasket_ioctl.c +++ b/drivers/staging/gasket/gasket_ioctl.c @@ -22,7 +22,7 @@ #define trace_gasket_ioctl_config_coherent_allocator(x, ...) #endif -static uint gasket_ioctl_check_permissions(struct file *filp, uint cmd); +static bool gasket_ioctl_check_permissions(struct file *filp, uint cmd); static int gasket_set_event_fd(struct gasket_dev *dev, ulong arg); static int gasket_read_page_table_size( struct gasket_dev *gasket_dev, ulong arg); @@ -167,12 +167,13 @@ long gasket_is_supported_ioctl(uint cmd) * @filp: File structure pointer describing this node usage session. * @cmd: ioctl number to handle. * - * Standard permissions checker. + * Check permissions for Gasket ioctls. + * Returns true if the file opener may execute this ioctl, or false otherwise. */ -static uint gasket_ioctl_check_permissions(struct file *filp, uint cmd) +static bool gasket_ioctl_check_permissions(struct file *filp, uint cmd) { - uint alive, root, device_owner; - fmode_t read, write; + bool alive; + bool read, write; struct gasket_dev *gasket_dev = (struct gasket_dev *)filp->private_data; alive = (gasket_dev->status == GASKET_STATUS_ALIVE); @@ -183,36 +184,33 @@ static uint gasket_ioctl_check_permissions(struct file *filp, uint cmd) alive, gasket_dev->status); } - root = capable(CAP_SYS_ADMIN); - read = filp->f_mode & FMODE_READ; - write = filp->f_mode & FMODE_WRITE; - device_owner = (gasket_dev->dev_info.ownership.is_owned && - current->tgid == gasket_dev->dev_info.ownership.owner); + read = !!(filp->f_mode & FMODE_READ); + write = !!(filp->f_mode & FMODE_WRITE); switch (cmd) { case GASKET_IOCTL_RESET: case GASKET_IOCTL_CLEAR_INTERRUPT_COUNTS: - return root || (write && device_owner); + return write; case GASKET_IOCTL_PAGE_TABLE_SIZE: case GASKET_IOCTL_SIMPLE_PAGE_TABLE_SIZE: case GASKET_IOCTL_NUMBER_PAGE_TABLES: - return root || read; + return read; case GASKET_IOCTL_PARTITION_PAGE_TABLE: case GASKET_IOCTL_CONFIG_COHERENT_ALLOCATOR: - return alive && (root || (write && device_owner)); + return alive && write; case GASKET_IOCTL_MAP_BUFFER: case GASKET_IOCTL_UNMAP_BUFFER: - return alive && (root || (write && device_owner)); + return alive && write; case GASKET_IOCTL_CLEAR_EVENTFD: case GASKET_IOCTL_SET_EVENTFD: - return alive && (root || (write && device_owner)); + return alive && write; } - return 0; /* unknown permissions */ + return false; /* unknown permissions */ } /* -- 2.18.0.233.g985f88cf7e-goog _______________________________________________ devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxx http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel