> +ssize_t blk_filter_store(struct request_queue *q,
> + const char *page, size_t count, int rw)
> +{
> + unsigned long okbits[BLK_SCSI_CMD_PER_LONG], *target_okbits;
> + bool set;
> + const char *p = page;
> + char *endp;
> + int start = -1, cmd;
> +
> + if (!q->cmd_filter) {
> + q->cmd_filter = kmalloc(sizeof(struct blk_cmd_filter),
> + GFP_KERNEL);
> + blk_set_cmd_filter_defaults(q->cmd_filter);
> + }
> +
This also needs CAP_SYS_RAWIO otherwise you have a capability escalation
path.
I'm not really in favour of this patch as is. It's not as flexible as
doing it with a BPF filter which if we are going to have a new API is
going to be cleaner, faster and has a clear understood API plus tools.
With BPF you can do things like enabling command A with option B on a
specific device for a certain block range.
--
To unsubscribe from this list: send the line "unsubscribe linux-scsi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
