+ rtc-subsystem-add-capability-checks.patch added to -mm tree

akpm@xxxxxxxx · Thu, 18 May 2006 00:02:36 -0700

The patch titled

     rtc subsystem: add capability checks

has been added to the -mm tree.  Its filename is

     rtc-subsystem-add-capability-checks.patch

See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this


From: Alessandro Zummo <alessandro.zummo@xxxxxxxxxxxx>

Centralize CAP_SYS_XXX checks to avoid duplicate code and missing checks in
the drivers.

Signed-off-by: Alessandro Zummo <a.zummo@xxxxxxxxxxxx>
Cc: Richard Purdie <rpurdie@xxxxxxxxx>
Cc: Yoichi Yuasa <yoichi_yuasa@xxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---

 drivers/rtc/class.c      |    1 +
 drivers/rtc/rtc-dev.c    |   29 ++++++++++++++++++++++-------
 drivers/rtc/rtc-sa1100.c |    4 ----
 drivers/rtc/rtc-vr41xx.c |    8 --------
 include/linux/rtc.h      |    1 +
 5 files changed, 24 insertions(+), 19 deletions(-)

diff -puN drivers/rtc/class.c~rtc-subsystem-add-capability-checks drivers/rtc/class.c

--- devel/drivers/rtc/class.c~rtc-subsystem-add-capability-checks	2006-05-18 00:02:17.000000000 -0700
+++ devel-akpm/drivers/rtc/class.c	2006-05-18 00:02:17.000000000 -0700
@@ -69,6 +69,7 @@ struct rtc_device *rtc_device_register(c
 	rtc->id = id;
 	rtc->ops = ops;
 	rtc->owner = owner;
+	rtc->max_user_freq = 64;
 	rtc->class_dev.dev = dev;
 	rtc->class_dev.class = rtc_class;
 	rtc->class_dev.release = rtc_device_release;
diff -puN drivers/rtc/rtc-dev.c~rtc-subsystem-add-capability-checks drivers/rtc/rtc-dev.c
--- devel/drivers/rtc/rtc-dev.c~rtc-subsystem-add-capability-checks	2006-05-18 00:02:17.000000000 -0700
+++ devel-akpm/drivers/rtc/rtc-dev.c	2006-05-18 00:02:17.000000000 -0700
@@ -214,6 +214,28 @@ static int rtc_dev_ioctl(struct inode *i
 	struct rtc_wkalrm alarm;
 	void __user *uarg = (void __user *) arg;
 
+	/* check that the calles has appropriate permissions
+	 * for certain ioctls. doing this check here is useful
+	 * to avoid duplicate code in each driver.
+	 */
+	switch (cmd) {
+	case RTC_EPOCH_SET:
+	case RTC_SET_TIME:
+		if (!capable(CAP_SYS_TIME))
+			return -EACCES;
+		break;
+
+	case RTC_IRQP_SET:
+		if (arg > rtc->max_user_freq && !capable(CAP_SYS_RESOURCE))
+			return -EACCES;
+		break;
+
+	case RTC_PIE_ON:
+		if (!capable(CAP_SYS_RESOURCE))
+			return -EACCES;
+		break;
+	}
+
 	/* avoid conflicting IRQ users */
 	if (cmd == RTC_PIE_ON || cmd == RTC_PIE_OFF || cmd == RTC_IRQP_SET) {
 		spin_lock(&rtc->irq_task_lock);
@@ -272,9 +294,6 @@ static int rtc_dev_ioctl(struct inode *i
 		break;
 
 	case RTC_SET_TIME:
-		if (!capable(CAP_SYS_TIME))
-			return -EACCES;
-
 		if (copy_from_user(&tm, uarg, sizeof(tm)))
 			return -EFAULT;
 
@@ -290,10 +309,6 @@ static int rtc_dev_ioctl(struct inode *i
 			err = -EINVAL;
 			break;
 		}
-		if (!capable(CAP_SYS_TIME)) {
-			err = -EACCES;
-			break;
-		}
 		rtc_epoch = arg;
 		err = 0;
 #endif
diff -puN drivers/rtc/rtc-sa1100.c~rtc-subsystem-add-capability-checks drivers/rtc/rtc-sa1100.c
--- devel/drivers/rtc/rtc-sa1100.c~rtc-subsystem-add-capability-checks	2006-05-18 00:02:17.000000000 -0700
+++ devel-akpm/drivers/rtc/rtc-sa1100.c	2006-05-18 00:02:17.000000000 -0700
@@ -229,8 +229,6 @@ static int sa1100_rtc_ioctl(struct devic
 		spin_unlock_irq(&sa1100_rtc_lock);
 		return 0;
 	case RTC_PIE_ON:
-		if ((rtc_freq > 64) && !capable(CAP_SYS_RESOURCE))
-			return -EACCES;
 		spin_lock_irq(&sa1100_rtc_lock);
 		OSMR1 = TIMER_FREQ/rtc_freq + OSCR;
 		OIER |= OIER_E1;
@@ -242,8 +240,6 @@ static int sa1100_rtc_ioctl(struct devic
 	case RTC_IRQP_SET:
 		if (arg < 1 || arg > TIMER_FREQ)
 			return -EINVAL;
-		if ((arg > 64) && (!capable(CAP_SYS_RESOURCE)))
-			return -EACCES;
 		rtc_freq = arg;
 		return 0;
 	}
diff -puN drivers/rtc/rtc-vr41xx.c~rtc-subsystem-add-capability-checks drivers/rtc/rtc-vr41xx.c
--- devel/drivers/rtc/rtc-vr41xx.c~rtc-subsystem-add-capability-checks	2006-05-18 00:02:17.000000000 -0700
+++ devel-akpm/drivers/rtc/rtc-vr41xx.c	2006-05-18 00:02:17.000000000 -0700
@@ -81,7 +81,6 @@ MODULE_LICENSE("GPL");
 
 #define RTC_FREQUENCY		32768
 #define MAX_PERIODIC_RATE	6553
-#define MAX_USER_PERIODIC_RATE	64
 
 static void __iomem *rtc1_base;
 static void __iomem *rtc2_base;
@@ -240,9 +239,6 @@ static int vr41xx_rtc_ioctl(struct devic
 		if (arg > MAX_PERIODIC_RATE)
 			return -EINVAL;
 
-		if (arg > MAX_USER_PERIODIC_RATE && capable(CAP_SYS_RESOURCE) == 0)
-			return -EACCES;
-
 		periodic_frequency = arg;
 
 		count = RTC_FREQUENCY;
@@ -263,10 +259,6 @@ static int vr41xx_rtc_ioctl(struct devic
 		/* Doesn't support before 1900 */
 		if (arg < 1900)
 			return -EINVAL;
-
-		if (capable(CAP_SYS_TIME) == 0)
-			return -EACCES;
-
 		epoch = arg;
 		break;
 	default:
diff -puN include/linux/rtc.h~rtc-subsystem-add-capability-checks include/linux/rtc.h
--- devel/include/linux/rtc.h~rtc-subsystem-add-capability-checks	2006-05-18 00:02:17.000000000 -0700
+++ devel-akpm/include/linux/rtc.h	2006-05-18 00:02:34.000000000 -0700
@@ -155,6 +155,7 @@ struct rtc_device
 	struct rtc_task *irq_task;
 	spinlock_t irq_task_lock;
 	int irq_freq;
+	int max_user_freq;
 #ifdef CONFIG_RTC_INTF_DEV_UIE_EMUL
 	struct work_struct uie_task;
 	struct timer_list uie_timer;
_

Patches currently in -mm which might be from alessandro.zummo@xxxxxxxxxxxx are

rtc-subsystem-fix-capability-checks-in-kernel-interface.patch
rtc-subsystem-add-capability-checks.patch

-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




