[PATCH v3] pci: use security_capable() when checking capablities during config space read

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Chris Wright <chrisw@sous-sol.org>
To: James Morris <jmorris@namei.org>
Cc: Chris Wright <chrisw@sous-sol.org>,
	Linus Torvalds <torvalds@linux-foundation.org>,
	Dave Airlie <airlied@gmail.com>,
	Dave Young <hidave.darkstar@gmail.com>,
	linux-kernel@vger.kernel.org, David Airlie <airlied@linux.ie>,
	dri-devel@lists.freedesktop.org, Alex Riesen <raa.lkml@gmail.com>,
	Sedat Dilek <sedat.dilek@googlemail.com>,
	Eric Paris <eparis@redhat.com>
Subject: [PATCH v3] pci: use security_capable() when checking capablities during config space read
Date: Mon, 14 Feb 2011 17:21:49 -0800	[thread overview]
Message-ID: <20110215012149.GM9869@sequoia.sous-sol.org> (raw)
In-Reply-To: <alpine.LRH.2.00.1102141203430.12055@tundra.namei.org>

This reintroduces commit 47970b1b which was subsequently reverted
as f00eaeea.  The original change was broken and caused X startup
failures and generally made privileged processes incapable of reading
device dependent config space.  The normal capable() interface returns
true on success, but the LSM interface returns 0 on success.  This thinko
is now fixed in this patch, and has been confirmed to work properly.

So, once again...Eric Paris noted that commit de139a3 ("pci: check caps
from sysfs file open to read device dependent config space") caused the
capability check to bypass security modules and potentially auditing.
Rectify this by calling security_capable() when checking the open file's
capabilities for config space reads.

Reported-by: Eric Paris <eparis@redhat.com>
Tested-by: Dave Young <hidave.darkstar@gmail.com>
Acked-by: James Morris <jmorris@namei.org>
Cc: Dave Airlie <airlied@gmail.com>
Cc: Alex Riesen <raa.lkml@gmail.com>
Cc: Sedat Dilek <sedat.dilek@googlemail.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
---
v2: added Reported-by Eric
v3: fix logic screw up

 drivers/pci/pci-sysfs.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c
index 8ecaac9..ea25e5b 100644
--- a/drivers/pci/pci-sysfs.c
+++ b/drivers/pci/pci-sysfs.c
@@ -23,6 +23,7 @@
 #include <linux/mm.h>
 #include <linux/fs.h>
 #include <linux/capability.h>
+#include <linux/security.h>
 #include <linux/pci-aspm.h>
 #include <linux/slab.h>
 #include "pci.h"
@@ -368,7 +369,7 @@ pci_read_config(struct file *filp, struct kobject *kobj,
 	u8 *data = (u8*) buf;
 
 	/* Several chips lock up trying to read undefined config space */
-	if (cap_raised(filp->f_cred->cap_effective, CAP_SYS_ADMIN)) {
+	if (security_capable(filp->f_cred, CAP_SYS_ADMIN) == 0) {
 		size = dev->cfg_size;
 	} else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) {
 		size = 128;
-- 
1.7.3.4

next prev parent reply	other threads:[~2011-02-15  1:26 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2011-02-13  6:22 Regression - Xorg start failed Dave Young
2011-02-13  7:53 ` Dave Airlie
2011-02-13  7:53   ` Dave Airlie
2011-02-13 15:50   ` Linus Torvalds
2011-02-13 15:50     ` Linus Torvalds
2011-02-14  0:35     ` Chris Wright
2011-02-14  1:04       ` James Morris
2011-02-15  1:21         ` Chris Wright [this message]
2011-02-15  9:39           ` [PATCH v3] pci: use security_capable() when checking capablities during config space read James Morris
2011-02-16  6:24           ` Alex Riesen
2011-02-16  6:24             ` Alex Riesen
2011-02-14  5:38       ` Regression - Xorg start failed Dave Young
2011-02-14 16:56         ` Chris Wright
2011-02-13 23:31   ` Chris Wright
2011-02-13 23:34     ` Dave Airlie
2011-02-13 23:35       ` Chris Wright
2011-02-13  8:15 ` Alex Riesen
2011-02-13  8:15   ` Alex Riesen

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8ecaac9 dfblob:ea25e5b )
 OR (
bs:"[PATCH v3] pci: use security_capable() when checking capablities during config space read" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20110215012149.GM9869@sequoia.sous-sol.org \
    --to=chrisw@sous-sol.org \
    --cc=airlied@gmail.com \
    --cc=airlied@linux.ie \
    --cc=dri-devel@lists.freedesktop.org \
    --cc=eparis@redhat.com \
    --cc=hidave.darkstar@gmail.com \
    --cc=jmorris@namei.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=raa.lkml@gmail.com \
    --cc=sedat.dilek@googlemail.com \
    --cc=torvalds@linux-foundation.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.