From: Pavel Emelyanov <xemul@openvz.org>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Paul Menage <menage@google.com>,
Sukadev Bhattiprolu <sukadev@us.ibm.com>,
Serge Hallyn <serue@us.ibm.com>
Subject: [PATCH 5/9] Make use of permissions, returned by kobj_lookup
Date: Wed, 05 Mar 2008 20:37:40 +0300 [thread overview]
Message-ID: <47CEDA64.1070506@openvz.org> (raw)
In-Reply-To: <47CED717.60406@openvz.org>
Now check the requesting permissions against the granted
(with the dev_t-to-kobj map) ones.
The tricky place is chrdev_open - it caches the struct cdev
on inode and thus, we have to perform lookup each time
if we are in a restricted mapping.
The task_cdev_map and task_bdev_map provide the map which
the current task is in, but now they just return NULL, which
means, that the task is not in any.
Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
---
block/genhd.c | 8 +++++++-
fs/block_dev.c | 8 ++++++++
fs/char_dev.c | 18 ++++++++++++++++--
include/linux/devscontrol.h | 12 ++++++++++++
4 files changed, 43 insertions(+), 3 deletions(-)
create mode 100644 include/linux/devscontrol.h
diff --git a/block/genhd.c b/block/genhd.c
index 1d1d0f2..a619158 100644
--- a/block/genhd.c
+++ b/block/genhd.c
@@ -8,6 +8,7 @@
#include <linux/kdev_t.h>
#include <linux/kernel.h>
#include <linux/blkdev.h>
+#include <linux/devscontrol.h>
#include <linux/init.h>
#include <linux/spinlock.h>
#include <linux/seq_file.h>
@@ -212,10 +213,15 @@ void unlink_gendisk(struct gendisk *disk)
*/
struct gendisk *get_gendisk(dev_t devt, mode_t *mode, int *part)
{
+ struct kobj_map *map;
struct kobject *kobj;
struct device *dev;
- kobj = kobj_lookup(bdev_map, devt, mode, part);
+ map = task_bdev_map(current);
+ if (map == NULL)
+ map = bdev_map;
+
+ kobj = kobj_lookup(map, devt, mode, part);
if (kobj == NULL)
return NULL;
diff --git a/fs/block_dev.c b/fs/block_dev.c
index 00dda91..34dc607 100644
--- a/fs/block_dev.c
+++ b/fs/block_dev.c
@@ -945,6 +945,14 @@ static int do_open(struct block_device *bdev, struct file *file, int for_part)
bdput(bdev);
return ret;
}
+
+ if ((file->f_mode & mode) != file->f_mode) {
+ unlock_kernel();
+ bdput(bdev);
+ put_disk(disk);
+ return -EACCES;
+ }
+
owner = disk->fops->owner;
mutex_lock_nested(&bdev->bd_mutex, for_part);
diff --git a/fs/char_dev.c b/fs/char_dev.c
index dceb579..d042446 100644
--- a/fs/char_dev.c
+++ b/fs/char_dev.c
@@ -22,6 +22,8 @@
#include <linux/mutex.h>
#include <linux/backing-dev.h>
+#include <linux/devscontrol.h>
+
#ifdef CONFIG_KMOD
#include <linux/kmod.h>
#endif
@@ -361,19 +363,31 @@ static int chrdev_open(struct inode *inode, struct file *filp)
struct cdev *p;
struct cdev *new = NULL;
int ret = 0;
+ struct kobj_map *map;
+
+ map = task_cdev_map(current);
+ if (map == NULL)
+ map = cdev_map;
spin_lock(&cdev_lock);
p = inode->i_cdev;
- if (!p) {
+ if (!p || map != cdev_map) {
struct kobject *kobj;
int idx;
mode_t mode;
spin_unlock(&cdev_lock);
- kobj = kobj_lookup(cdev_map, inode->i_rdev, &mode, &idx);
+ kobj = kobj_lookup(map, inode->i_rdev, &mode, &idx);
if (!kobj)
return -ENXIO;
new = container_of(kobj, struct cdev, kobj);
+ BUG_ON(p != NULL && p != new);
+
+ if ((filp->f_mode & mode) != filp->f_mode) {
+ cdev_put(new);
+ return -EACCES;
+ }
+
spin_lock(&cdev_lock);
p = inode->i_cdev;
if (!p) {
diff --git a/include/linux/devscontrol.h b/include/linux/devscontrol.h
new file mode 100644
index 0000000..04c168b
--- /dev/null
+++ b/include/linux/devscontrol.h
@@ -0,0 +1,12 @@
+#ifndef __DEVS_CONTROL_H__
+#define __DEVS_CONTROL_H__
+static inline struct kobj_map *task_cdev_map(struct task_struct *tsk)
+{
+ return NULL;
+}
+
+static inline struct kobj_map *task_bdev_map(struct task_struct *tsk)
+{
+ return NULL;
+}
+#endif
--
1.5.3.4
next prev parent reply other threads:[~2008-03-05 17:51 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-05 17:23 [PATCH 0/9] Devices accessibility control group (v4) Pavel Emelyanov
2008-03-05 17:25 ` [PATCH 1/9] Avoid magic constants in drivers/base/map.c Pavel Emelyanov
2008-03-05 17:28 ` [PATCH 2/9] Cleanup the get_gendisk() a bit Pavel Emelyanov
2008-03-05 17:32 ` [PATCH 3/9] Add a mode on the struct probe Pavel Emelyanov
2008-03-05 17:34 ` [PATCH 4/9] Make kobj_lookup() return the mapping's permissions Pavel Emelyanov
2008-03-05 17:37 ` Pavel Emelyanov [this message]
2008-03-06 1:13 ` [PATCH 5/9] Make use of permissions, returned by kobj_lookup Andrew Morton
2008-03-06 8:48 ` Pavel Emelyanov
2008-03-07 9:22 ` Pavel Emelyanov
2008-03-07 9:35 ` Andrew Morton
2008-03-07 9:52 ` Pavel Emelyanov
2008-03-07 15:59 ` Greg KH
2008-03-07 16:38 ` Pavel Emelyanov
2008-03-07 17:01 ` Greg KH
2008-03-07 17:08 ` Al Viro
2008-03-07 17:35 ` Serge E. Hallyn
2008-03-07 17:57 ` Casey Schaufler
2008-03-07 18:30 ` Serge E. Hallyn
2008-03-07 19:46 ` Stephen Smalley
2008-03-07 20:57 ` Casey Schaufler
2008-03-07 21:32 ` Serge E. Hallyn
2008-03-07 18:14 ` Greg KH
2008-03-07 18:50 ` Serge E. Hallyn
2008-03-08 6:04 ` Greg KH
2008-03-08 21:47 ` Serge E. Hallyn
2008-03-09 3:15 ` Greg KH
2008-03-10 20:35 ` Serge E. Hallyn
2008-03-11 9:57 ` Pavel Emelyanov
2008-03-11 17:36 ` Greg KH
2008-03-12 8:26 ` Pavel Emelyanov
2008-03-12 13:09 ` Serge E. Hallyn
2008-03-12 13:18 ` Stephen Smalley
2008-03-12 13:27 ` Stephen Smalley
2008-03-12 14:18 ` Serge E. Hallyn
2008-03-12 14:15 ` Serge E. Hallyn
2008-03-12 16:21 ` Casey Schaufler
2008-03-12 13:36 ` Pavel Emelyanov
2008-03-05 17:40 ` [PATCH 6/9] Extend the drivers/base/map.c functionality Pavel Emelyanov
2008-03-05 17:43 ` [PATCH 7/9] Provide functions to manipulate char device mappings Pavel Emelyanov
2008-03-05 17:46 ` [PATCH 8/9] Provide functions to manipulate block " Pavel Emelyanov
2008-03-05 17:47 ` [PATCH 9/9] Devices accessibility control group itself Pavel Emelyanov
2008-03-06 2:02 ` Greg KH
2008-03-06 1:55 ` [PATCH 0/9] Devices accessibility control group (v4) Greg KH
2008-03-06 3:15 ` Serge E. Hallyn
2008-03-06 4:34 ` Greg KH
2008-03-06 8:36 ` Pavel Emelyanov
2008-03-07 4:58 ` Greg KH
2008-03-07 8:42 ` Pavel Machek
2008-03-07 8:54 ` Pavel Emelyanov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47CEDA64.1070506@openvz.org \
--to=xemul@openvz.org \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=menage@google.com \
--cc=serue@us.ibm.com \
--cc=sukadev@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.