diff options
author | Shawn Lin <shawn.lin@rock-chips.com> | 2016-03-16 18:15:47 +0800 |
---|---|---|
committer | Ulf Hansson <ulf.hansson@linaro.org> | 2016-03-17 14:54:42 +0100 |
commit | 83c742c344c08c2bbe338d45c6ec63110e9d5e3d (patch) | |
tree | 5f491563321cc39266c1d5993085f08ff3620e16 /drivers/mmc | |
parent | 93c77d2999b09f2084b033ea6489915e0104ad9c (diff) | |
download | linux-83c742c344c08c2bbe338d45c6ec63110e9d5e3d.tar.gz linux-83c742c344c08c2bbe338d45c6ec63110e9d5e3d.tar.bz2 linux-83c742c344c08c2bbe338d45c6ec63110e9d5e3d.zip |
mmc: block: fix ABI regression of mmc_blk_ioctl
If mmc_blk_ioctl returns -EINVAL, blkdev_ioctl continues to
work without returning err to user-space. But now we check
CAP_SYS_RAWIO firstly, so we return -EPERM to blkdev_ioctl,
which make blkdev_ioctl return -EPERM to user-space directly.
So this will break all the ioctl with BLKROSET. Now we find
Android-adb suffer it for the following log:
remount of /system failed;
couldn't make block device writable: Operation not permitted
openat(AT_FDCWD, "/dev/block/platform/ff420000.dwmmc/by-name/system", O_RDONLY) = 3
ioctl(3, BLKROSET, 0) = -1 EPERM (Operation not permitted)
Fixes: a5f5774c55a2 ("mmc: block: Add new ioctl to send multi commands")
Cc: stable@vger.kernel.org
Signed-off-by: Shawn Lin <shawn.lin@rock-chips.com>
Signed-off-by: Ulf Hansson <ulf.hansson@linaro.org>
Diffstat (limited to 'drivers/mmc')
-rw-r--r-- | drivers/mmc/card/block.c | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c index 47bc87dafb00..3bdbe50a363f 100644 --- a/drivers/mmc/card/block.c +++ b/drivers/mmc/card/block.c @@ -589,6 +589,14 @@ static int mmc_blk_ioctl_cmd(struct block_device *bdev, struct mmc_card *card; int err = 0, ioc_err = 0; + /* + * The caller must have CAP_SYS_RAWIO, and must be calling this on the + * whole block device, not on a partition. This prevents overspray + * between sibling partitions. + */ + if ((!capable(CAP_SYS_RAWIO)) || (bdev != bdev->bd_contains)) + return -EPERM; + idata = mmc_blk_ioctl_copy_from_user(ic_ptr); if (IS_ERR(idata)) return PTR_ERR(idata); @@ -631,6 +639,14 @@ static int mmc_blk_ioctl_multi_cmd(struct block_device *bdev, int i, err = 0, ioc_err = 0; __u64 num_of_cmds; + /* + * The caller must have CAP_SYS_RAWIO, and must be calling this on the + * whole block device, not on a partition. This prevents overspray + * between sibling partitions. + */ + if ((!capable(CAP_SYS_RAWIO)) || (bdev != bdev->bd_contains)) + return -EPERM; + if (copy_from_user(&num_of_cmds, &user->num_of_cmds, sizeof(num_of_cmds))) return -EFAULT; @@ -688,14 +704,6 @@ cmd_err: static int mmc_blk_ioctl(struct block_device *bdev, fmode_t mode, unsigned int cmd, unsigned long arg) { - /* - * The caller must have CAP_SYS_RAWIO, and must be calling this on the - * whole block device, not on a partition. This prevents overspray - * between sibling partitions. - */ - if ((!capable(CAP_SYS_RAWIO)) || (bdev != bdev->bd_contains)) - return -EPERM; - switch (cmd) { case MMC_IOC_CMD: return mmc_blk_ioctl_cmd(bdev, |