block: move CAP_SYS_ADMIN check in blkdev_roset()

Check for CAP_SYS_ADMIN before calling into the driver, similar to blkdev_flushbuf(). This is safer and can spare a check in the driver. (Currently BLKROSET is overridden by md and rbd, rbd is missing the check. md has the check, but it covers a lot more than BLKROSET.) Acked-by: N Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: N Ilya Dryomov <idryomov@gmail.com> Signed-off-by: N Jens Axboe <axboe@kernel.dk>

block: move CAP_SYS_ADMIN check in blkdev_roset()
Check for CAP_SYS_ADMIN before calling into the driver, similar to blkdev_flushbuf(). This is safer and can spare a check in the driver. (Currently BLKROSET is overridden by md and rbd, rbd is missing the check. md has the check, but it covers a lot more than BLKROSET.) Acked-by: N Al Viro <viro@zeniv.linux.org.uk> Signed-off-by: N Ilya Dryomov <idryomov@gmail.com> Signed-off-by: N Jens Axboe <axboe@kernel.dk>
bb749b31 · Ilya Dryomov · Jens Axboe · 351499a1 · bb749b31
隐藏空白更改
内联并排

Showing with 3 addition and 2 deletion

block/ioctl.c block/ioctl.c +3 -2

未找到文件。
--- a/block/ioctl.c
+++ b/block/ioctl.c
@@ -443,11 +443,12 @@ static int blkdev_roset(struct block_device *bdev, fmode_t mode,
 {
 	int ret, n;

+	if (!capable(CAP_SYS_ADMIN))
+		return -EACCES;
+
 	ret = __blkdev_driver_ioctl(bdev, mode, cmd, arg);
 	if (!is_unrecognized_ioctl(ret))
 		return ret;
-	if (!capable(CAP_SYS_ADMIN))
-		return -EACCES;
 	if (get_user(n, (int __user *)arg))
 		return -EFAULT;
 	set_device_ro(bdev, n);