[PATCH] compat ioctl security hook fixup

Fix a bug spotted by "Michael S. Tsirkin" <mst@mellanox.co.il> Introduce a simple helper, vfs_ioctl(), so that both sys_ioctl() and compat_sys_ioctl() call the security hook in all cases and without duplication. Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>

[PATCH] compat ioctl security hook fixup
Fix a bug spotted by "Michael S. Tsirkin" <mst@mellanox.co.il> Introduce a simple helper, vfs_ioctl(), so that both sys_ioctl() and compat_sys_ioctl() call the security hook in all cases and without duplication. Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
0a57f3e6 · Chris Wright · Linus Torvalds · d360d565 · 0a57f3e6 · 0a57f3e6
Commit 0a57f3e6 authored Jan 25, 2005 by Chris Wright Committed by Linus Torvalds Jan 25, 2005
Hide whitespace changes
Inline Side-by-side

Showing with 31 additions and 19 deletions

fs/compat.c fs/compat.c +6 -6

fs/ioctl.c fs/ioctl.c +23 -13

include/linux/fs.h include/linux/fs.h +2 -0

No files found.
--- a/fs/compat.c
+++ b/fs/compat.c
@@ -439,6 +439,11 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, unsigned int cmd,
 	if (!filp)
 		goto out;
+	/* RED-PEN how should LSM module know it's handling 32bit? */
+	error = security_file_ioctl(filp, cmd, arg);
+	if (error)
+		goto out_fput;
 	/*
 	 * To allow the compat_ioctl handlers to be self contained
 	 * we need to check the common ioctls here first.
@@ -496,11 +501,6 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, unsigned int cmd,
 found_handler:
 	if (t->handler) {
-		/* RED-PEN how should LSM module know it's handling 32bit? */
-		error = security_file_ioctl(filp, cmd, arg);
-		if (error)
-			goto out_fput;
 		lock_kernel();
 		error = t->handler(fd, cmd, arg, filp);
 		unlock_kernel();
@@ -510,7 +510,7 @@ asmlinkage long compat_sys_ioctl(unsigned int fd, unsigned int cmd,
 	up_read(&ioctl32_sem);
 do_ioctl:
-	error = sys_ioctl(fd, cmd, arg);
+	error = vfs_ioctl(filp, fd, cmd, arg);
 out_fput:
 	fput_light(filp, fput_needed);
 out:

--- a/fs/ioctl.c
+++ b/fs/ioctl.c
@@ -77,25 +77,17 @@ static int file_ioctl(struct file *filp, unsigned int cmd,
 	return do_ioctl(filp, cmd, arg);
 }
 /*
 * When you add any new common ioctls to the switches above and below
 * please update compat_sys_ioctl() too.
+ *
+ * vfs_ioctl() is not for drivers and not intended to be EXPORT_SYMBOL()'d.
+ * It's just a simple helper for sys_ioctl and compat_sys_ioctl.
 */
-asmlinkage long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg)
+int vfs_ioctl(struct file *filp, unsigned int fd, unsigned int cmd, unsigned long arg)
 {
-	struct file * filp;
 	unsigned int flag;
-	int on, error = -EBADF;
+	int on, error = 0;
-	int fput_needed;
-	filp = fget_light(fd, &fput_needed);
-	if (!filp)
-		goto out;
-	error = security_file_ioctl(filp, cmd, arg);
-	if (error)
-		goto out_fput;
 	switch (cmd) {
 		case FIOCLEX:
@@ -161,6 +153,24 @@ asmlinkage long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg)
 				error = do_ioctl(filp, cmd, arg);
 			break;
 	}
+	return error;
+}
+asmlinkage long sys_ioctl(unsigned int fd, unsigned int cmd, unsigned long arg)
+{
+	struct file * filp;
+	int error = -EBADF;
+	int fput_needed;
+	filp = fget_light(fd, &fput_needed);
+	if (!filp)
+		goto out;
+	error = security_file_ioctl(filp, cmd, arg);
+	if (error)
+		goto out_fput;
+	error = vfs_ioctl(filp, fd, cmd, arg);
 out_fput:
 	fput_light(filp, fput_needed);
 out:

--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -1560,6 +1560,8 @@ extern int vfs_stat(char __user *, struct kstat *);
 extern int vfs_lstat(char __user *, struct kstat *);
 extern int vfs_fstat(unsigned int, struct kstat *);
+extern int vfs_ioctl(struct file *, unsigned int, unsigned int, unsigned long);
 extern struct file_system_type *get_fs_type(const char *name);
 extern struct super_block *get_super(struct block_device *);
 extern struct super_block *user_get_super(dev_t);