From: Greg Kroah-Hartman Date: Thu, 26 Jan 2012 00:17:18 +0000 (-0800) Subject: fix up queue-3.2/block-fail-scsi-passthrough-ioctls-on-partition-devices.patch X-Git-Tag: v3.2.2~2 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d7d4007905af9b350015a34ce9015b7bc1c48cf2;p=thirdparty%2Fkernel%2Fstable-queue.git fix up queue-3.2/block-fail-scsi-passthrough-ioctls-on-partition-devices.patch --- diff --git a/queue-3.2/block-fail-scsi-passthrough-ioctls-on-partition-devices.patch b/queue-3.2/block-fail-scsi-passthrough-ioctls-on-partition-devices.patch index a5461d4c867..f858e09cd11 100644 --- a/queue-3.2/block-fail-scsi-passthrough-ioctls-on-partition-devices.patch +++ b/queue-3.2/block-fail-scsi-passthrough-ioctls-on-partition-devices.patch @@ -7,6 +7,9 @@ From: Paolo Bonzini commit 0bfc96cb77224736dfa35c3c555d37b3646ef35e upstream. +[ Changes with respect to 3.3: return -ENOTTY from scsi_verify_blk_ioctl + and -ENOIOCTLCMD from sd_compat_ioctl. ] + Linux allows executing the SG_IO ioctl on a partition or LVM volume, and will pass the command to the underlying block device. This is well-known, but it is also a large security problem when (via Unix @@ -85,7 +88,7 @@ Signed-off-by: Greg Kroah-Hartman + * and we do not want to spam dmesg about it. CD-ROMs do + * not have partitions, so we get here only for disks. + */ -+ return -ENOIOCTLCMD; ++ return -ENOTTY; + default: + break; + } @@ -94,7 +97,7 @@ Signed-off-by: Greg Kroah-Hartman + printk_ratelimited(KERN_WARNING + "%s: sending ioctl %x to a partition!\n", current->comm, cmd); + -+ return capable(CAP_SYS_RAWIO) ? 0 : -ENOIOCTLCMD; ++ return capable(CAP_SYS_RAWIO) ? 0 : -ENOTTY; +} +EXPORT_SYMBOL(scsi_verify_blk_ioctl); + @@ -131,7 +134,7 @@ Signed-off-by: Greg Kroah-Hartman + + ret = scsi_verify_blk_ioctl(bdev, cmd); + if (ret < 0) -+ return ret; ++ return -ENOIOCTLCMD; /* * If we are in the middle of error recovery, don't let anyone