From: Himanshu Madhani <himanshu.madhani@oracle.com>
To: Niklas Cassel <Niklas.Cassel@wdc.com>,
Jens Axboe <axboe@kernel.dk>, Hannes Reinecke <hare@suse.com>,
"Martin K. Petersen" <martin.petersen@oracle.com>,
Damien Le Moal <Damien.LeMoal@wdc.com>,
Shaun Tancheff <shaun@tancheff.com>
Cc: "stable@vger.kernel.org" <stable@vger.kernel.org>,
Jens Axboe <axboe@fb.com>,
"linux-block@vger.kernel.org" <linux-block@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v3 2/2] blk-zoned: allow BLKREPORTZONE without CAP_SYS_ADMIN
Date: Fri, 18 Jun 2021 12:57:08 -0500 [thread overview]
Message-ID: <07d2d0ab-0dbe-3ef1-b127-c7a9eee43612@oracle.com> (raw)
In-Reply-To: <20210614122303.154378-3-Niklas.Cassel@wdc.com>
On 6/14/21 7:23 AM, Niklas Cassel wrote:
> From: Niklas Cassel <niklas.cassel@wdc.com>
>
> A user space process should not need the CAP_SYS_ADMIN capability set
> in order to perform a BLKREPORTZONE ioctl.
>
> Getting the zone report is required in order to get the write pointer.
> Neither read() nor write() requires CAP_SYS_ADMIN, so it is reasonable
> that a user space process that can read/write from/to the device, also
> can get the write pointer. (Since e.g. writes have to be at the write
> pointer.)
>
> Fixes: 3ed05a987e0f ("blk-zoned: implement ioctls")
> Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
> Cc: stable@vger.kernel.org # v4.10+
> ---
> Changes since v2:
> -Drop the FMODE_READ check. Right now it is possible to open() the device with
> O_WRONLY and get the zone report from that fd. Therefore adding a FMODE_READ
> check on BLKREPORTZONE would break existing applications. Instead, just remove
> the existing CAP_SYS_ADMIN check.
>
> block/blk-zoned.c | 3 ---
> 1 file changed, 3 deletions(-)
>
> diff --git a/block/blk-zoned.c b/block/blk-zoned.c
> index 0789e6e9f7db..457eceabed2e 100644
> --- a/block/blk-zoned.c
> +++ b/block/blk-zoned.c
> @@ -288,9 +288,6 @@ int blkdev_report_zones_ioctl(struct block_device *bdev, fmode_t mode,
> if (!blk_queue_is_zoned(q))
> return -ENOTTY;
>
> - if (!capable(CAP_SYS_ADMIN))
> - return -EACCES;
> -
> if (copy_from_user(&rep, argp, sizeof(struct blk_zone_report)))
> return -EFAULT;
>
>
Looks Good.
Reviewed-by: Himanshu Madhani <himanshu.madhani@oracle.com>
--
Himanshu Madhani Oracle Linux Engineering
next prev parent reply other threads:[~2021-06-18 17:57 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-14 12:23 [PATCH v3 0/2] allow blk-zoned ioctls without CAP_SYS_ADMIN Niklas Cassel
2021-06-14 12:23 ` [PATCH v3 1/2] blk-zoned: allow zone management send operations " Niklas Cassel
2021-06-16 13:42 ` Aravind Ramesh
2021-06-16 13:42 ` Aravind Ramesh
2021-06-18 14:48 ` Adam Manzanares
2021-06-18 17:56 ` Himanshu Madhani
2021-06-14 12:23 ` [PATCH v3 2/2] blk-zoned: allow BLKREPORTZONE " Niklas Cassel
2021-06-16 2:29 ` Damien Le Moal
2021-06-16 13:43 ` Aravind Ramesh
2021-06-16 13:43 ` Aravind Ramesh
2021-06-18 14:49 ` Adam Manzanares
2021-06-18 17:57 ` Himanshu Madhani [this message]
2021-06-28 7:20 ` [PATCH v3 0/2] allow blk-zoned ioctls " Niklas Cassel
2021-07-05 11:26 ` Niklas Cassel
2021-07-21 5:04 ` Aravind Ramesh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=07d2d0ab-0dbe-3ef1-b127-c7a9eee43612@oracle.com \
--to=himanshu.madhani@oracle.com \
--cc=Damien.LeMoal@wdc.com \
--cc=Niklas.Cassel@wdc.com \
--cc=axboe@fb.com \
--cc=axboe@kernel.dk \
--cc=hare@suse.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=martin.petersen@oracle.com \
--cc=shaun@tancheff.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.