diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2018-07-10 17:02:17 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2018-07-10 17:02:17 -0700 |
| commit | f075dce66c6039bb97b762b592a6db6d79e4350a (patch) | |
| tree | 521e7ab6bef51dac51260b58b36f5c00843be905 /arch/arm | |
| parent | 1e09177acae32a61586af26d83ca5ef591cdcaf5 (diff) | |
scsi sg: remove incorrect scsi command checking logic
The SCSI_IOCTL_SEND_COMMAND ioctl has interesting scsi command
"security" checking.
If the file was opened read-only (but only in that case), it will
fetch the first byte of the command from user space, and do
"sg_allow_access()" on it. That, in turn, will check that
"blk_verify_command()" is ok with that command byte.
If that passes, it will then do call "sg_scsi_ioctl()" to execute
the command.
This is entirely nonsensical for several reasons.
It's nonsensical simply because it's racy: after it copies the command
byte from user mode to check it, user mode could just change the byte
before it is actually submitted later by "sg_scsi_ioctl()".
But it is nonsensical also because "sg_scsi_ioctl()" itself already does
blk_verify_command() on the command properly after it has been copied
from user space.
So it is an incorrect implementation of a pointless check. Remove it.
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'arch/arm')
0 files changed, 0 insertions, 0 deletions