Date: Mon, 18 Oct 2010 04:26:33 +0000 (UTC) From: Marcel Moolenaar <marcel@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r214003 - head/sys/dev/md Message-ID: <201010180426.o9I4QX4G072469@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: marcel Date: Mon Oct 18 04:26:32 2010 New Revision: 214003 URL: http://svn.freebsd.org/changeset/base/214003 Log: Allow the MDIOCATTACH ioctl operation to originate from within the kernel. To protect against malicious software, we demand that the file name is at a particular location (i.e. appended to the mdio structure) for it to be treated as in-kernel. Modified: head/sys/dev/md/md.c Modified: head/sys/dev/md/md.c ============================================================================== --- head/sys/dev/md/md.c Mon Oct 18 03:59:55 2010 (r214002) +++ head/sys/dev/md/md.c Mon Oct 18 04:26:32 2010 (r214003) @@ -909,18 +909,26 @@ mdcreate_vnode(struct md_s *sc, struct m { struct vattr vattr; struct nameidata nd; + char *fname; int error, flags, vfslocked; - error = copyinstr(mdio->md_file, sc->file, sizeof(sc->file), NULL); - if (error != 0) - return (error); - flags = FREAD|FWRITE; /* - * If the user specified that this is a read only device, unset the - * FWRITE mask before trying to open the backing store. + * Kernel-originated requests must have the filename appended + * to the mdio structure to protect against malicious software. + */ + fname = mdio->md_file; + if ((void *)fname != (void *)(mdio + 1)) { + error = copyinstr(fname, sc->file, sizeof(sc->file), NULL); + if (error != 0) + return (error); + } else + strlcpy(sc->file, fname, sizeof(sc->file)); + + /* + * If the user specified that this is a read only device, don't + * set the FWRITE mask before trying to open the backing store. */ - if ((mdio->md_options & MD_READONLY) != 0) - flags &= ~FWRITE; + flags = FREAD | ((mdio->md_options & MD_READONLY) ? 0 : FWRITE); NDINIT(&nd, LOOKUP, FOLLOW | MPSAFE, UIO_SYSSPACE, sc->file, td); error = vn_open(&nd, &flags, 0, NULL); if (error != 0)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201010180426.o9I4QX4G072469>