diff options
author | Ming Lei <ming.lei@redhat.com> | 2023-01-06 07:17:07 +0300 |
---|---|---|
committer | Jens Axboe <axboe@kernel.dk> | 2023-01-30 01:18:34 +0300 |
commit | 73a166d9749230d598320fdae3b687cdc0e2e205 (patch) | |
tree | bd2e10fc273a8dda12f104f830c94c7857a6d8c2 /drivers/block | |
parent | ed878d1c1c641c4a6bd366658fc8e6bc842b80d1 (diff) | |
download | linux-73a166d9749230d598320fdae3b687cdc0e2e205.tar.xz |
ublk_drv: don't probe partitions if the ubq daemon isn't trusted
If any ubq daemon is unprivileged, the ublk char device is allowed
for unprivileged user actually, and we can't trust the current user,
so not probe partitions.
Fixes: 71f28f3136af ("ublk_drv: add io_uring based userspace block driver")
Reviewed-by: ZiyangZhang <ZiyangZhang@linux.alibaba.com>
Signed-off-by: Ming Lei <ming.lei@redhat.com>
Link: https://lore.kernel.org/r/20230106041711.914434-3-ming.lei@redhat.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'drivers/block')
-rw-r--r-- | drivers/block/ublk_drv.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/drivers/block/ublk_drv.c b/drivers/block/ublk_drv.c index 4232089e3723..8a6f38cc62db 100644 --- a/drivers/block/ublk_drv.c +++ b/drivers/block/ublk_drv.c @@ -159,6 +159,7 @@ struct ublk_device { struct completion completion; unsigned int nr_queues_ready; + unsigned int nr_privileged_daemon; /* * Our ubq->daemon may be killed without any notification, so @@ -1178,6 +1179,9 @@ static void ublk_mark_io_ready(struct ublk_device *ub, struct ublk_queue *ubq) ubq->ubq_daemon = current; get_task_struct(ubq->ubq_daemon); ub->nr_queues_ready++; + + if (capable(CAP_SYS_ADMIN)) + ub->nr_privileged_daemon++; } if (ub->nr_queues_ready == ub->dev_info.nr_hw_queues) complete_all(&ub->completion); @@ -1534,6 +1538,10 @@ static int ublk_ctrl_start_dev(struct io_uring_cmd *cmd) if (ret) goto out_put_disk; + /* don't probe partitions if any one ubq daemon is un-trusted */ + if (ub->nr_privileged_daemon != ub->nr_queues_ready) + set_bit(GD_SUPPRESS_PART_SCAN, &disk->state); + get_device(&ub->cdev_dev); ret = add_disk(disk); if (ret) { @@ -1935,6 +1943,7 @@ static int ublk_ctrl_start_recovery(struct io_uring_cmd *cmd) /* set to NULL, otherwise new ubq_daemon cannot mmap the io_cmd_buf */ ub->mm = NULL; ub->nr_queues_ready = 0; + ub->nr_privileged_daemon = 0; init_completion(&ub->completion); ret = 0; out_unlock: |