media: rc: bpf attach/detach requires write permission
commit 6a9d552483 upstream.
Note that bpf attach/detach also requires CAP_NET_ADMIN.
Cc: stable@vger.kernel.org
Signed-off-by: Sean Young <sean@mess.org>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Sean Young
Greg Kroah-Hartman
parent
b79e15569d
commit
9f6087851e
|
|
@ -253,7 +253,7 @@ int lirc_prog_attach(const union bpf_attr *attr, struct bpf_prog *prog)
|
|||
if (attr->attach_flags)
|
||||
return -EINVAL;
|
||||
|
||||
rcdev = rc_dev_get_from_fd(attr->target_fd);
|
||||
rcdev = rc_dev_get_from_fd(attr->target_fd, true);
|
||||
if (IS_ERR(rcdev))
|
||||
return PTR_ERR(rcdev);
|
||||
|
||||
|
|
@ -278,7 +278,7 @@ int lirc_prog_detach(const union bpf_attr *attr)
|
|||
if (IS_ERR(prog))
|
||||
return PTR_ERR(prog);
|
||||
|
||||
rcdev = rc_dev_get_from_fd(attr->target_fd);
|
||||
rcdev = rc_dev_get_from_fd(attr->target_fd, true);
|
||||
if (IS_ERR(rcdev)) {
|
||||
bpf_prog_put(prog);
|
||||
return PTR_ERR(rcdev);
|
||||
|
|
@ -303,7 +303,7 @@ int lirc_prog_query(const union bpf_attr *attr, union bpf_attr __user *uattr)
|
|||
if (attr->query.query_flags)
|
||||
return -EINVAL;
|
||||
|
||||
rcdev = rc_dev_get_from_fd(attr->query.target_fd);
|
||||
rcdev = rc_dev_get_from_fd(attr->query.target_fd, false);
|
||||
if (IS_ERR(rcdev))
|
||||
return PTR_ERR(rcdev);
|
||||
|
||||
|
|
|
|||
|
|
@ -814,7 +814,7 @@ void __exit lirc_dev_exit(void)
|
|||
unregister_chrdev_region(lirc_base_dev, RC_DEV_MAX);
|
||||
}
|
||||
|
||||
struct rc_dev *rc_dev_get_from_fd(int fd)
|
||||
struct rc_dev *rc_dev_get_from_fd(int fd, bool write)
|
||||
{
|
||||
struct fd f = fdget(fd);
|
||||
struct lirc_fh *fh;
|
||||
|
|
@ -828,6 +828,9 @@ struct rc_dev *rc_dev_get_from_fd(int fd)
|
|||
return ERR_PTR(-EINVAL);
|
||||
}
|
||||
|
||||
if (write && !(f.file->f_mode & FMODE_WRITE))
|
||||
return ERR_PTR(-EPERM);
|
||||
|
||||
fh = f.file->private_data;
|
||||
dev = fh->rc;
|
||||
|
||||
|
|
|
|||
|
|
@ -325,7 +325,7 @@ void lirc_raw_event(struct rc_dev *dev, struct ir_raw_event ev);
|
|||
void lirc_scancode_event(struct rc_dev *dev, struct lirc_scancode *lsc);
|
||||
int lirc_register(struct rc_dev *dev);
|
||||
void lirc_unregister(struct rc_dev *dev);
|
||||
struct rc_dev *rc_dev_get_from_fd(int fd);
|
||||
struct rc_dev *rc_dev_get_from_fd(int fd, bool write);
|
||||
#else
|
||||
static inline int lirc_dev_init(void) { return 0; }
|
||||
static inline void lirc_dev_exit(void) {}
|
||||
|
|
|
|||
Loading…
Reference in New Issue