On Sun, 13 Feb 2011, Chris Wright wrote:
Subject: [PATCH] pci: use security_capable correctly during config space read
Commit 47970b1 ("pci: use security_capable() when checking capablities during config space read") is just plain broken. The normal capable() interface returns true on success, but the LSM interface returns 0 on success.
Signed-off-by: Chris Wright chrisw@sous-sol.org
Sorry, I should have caught this.
Acked-by: James Morris jmorris@namei.org
I've tested this quickly (lspci behaviour is as expected).
diff --git a/drivers/pci/pci-sysfs.c b/drivers/pci/pci-sysfs.c index f7771f3..ea25e5b 100644 --- a/drivers/pci/pci-sysfs.c +++ b/drivers/pci/pci-sysfs.c @@ -369,7 +369,7 @@ pci_read_config(struct file *filp, struct kobject *kobj, u8 *data = (u8*) buf;
/* Several chips lock up trying to read undefined config space */
- if (security_capable(filp->f_cred, CAP_SYS_ADMIN)) {
- if (security_capable(filp->f_cred, CAP_SYS_ADMIN) == 0) { size = dev->cfg_size; } else if (dev->hdr_type == PCI_HEADER_TYPE_CARDBUS) { size = 128;