Hi,
Minor number 0 (under the raw major) is reserved for the rawctl device
file, which is used to query, set, and unset raw device bindings.
However, the ioctl interface does not protect the user from specifying
a raw device with minor number 0:
$ sudo ./raw /dev/raw/raw0 /dev/VolGroup00/swap
/dev/raw/raw0: bound to major 253, minor 2
$ ls -l /dev/rawctl
ls: /dev/rawctl: No such file or directory
$ ls -l /dev/raw/raw0
crw------- 1 root root 162, 0 Jan 12 10:51 /dev/raw/raw0
$ sudo ./raw -qa
Cannot open master raw device '/dev/rawctl' (No such file or directory)
As you can see, this prevents any further raw operations from
succeeding. The fix (from Steve Fernandez) is quite simple--do not
allow the allocation of minor number 0.
Thanks!
Jeff
diff --git a/drivers/char/raw.c b/drivers/char/raw.c
index 645e20a..1f0d7c6 100644
--- a/drivers/char/raw.c
+++ b/drivers/char/raw.c
@@ -154,7 +154,7 @@ static int raw_ctl_ioctl(struct inode *i
goto out;
}
- if (rq.raw_minor < 0 || rq.raw_minor >= MAX_RAW_MINORS) {
+ if (rq.raw_minor <= 0 || rq.raw_minor >= MAX_RAW_MINORS) {
err = -EINVAL;
goto out;
}
On Jan 12 2007 11:32, Jeff Moyer wrote:
>Date: Fri, 12 Jan 2007 11:32:11 -0500
>From: Jeff Moyer <[email protected]>
>To: Linux Kernel Mailing List <[email protected]>
>Cc: Steven Fernandez <[email protected]>, Andrew Morton <[email protected]>
>Subject: [patch] raw: don't allow the creation of a raw device with minor
> number 0
>
>Hi,
>
>Minor number 0 (under the raw major) is reserved for the rawctl device
>file, which is used to query, set, and unset raw device bindings.
>However, the ioctl interface does not protect the user from specifying
>a raw device with minor number 0:
No idea what to say about this... probably:
What: RAW driver (CONFIG_RAW_DRIVER)
When: December 2005
Why: declared obsolete since kernel 2.6.3
O_DIRECT can be used instead
Who: Adrian Bunk <[email protected]>
-`J'
--
==> Regarding Re: [patch] raw: don't allow the creation of a raw device with minor number 0; Jan Engelhardt <[email protected]> adds:
jengelh> On Jan 12 2007 11:32, Jeff Moyer wrote:
>> Date: Fri, 12 Jan 2007 11:32:11 -0500
>> From: Jeff Moyer <[email protected]>
>> To: Linux Kernel Mailing List <[email protected]>
>> Cc: Steven Fernandez <[email protected]>, Andrew Morton <[email protected]>
>> Subject: [patch] raw: don't allow the creation of a raw device with minor
>> number 0
>>
>> Hi,
>>
>> Minor number 0 (under the raw major) is reserved for the rawctl device
>> file, which is used to query, set, and unset raw device bindings.
>> However, the ioctl interface does not protect the user from specifying
>> a raw device with minor number 0:
jengelh> No idea what to say about this... probably:
jengelh> What: RAW driver (CONFIG_RAW_DRIVER)
jengelh> When: December 2005
jengelh> Why: declared obsolete since kernel 2.6.3
jengelh> O_DIRECT can be used instead
jengelh> Who: Adrian Bunk <[email protected]>
It's still present, still used, and so would benefit from being fixed, in
my opinion.
Cheers,
Jeff
On Fri, Jan 12, 2007 at 05:58:41PM -0500, [email protected] wrote:
> ==> Regarding Re: [patch] raw: don't allow the creation of a raw device with minor number 0; Jan Engelhardt <[email protected]> adds:
>
> jengelh> On Jan 12 2007 11:32, Jeff Moyer wrote:
>
> >> Minor number 0 (under the raw major) is reserved for the rawctl device
> >> file, which is used to query, set, and unset raw device bindings.
> >> However, the ioctl interface does not protect the user from specifying
> >> a raw device with minor number 0:
>
> jengelh> No idea what to say about this... probably:
>
> jengelh> What: RAW driver (CONFIG_RAW_DRIVER)
> jengelh> When: December 2005
> jengelh> Why: declared obsolete since kernel 2.6.3
> jengelh> O_DIRECT can be used instead
> jengelh> Who: Adrian Bunk <[email protected]>
>
> It's still present, still used, and so would benefit from being fixed, in
> my opinion.
Given the tirade against O_DIRECT on linux-kernel earlier this month,
it has me wondering about the validity of this entry.
Every time we've tried to deprecate this driver in Fedora/RHEL, we've
had enough people complain that we've ended up having to turn it back on.
(And I'm fairly sure other distros have been in the same position).
Some vendors seem way too attached to the older semantics than having
to rewrite their apps to use O_DIRECT, and unnecessarily breaking them
so that we can throw away a 306 line driver in the name of cleanliness
seems a bit gratuitous.
Dave
--
http://www.codemonkey.org.uk
Dave Jones <[email protected]> wrote:
> On Fri, Jan 12, 2007 at 05:58:41PM -0500, [email protected] wrote:
> > jengelh> What: RAW driver (CONFIG_RAW_DRIVER)
> > jengelh> When: December 2005
> > jengelh> Why: declared obsolete since kernel 2.6.3
> > jengelh> O_DIRECT can be used instead
> > jengelh> Who: Adrian Bunk <[email protected]>
> >
> > It's still present, still used, and so would benefit from being fixed, in
> > my opinion.
ACK, it's a bug, the patch is there, and AFAIR it's simple and correct. Maybe
it is suitable for the stable branch, too. If the RAW driver isn't removed,
it should be applied.
> Given the tirade against O_DIRECT on linux-kernel earlier this month,
> it has me wondering about the validity of this entry.
O_DIRECT on devices is accepted by Linus, since it has much less corner
cases.
> Every time we've tried to deprecate this driver in Fedora/RHEL, we've
> had enough people complain that we've ended up having to turn it back on.
> (And I'm fairly sure other distros have been in the same position).
> Some vendors seem way too attached to the older semantics than having
> to rewrite their apps to use O_DIRECT, and unnecessarily breaking them
> so that we can throw away a 306 line driver in the name of cleanliness
> seems a bit gratuitous.
It must be hard to add #ifndef O_DIRECT / #define O_DIRECT 0 / #endif
and to add O_DIRECT to the apropiate open calls ...
(I peeked into the driver, and it seems it's just a wrapper creating an alias
and opening the associated block-device O_DIRECT.)
--
We are all born ignorant, but one must work hard to remain stupid.
-- Benjamin Franklin
Fri?, Spammer: [email protected] [email protected]