Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
IronPort-SDR: xBSf/XyKr+7zkNus1gEegPxo4d8zXxJgigAnW1yMYd//MK5WHvQzLuAjAU/03Bnjx77XOY57d6
 Gka5Sh1el4HuU7k60zEauzTSJmr4fpQt2aTQeSiJxWt/8CKnADOsk2KrN9wtn1wlV99CX5J6UJ
 7wpj/h2DVc1ZYBGppGS2tSUTYgCZuxpp7FJegfLr+jq1IRs94fNiSpJ9G1iG5hq6b5qPRanzGK
 womO3ApC47t461q+ktgWixt+6DJxYDco3M4dwawT5CQPmvhAyezIeG1VTdxDS2kyhA2SDKsYje
 v3s=
From:   Niklas Cassel <Niklas.Cassel@wdc.com>
To:     Jens Axboe <axboe@kernel.dk>,
        Damien Le Moal <Damien.LeMoal@wdc.com>,
        Shaun Tancheff <shaun@tancheff.com>,
        "Martin K. Petersen" <martin.petersen@oracle.com>,
        Hannes Reinecke <hare@suse.com>
CC:     Damien Le Moal <Damien.LeMoal@wdc.com>,
        Niklas Cassel <Niklas.Cassel@wdc.com>,
        "stable@vger.kernel.org" <stable@vger.kernel.org>,
        Jens Axboe <axboe@fb.com>,
        "linux-block@vger.kernel.org" <linux-block@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Subject: [PATCH v3 1/2] blk-zoned: allow zone management send operations
 without CAP_SYS_ADMIN
Thread-Topic: [PATCH v3 1/2] blk-zoned: allow zone management send operations
 without CAP_SYS_ADMIN
Thread-Index: AQHXYRgQMteA58G2kEuU7Azlx40Z/g==
Date:   Mon, 14 Jun 2021 12:23:20 +0000
Message-ID: <20210614122303.154378-2-Niklas.Cassel@wdc.com>
References: <20210614122303.154378-1-Niklas.Cassel@wdc.com>
In-Reply-To: <20210614122303.154378-1-Niklas.Cassel@wdc.com>
Accept-Language: en-US
Content-Language: en-US
wdcipoutbound: EOP-TRUE
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?iso-8859-1?Q?+486XYRypT97P4dm1lisSz2eyAQ9mzEinhd09Z/VB1x0HqqgKASRBeC7bK?=
 =?iso-8859-1?Q?VAv++hJGHpJ+lJvsim5t8h6MOSWu9rTqLky9xopdBNX1DHJhIhV619X1Es?=
 =?iso-8859-1?Q?VToiCU+0JfuNsNUa9UXcN1Lkxi1ismM2IJdqlz6EOxUGiUVURIJr940rPd?=
 =?iso-8859-1?Q?23NZeLh7XEr5Mwzma6vD3oaC8HaydfLQFeWS4RybOkkn1tV8E9BjXBfJ3E?=
 =?iso-8859-1?Q?furxAhxjQoHdWmb+XBdiVxJtD3xHLJYxIWvpu+hZ9Zh7jW2ELxcuETJPKZ?=
 =?iso-8859-1?Q?IK1fPyebkVuOk829xkKyouUfyTlNYXyLuMUbROQy6oNeRZ1yPbSC7pRv18?=
 =?iso-8859-1?Q?VqgLoaToiax+ANcGAeQ7Hgyb5xyXQmJuTnvsn+BOrEUWixocI3HISAxAF5?=
 =?iso-8859-1?Q?rf1258SdYb0sDgpyqJeIegX7sA24DiLkW1JirHwHz1fScPtiw4VfDMb5hB?=
 =?iso-8859-1?Q?TrD7GjTIOgChvEMdwK7bEqoQlp1RAoVRo/Qde9Q2UIXQJxkBo+9UdkzDZI?=
 =?iso-8859-1?Q?YcQusFqBAVyb8WQhowSg36GHOvmL++egi0cfkDJHiU1qd/56kENEsyKu/F?=
 =?iso-8859-1?Q?lRUJNKKztviANAPxpY7/iyKFtzJtxGp0LpmCAn3IHS1Zz6cnhdR80ai57D?=
 =?iso-8859-1?Q?M1aGJE0SZSRGkgtoXndphoSpSWpbpCSCzD+vPHB+z81Yf7bl+cEJo/Aenp?=
 =?iso-8859-1?Q?43qz7PIqEcMH2mmrjQ3hXBf8s/rcq6BjHtNKcVMa9FFDvQqcgWUSO1Nxjv?=
 =?iso-8859-1?Q?7oWfR6STOuARc8Yd7sIy9DiBH9B/dD/Cp1XM4eUw70fLm8ov8NtZPTgVKq?=
 =?iso-8859-1?Q?2Z8Y1ppDF8+3PTXQc8rALr+pTqNUGiHlaQUsC6vwizjidwAmgoJPD9vnYC?=
 =?iso-8859-1?Q?aVMPz17BQTV/rgBkCzvWhZ07s/jSIz6ENv5AfkOR4u2WiMGc8Op5LWDf0Z?=
 =?iso-8859-1?Q?cEyjs2KBx/wZ/6VjzBwLJNE0P8SpAnWvNwUusl+eA7GY7w9Lziz2TwPdF/?=
 =?iso-8859-1?Q?O5PEibELoMj7jixmGrPDCBCY5Ag9adqGb8ndt/4se46ZdHK4aKgMfEsFZy?=
 =?iso-8859-1?Q?40gPV4MOgA7y1WHtNkQNHtrvHNdWmGrKUsklbEQR2C3e34nid3E72k+Zmh?=
 =?iso-8859-1?Q?lOowL3RyU/NqeUiqr1806KdI8qNT/9IUcMHgOtJUuyDGIcJuGxZERzXfQZ?=
 =?iso-8859-1?Q?d7EntB4DpkgsEkBoIbXtVpFbloz1/yffgzUpbMCG4LM/fMzu0dx1eNXbfp?=
 =?iso-8859-1?Q?60LhB3sSrjWtFPEcqCQJvnb4uf8UR0Re4fm0YoqEUTkmXEXGYrR/3HJLjI?=
 =?iso-8859-1?Q?A/CJ6uYnChbr516jQ+ggSliySde/AaOXvSLu6QOqxSmeeZrCM8LfNwaLdP?=
 =?iso-8859-1?Q?CJONT3zgXZ?=
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: wdc.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR04MB7158.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 23f26f28-96cb-4088-e6a5-08d92f2f347b
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jun 2021 12:23:20.8199
 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: b61c8803-16f3-4c35-9b17-6f65f441df86
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: mTfpY2bKaH+4M/gvL3r9vA/lIWE9HQIhEgD0NW/8PlMZK3CYXyURH7vfKGFskYiyCkIq7KO+aFlK/T5trBFw2Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR04MB7365
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Niklas Cassel <niklas.cassel@wdc.com>

Zone management send operations (BLKRESETZONE, BLKOPENZONE, BLKCLOSEZONE
and BLKFINISHZONE) should be allowed under the same permissions as write().
(write() does not require CAP_SYS_ADMIN).

Additionally, other ioctls like BLKSECDISCARD and BLKZEROOUT only check if
the fd was successfully opened with FMODE_WRITE.
(They do not require CAP_SYS_ADMIN).

Currently, zone management send operations require both CAP_SYS_ADMIN
and that the fd was successfully opened with FMODE_WRITE.

Remove the CAP_SYS_ADMIN requirement, so that zone management send
operations match the access control requirement of write(), BLKSECDISCARD
and BLKZEROOUT.

Fixes: 3ed05a987e0f ("blk-zoned: implement ioctls")
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Reviewed-by: Damien Le Moal <damien.lemoal@wdc.com>
Cc: stable@vger.kernel.org # v4.10+
---
Changes since v2:
-None

Note to backporter:
Function was added as blkdev_reset_zones_ioctl() in v4.10.
Function was renamed to blkdev_zone_mgmt_ioctl() in v5.5.
The patch is valid both before and after the function rename.

 block/blk-zoned.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/block/blk-zoned.c b/block/blk-zoned.c
index 250cb76ee615..0789e6e9f7db 100644
--- a/block/blk-zoned.c
+++ b/block/blk-zoned.c
@@ -349,9 +349,6 @@ int blkdev_zone_mgmt_ioctl(struct block_device *bdev, f=
mode_t mode,
 	if (!blk_queue_is_zoned(q))
 		return -ENOTTY;
=20
-	if (!capable(CAP_SYS_ADMIN))
-		return -EACCES;
-
 	if (!(mode & FMODE_WRITE))
 		return -EBADF;
=20
--=20
2.31.1