diff mbox

mmc: card: restrict access to RPMB partition

Message ID 1399642762-11149-1-git-send-email-yuvaraj.cd@samsung.com (mailing list archive)
State New, archived
Headers show

Commit Message

Yuvaraj CD May 9, 2014, 1:39 p.m. UTC 
From: Andrew Bresticker <abrestic@chromium.org>

The RPMB partition should only be accessed through the RPMB ioctls
and not through read()/write().  This patch makes mmc_blk_open()
reject open attempts to the RPMB partition in read or write mode.

Signed-off-by: Andrew Bresticker <abrestic@chromium.org>
Signed-off-by: Yuvaraj Kumar C D <yuvaraj.cd@samsung.com>
---
 drivers/mmc/card/block.c |   10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

Comments

Ulf Hansson May 14, 2014, 11:37 a.m. UTC | #1 
On 9 May 2014 15:39, Yuvaraj Kumar C D <yuvaraj.cd@gmail.com> wrote:
> From: Andrew Bresticker <abrestic@chromium.org>
>
> The RPMB partition should only be accessed through the RPMB ioctls
> and not through read()/write().  This patch makes mmc_blk_open()
> reject open attempts to the RPMB partition in read or write mode.
>
> Signed-off-by: Andrew Bresticker <abrestic@chromium.org>
> Signed-off-by: Yuvaraj Kumar C D <yuvaraj.cd@samsung.com>
> ---
>  drivers/mmc/card/block.c |   10 +++++++++-
>  1 file changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
> index 452782b..fd59090 100644
> --- a/drivers/mmc/card/block.c
> +++ b/drivers/mmc/card/block.c
> @@ -297,7 +297,15 @@ static int mmc_blk_open(struct block_device *bdev, fmode_t mode)
>                         check_disk_change(bdev);
>                 ret = 0;
>
> -               if ((mode & FMODE_WRITE) && md->read_only) {
> +               /*
> +                * Reject read/write access to the RPMB partition.  It should
> +                * only be accessed through ioctls.
> +                */
> +               if ((mode & (FMODE_READ | FMODE_WRITE)) &&
> +                   md->area_type & MMC_BLK_DATA_AREA_RPMB) {
> +                       mmc_blk_put(md);
> +                       ret = -EACCES;

How shall user space be able to receive a file descriptor, unless it's
allowed to open the device?

Kind regards
Ulf Hansson
--
To unsubscribe from this list: send the line "unsubscribe linux-samsung-soc" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
index 452782b..fd59090 100644
--- a/drivers/mmc/card/block.c
+++ b/drivers/mmc/card/block.c
@@ -297,7 +297,15 @@  static int mmc_blk_open(struct block_device *bdev, fmode_t mode)
 			check_disk_change(bdev);
 		ret = 0;
 
-		if ((mode & FMODE_WRITE) && md->read_only) {
+		/*
+		 * Reject read/write access to the RPMB partition.  It should
+		 * only be accessed through ioctls.
+		 */
+		if ((mode & (FMODE_READ | FMODE_WRITE)) &&
+		    md->area_type & MMC_BLK_DATA_AREA_RPMB) {
+			mmc_blk_put(md);
+			ret = -EACCES;
+		} else if ((mode & FMODE_WRITE) && md->read_only) {
 			mmc_blk_put(md);
 			ret = -EROFS;
 		}