ixl: prevent non-privileged access to NVM update interface

Add a privilege check to the ixl_handle_nvmupd_cmd function, ensuring that only privileged users are allowed to access the NVM update interface. Signed-off-by: Jacob Keller <jacob.e.keller@intel.com> Submitted by: Jacob Keller <jacob.e.keller@intel.com> Reported by: markj@ Reviewed by: markj@, erj@, jeffrey.e.pieper@intel.com MFC after: 3 days Sponsored by: Intel Corporation Differential Revision: https://reviews.freebsd.org/D22870
2020-01-02 23:24:57 +00:00 · 2020-01-02 23:24:57 +00:00 · ab43ce7a22
commit ab43ce7a22
parent 9aafc7c052
2 changed files with 24 additions and 5 deletions
--- a/sys/dev/ixl/if_ixl.c
+++ b/sys/dev/ixl/if_ixl.c
@ -1624,11 +1624,29 @@ ixl_if_priv_ioctl(if_ctx_t ctx, u_long command, caddr_t data)
 	struct ifdrv *ifd = (struct ifdrv *)data;
 	int error = 0;

-	/* NVM update command */
-	if (ifd->ifd_cmd == I40E_NVM_ACCESS)
-		error = ixl_handle_nvmupd_cmd(pf, ifd);
-	else
-		error = EINVAL;
+	/*
+	 * The iflib_if_ioctl forwards SIOCxDRVSPEC and SIOGPRIVATE_0 without
+	 * performing privilege checks. It is important that this function
+	 * perform the necessary checks for commands which should only be
+	 * executed by privileged threads.
+	 */
+
+	switch(command) {
+	case SIOCGDRVSPEC:
+	case SIOCSDRVSPEC:
+		/* NVM update command */
+		if (ifd->ifd_cmd == I40E_NVM_ACCESS) {
+			error = priv_check(curthread, PRIV_DRIVER);
+			if (error)
+				break;
+			error = ixl_handle_nvmupd_cmd(pf, ifd);
+		} else {
+			error = EINVAL;
+		}
+		break;
+	default:
+		error = EOPNOTSUPP;
+	}

 	return (error);
 }
--- a/sys/dev/ixl/ixl.h
+++ b/sys/dev/ixl/ixl.h
@ -52,6 +52,7 @@
 #include <sys/sockio.h>
 #include <sys/eventhandler.h>
 #include <sys/syslog.h>
+#include <sys/priv.h>

 #include <net/if.h>
 #include <net/if_var.h>