48 lines
1.1 KiB
Diff
48 lines
1.1 KiB
Diff
--- sys/dev/ixl/if_ixl.c.orig
|
|
+++ sys/dev/ixl/if_ixl.c
|
|
@@ -1625,12 +1625,30 @@
|
|
struct ifdrv *ifd = (struct ifdrv *)data;
|
|
int error = 0;
|
|
|
|
- /* NVM update command */
|
|
- if (ifd->ifd_cmd == I40E_NVM_ACCESS)
|
|
- error = ixl_handle_nvmupd_cmd(pf, ifd);
|
|
- else
|
|
- error = EINVAL;
|
|
+ /*
|
|
+ * The iflib_if_ioctl forwards SIOCxDRVSPEC and SIOGPRIVATE_0 without
|
|
+ * performing privilege checks. It is important that this function
|
|
+ * perform the necessary checks for commands which should only be
|
|
+ * executed by privileged threads.
|
|
+ */
|
|
|
|
+ switch(command) {
|
|
+ case SIOCGDRVSPEC:
|
|
+ case SIOCSDRVSPEC:
|
|
+ /* NVM update command */
|
|
+ if (ifd->ifd_cmd == I40E_NVM_ACCESS) {
|
|
+ error = priv_check(curthread, PRIV_DRIVER);
|
|
+ if (error)
|
|
+ break;
|
|
+ error = ixl_handle_nvmupd_cmd(pf, ifd);
|
|
+ } else {
|
|
+ error = EINVAL;
|
|
+ }
|
|
+ break;
|
|
+ default:
|
|
+ error = EOPNOTSUPP;
|
|
+ }
|
|
+
|
|
return (error);
|
|
}
|
|
|
|
--- sys/dev/ixl/ixl.h.orig
|
|
+++ sys/dev/ixl/ixl.h
|
|
@@ -52,6 +52,7 @@
|
|
#include <sys/sockio.h>
|
|
#include <sys/eventhandler.h>
|
|
#include <sys/syslog.h>
|
|
+#include <sys/priv.h>
|
|
|
|
#include <net/if.h>
|
|
#include <net/if_var.h>
|