svn commit: r319727 - stable/11/sys/dev/nand

[Gleb Smirnoff]

Author: glebius
Date: Thu Jun  8 22:13:29 2017
New Revision: 319727
URL: https://svnweb.freebsd.org/changeset/base/319727

Log:
  MFC r317806:
    The nandsim(4) simulator driver doesn't have any protection against
    races at least in its ioctl handler, and at the same time it creates
    device entry with 0666 permissions.
  
    To plug possible issues in it:
    - Mark it as needing Giant.
    - Switch device mode to 0600.
  
  Submitted by:	C Turt
  Reviewed by:	imp
  Security:	Possible double free in ioctl handler
  Approved by:	re (marius)

Modified:
  stable/11/sys/dev/nand/nandsim.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/dev/nand/nandsim.c
==============================================================================
--- stable/11/sys/dev/nand/nandsim.c	Thu Jun  8 22:12:10 2017	(r319726)
+++ stable/11/sys/dev/nand/nandsim.c	Thu Jun  8 22:13:29 2017	(r319727)
@@ -71,6 +71,7 @@ static struct nandsim_chip *get_nandsim_chip(uint8_t, 
 
 static struct cdevsw nandsim_cdevsw = {
 	.d_version =    D_VERSION,
+	.d_flags =	D_NEEDGIANT,
 	.d_ioctl =      nandsim_ioctl,
 	.d_name =       "nandsim",
 };
@@ -639,7 +640,7 @@ nandsim_modevent(module_t mod __unused, int type, void
 	switch (type) {
 	case MOD_LOAD:
 		nandsim_dev = make_dev(&nandsim_cdevsw, 0,
-		    UID_ROOT, GID_WHEEL, 0666, "nandsim.ioctl");
+		    UID_ROOT, GID_WHEEL, 0600, "nandsim.ioctl");
 		break;
 	case MOD_UNLOAD:
 		for (i = 0; i < MAX_SIM_DEV; i++) {