| Message ID | d45cc26361a174ae12dbb86c994ef334d257924b.1573096807.git.viresh.kumar@linaro.org |
|---|---|
| State | Accepted |
| Commit | 7ee23491b39259ae83899dd93b2a29ef0f22f0a7 |
| Headers | show |
| Series | IB/qib: Validate ->show()/store() callbacks before calling them | expand |
On Thu, Nov 07, 2019 at 08:50:25AM +0530, Viresh Kumar wrote: > The permissions of the read-only or write-only sysfs files can be > changed (as root) and the user can then try to read a write-only file or > write to a read-only file which will lead to kernel crash here. > > Protect against that by always validating the show/store callbacks. > > Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org> > --- > drivers/infiniband/hw/qib/qib_sysfs.c | 6 ++++++ > 1 file changed, 6 insertions(+) > Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
On Thu, Nov 07, 2019 at 08:50:25AM +0530, Viresh Kumar wrote: > The permissions of the read-only or write-only sysfs files can be > changed (as root) and the user can then try to read a write-only file or > write to a read-only file which will lead to kernel crash here. > > Protect against that by always validating the show/store callbacks. > > Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org> > --- > drivers/infiniband/hw/qib/qib_sysfs.c | 6 ++++++ > 1 file changed, 6 insertions(+) Applied to for-next, thanks Jason
diff --git a/drivers/infiniband/hw/qib/qib_sysfs.c b/drivers/infiniband/hw/qib/qib_sysfs.c index 3926be78036e..568b21eb6ea1 100644 --- a/drivers/infiniband/hw/qib/qib_sysfs.c +++ b/drivers/infiniband/hw/qib/qib_sysfs.c @@ -301,6 +301,9 @@ static ssize_t qib_portattr_show(struct kobject *kobj, struct qib_pportdata *ppd = container_of(kobj, struct qib_pportdata, pport_kobj); + if (!pattr->show) + return -EIO; + return pattr->show(ppd, buf); } @@ -312,6 +315,9 @@ static ssize_t qib_portattr_store(struct kobject *kobj, struct qib_pportdata *ppd = container_of(kobj, struct qib_pportdata, pport_kobj); + if (!pattr->store) + return -EIO; + return pattr->store(ppd, buf, len); }
The permissions of the read-only or write-only sysfs files can be changed (as root) and the user can then try to read a write-only file or write to a read-only file which will lead to kernel crash here. Protect against that by always validating the show/store callbacks. Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org> --- drivers/infiniband/hw/qib/qib_sysfs.c | 6 ++++++ 1 file changed, 6 insertions(+) -- 2.21.0.rc0.269.g1a574e7a288b