From patchwork Thu Nov 7 03:20:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Viresh Kumar X-Patchwork-Id: 178780 Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp418570ilf; Wed, 6 Nov 2019 19:20:38 -0800 (PST) X-Google-Smtp-Source: APXvYqwAky3gdt3pFdbjev+InrrM8rBU52v9/pkJiGH3Wd3ZDx4GOcMgFPbPq9Kp/F8jAivuZDc9 X-Received: by 2002:a50:90a8:: with SMTP id c37mr1175884eda.153.1573096838759; Wed, 06 Nov 2019 19:20:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1573096838; cv=none; d=google.com; s=arc-20160816; b=BfLW/iP2b2RX6TiLztlKSU6BQGqxCDQJnO0aYgweZzYm7r7o6nk+nRZyjncCATi0+0 u4ES2xweKAoKISHPmMj8hZD256RIOedMtJ73p4gOGOQN+J6uLcn3YH2mndcj+tLOOG/I Z1Nhwzm9KnI6E+O4RzqhFga0mwSTN5KMuBD8xpuI9Sl3iYt1fyDkBO8dArZuXQRJvT9f cwWhO6KGxRDDw0/2Ut8kJlIfGIABvOYh/spQCnJVy0T/W6BUrA2tG7UqQdZBV6tZl7Iz +ycREiqlejTfIJAYiUW7EFaRIgiyQjFSm+yny5CO01dlRV+/XSYIJ+zphtUl5mNUbvY4 ftXg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=2oC3yJJXBDl4Wr0A5jeoRouH5CPSnlYcDExtnV2jGKQ=; b=bawDTiFVueXnUzeDRzE8GThVGZ/KlBrXwWKHoG+ChJRdblRC5hM9F2T/eGj4QUQ022 8dCJWpcBOplh5I9uK1+d9SjikkCtakqw4MGzh2y3eEeJYo02E4raHZiHhVjt6AyWbQwq oUSiYeChjniimJe5/slF4u85/lBwikHkGTbbo1NQ+kn4FZcrnrk5Lwq4rQsdTTVD9UNf uuYRzfPrFfB4zvvaHwgmWGrikNc9OQORn8+h7ZHDCdBzUpNjcAHMRqc2FBzthcEZA7nu JMyrh1QIO0yHqvm2iqCI6hIMeuwwobaSQ2SaRZ0LiZVlhIDqWGHY5HUPQUbpBT4tQmmJ yL9g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=j7FjqYqY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id dx19si627179ejb.127.2019.11.06.19.20.38; Wed, 06 Nov 2019 19:20:38 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=j7FjqYqY; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1733081AbfKGDUf (ORCPT + 26 others); Wed, 6 Nov 2019 22:20:35 -0500 Received: from mail-pf1-f194.google.com ([209.85.210.194]:38472 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728047AbfKGDUf (ORCPT ); Wed, 6 Nov 2019 22:20:35 -0500 Received: by mail-pf1-f194.google.com with SMTP id c13so1282962pfp.5 for ; Wed, 06 Nov 2019 19:20:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=2oC3yJJXBDl4Wr0A5jeoRouH5CPSnlYcDExtnV2jGKQ=; b=j7FjqYqYchtyDbwjW7ryF1WpehF5qoKiuEYjAahXifGnYIAPnQfZmD1p6vxvfB6Xlj CrL4M5oduRqpQcWyDaO5DOqU+GIGt9NJQaatkqIuwJL+s0jVd+rZOh8+T7eWpZ/L3ELn VLACicXal+IJHmJUtphKMXgviaJXuETGgbjXkI+RZE8GtZMHKb61wYvecNrdr4CVTx0q FWg7Y2px83ntq+Y1F5gtjh15O5g0/As2XUQPDRBMLGMoY2bCu9iw+YbV2nC0A7RrmzKc 8Y2Ms8pzDjl6Fpw/ySvXByeADgsCSIhG9qMrMhYALp0kIXnjXdbidxA6wB8M+NHjiONq 7Kuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=2oC3yJJXBDl4Wr0A5jeoRouH5CPSnlYcDExtnV2jGKQ=; b=aT629UjaF5eoIHhEsud9TYDslSXjtpsgacKjom8Swf3APrfHstl7IuQxj4zyHaGUwc VhPTdJMiKSXZC1Vd4RGMP6kcZCdj79yrJbz5ZDQ49L7ixq12hYGLoWu1zjY1CR8tUloZ zO5URYVV/AlFnFfOmEIRzrWTrPHSWx3xgEW/pMeZj5bps0QWIhxlzoJH2TROr/r7zUdk pYdSWikGGgNphFlJoFicaA5WTOxfEOkhs0TXqpIm9UY31z+Kyf0faispF1Bij4iql1gk bmr+n6GtP7K0BrxgzPzfr0608S0YK4FBTBIhXgfYt2yAbBDc5NQA2TKu0ZtkBNvh6wPb B3mQ== X-Gm-Message-State: APjAAAUMmOq3AkidBM2w6fGdsyg/UORgZ/2nnX5M2llJI0zKw9zyP2FN A1ZEDGSM1rT/uxZHRAnRc2E97sJtt5o= X-Received: by 2002:a17:90a:a598:: with SMTP id b24mr1989317pjq.46.1573096834829; Wed, 06 Nov 2019 19:20:34 -0800 (PST) Received: from localhost ([122.171.110.253]) by smtp.gmail.com with ESMTPSA id x20sm441541pfa.186.2019.11.06.19.20.33 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 06 Nov 2019 19:20:34 -0800 (PST) From: Viresh Kumar To: Dennis Dalessandro , Mike Marciniszyn Cc: Viresh Kumar , Greg Kroah-Hartman , Vincent Guittot , linux-rdma@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] IB/qib: Validate ->show()/store() callbacks before calling them Date: Thu, 7 Nov 2019 08:50:25 +0530 Message-Id: X-Mailer: git-send-email 2.21.0.rc0.269.g1a574e7a288b MIME-Version: 1.0 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The permissions of the read-only or write-only sysfs files can be changed (as root) and the user can then try to read a write-only file or write to a read-only file which will lead to kernel crash here. Protect against that by always validating the show/store callbacks. Signed-off-by: Viresh Kumar --- drivers/infiniband/hw/qib/qib_sysfs.c | 6 ++++++ 1 file changed, 6 insertions(+) -- 2.21.0.rc0.269.g1a574e7a288b Reviewed-by: Greg Kroah-Hartman diff --git a/drivers/infiniband/hw/qib/qib_sysfs.c b/drivers/infiniband/hw/qib/qib_sysfs.c index 3926be78036e..568b21eb6ea1 100644 --- a/drivers/infiniband/hw/qib/qib_sysfs.c +++ b/drivers/infiniband/hw/qib/qib_sysfs.c @@ -301,6 +301,9 @@ static ssize_t qib_portattr_show(struct kobject *kobj, struct qib_pportdata *ppd = container_of(kobj, struct qib_pportdata, pport_kobj); + if (!pattr->show) + return -EIO; + return pattr->show(ppd, buf); } @@ -312,6 +315,9 @@ static ssize_t qib_portattr_store(struct kobject *kobj, struct qib_pportdata *ppd = container_of(kobj, struct qib_pportdata, pport_kobj); + if (!pattr->store) + return -EIO; + return pattr->store(ppd, buf, len); }