* [PATCH] blk-mq-debugfs: don't allow write on attributes with seq_operations set
@ 2018-01-23 17:20 Eryu Guan
2018-01-23 21:32 ` Jens Axboe
0 siblings, 1 reply; 5+ messages in thread
From: Eryu Guan @ 2018-01-23 17:20 UTC (permalink / raw)
To: linux-block; +Cc: Eryu Guan, Ming Lei
Attributes that only implement .seq_ops are read-only, any write to
them should be rejected. But currently kernel would crash when
writing to such debugfs entries, e.g.
chmod +w /sys/kernel/debug/block/<dev>/requeue_list
echo 0 > /sys/kernel/debug/block/<dev>/requeue_list
chmod -w /sys/kernel/debug/block/<dev>/requeue_list
Fix it by returning -EPERM in blk_mq_debugfs_write() when writing to
such attributes.
Cc: Ming Lei <ming.lei@redhat.com>
Signed-off-by: Eryu Guan <eguan@redhat.com>
---
block/blk-mq-debugfs.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/block/blk-mq-debugfs.c b/block/blk-mq-debugfs.c
index b56a4f35720d..54bd8c31b822 100644
--- a/block/blk-mq-debugfs.c
+++ b/block/blk-mq-debugfs.c
@@ -703,7 +703,11 @@ static ssize_t blk_mq_debugfs_write(struct file *file, const char __user *buf,
const struct blk_mq_debugfs_attr *attr = m->private;
void *data = d_inode(file->f_path.dentry->d_parent)->i_private;
- if (!attr->write)
+ /*
+ * Attributes that only implement .seq_ops are read-only and 'attr' is
+ * the same with 'data' in this case.
+ */
+ if (attr == data || !attr->write)
return -EPERM;
return attr->write(data, buf, count, ppos);
--
2.14.3
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] blk-mq-debugfs: don't allow write on attributes with seq_operations set
2018-01-23 17:20 [PATCH] blk-mq-debugfs: don't allow write on attributes with seq_operations set Eryu Guan
@ 2018-01-23 21:32 ` Jens Axboe
2018-01-24 3:49 ` Ming Lei
0 siblings, 1 reply; 5+ messages in thread
From: Jens Axboe @ 2018-01-23 21:32 UTC (permalink / raw)
To: Eryu Guan, linux-block; +Cc: Ming Lei, Omar Sandoval
On 1/23/18 10:20 AM, Eryu Guan wrote:
> Attributes that only implement .seq_ops are read-only, any write to
> them should be rejected. But currently kernel would crash when
> writing to such debugfs entries, e.g.
>
> chmod +w /sys/kernel/debug/block/<dev>/requeue_list
> echo 0 > /sys/kernel/debug/block/<dev>/requeue_list
> chmod -w /sys/kernel/debug/block/<dev>/requeue_list
>
> Fix it by returning -EPERM in blk_mq_debugfs_write() when writing to
> such attributes.
I don't particularly like the fix, since it's not really clear why
that comparison makes sense. Can't we just prevent anyone from
making the debugfs entries writable? Seems like a much more sane
approach.
--
Jens Axboe
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] blk-mq-debugfs: don't allow write on attributes with seq_operations set
2018-01-23 21:32 ` Jens Axboe
@ 2018-01-24 3:49 ` Ming Lei
2018-01-24 4:06 ` Eryu Guan
2018-01-24 16:45 ` Jens Axboe
0 siblings, 2 replies; 5+ messages in thread
From: Ming Lei @ 2018-01-24 3:49 UTC (permalink / raw)
To: Jens Axboe; +Cc: Eryu Guan, linux-block, Omar Sandoval
On Tue, Jan 23, 2018 at 02:32:06PM -0700, Jens Axboe wrote:
> On 1/23/18 10:20 AM, Eryu Guan wrote:
> > Attributes that only implement .seq_ops are read-only, any write to
> > them should be rejected. But currently kernel would crash when
> > writing to such debugfs entries, e.g.
> >
> > chmod +w /sys/kernel/debug/block/<dev>/requeue_list
> > echo 0 > /sys/kernel/debug/block/<dev>/requeue_list
> > chmod -w /sys/kernel/debug/block/<dev>/requeue_list
> >
> > Fix it by returning -EPERM in blk_mq_debugfs_write() when writing to
> > such attributes.
>
> I don't particularly like the fix, since it's not really clear why
> that comparison makes sense. Can't we just prevent anyone from
It might be the simplest way to check if the attribute defines .seq_ops
or not. If it is .seq_ops, it is wrong to interpret m->private as
'struct blk_mq_debugfs_attr *' because it actually points to 'struct
request_queue *' or others, which depends on the specific attribute.
So it works for avoiding the oops.
> making the debugfs entries writable? Seems like a much more sane
> approach.
I guess fs should allow root user to do 'chmod +w' on files in proc,
debugfs or sysfs. I just tried, it works on proc, debugfs and sysfs.
Thanks,
Ming
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] blk-mq-debugfs: don't allow write on attributes with seq_operations set
2018-01-24 3:49 ` Ming Lei
@ 2018-01-24 4:06 ` Eryu Guan
2018-01-24 16:45 ` Jens Axboe
1 sibling, 0 replies; 5+ messages in thread
From: Eryu Guan @ 2018-01-24 4:06 UTC (permalink / raw)
To: Ming Lei; +Cc: Jens Axboe, linux-block, Omar Sandoval
On Wed, Jan 24, 2018 at 11:49:26AM +0800, Ming Lei wrote:
> On Tue, Jan 23, 2018 at 02:32:06PM -0700, Jens Axboe wrote:
> > On 1/23/18 10:20 AM, Eryu Guan wrote:
> > > Attributes that only implement .seq_ops are read-only, any write to
> > > them should be rejected. But currently kernel would crash when
> > > writing to such debugfs entries, e.g.
> > >
> > > chmod +w /sys/kernel/debug/block/<dev>/requeue_list
> > > echo 0 > /sys/kernel/debug/block/<dev>/requeue_list
> > > chmod -w /sys/kernel/debug/block/<dev>/requeue_list
> > >
> > > Fix it by returning -EPERM in blk_mq_debugfs_write() when writing to
> > > such attributes.
> >
> > I don't particularly like the fix, since it's not really clear why
> > that comparison makes sense. Can't we just prevent anyone from
>
> It might be the simplest way to check if the attribute defines .seq_ops
> or not. If it is .seq_ops, it is wrong to interpret m->private as
> 'struct blk_mq_debugfs_attr *' because it actually points to 'struct
> request_queue *' or others, which depends on the specific attribute.
>
> So it works for avoiding the oops.
I agreed this is not a elegant fix but, as Ming suggested, might be the
simplest. I could put more comments in the code about why the comparison
makes sense.
Thanks,
Eryu
>
> > making the debugfs entries writable? Seems like a much more sane
> > approach.
>
> I guess fs should allow root user to do 'chmod +w' on files in proc,
> debugfs or sysfs. I just tried, it works on proc, debugfs and sysfs.
>
>
> Thanks,
> Ming
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] blk-mq-debugfs: don't allow write on attributes with seq_operations set
2018-01-24 3:49 ` Ming Lei
2018-01-24 4:06 ` Eryu Guan
@ 2018-01-24 16:45 ` Jens Axboe
1 sibling, 0 replies; 5+ messages in thread
From: Jens Axboe @ 2018-01-24 16:45 UTC (permalink / raw)
To: Ming Lei; +Cc: Eryu Guan, linux-block, Omar Sandoval
On 1/23/18 8:49 PM, Ming Lei wrote:
> On Tue, Jan 23, 2018 at 02:32:06PM -0700, Jens Axboe wrote:
>> On 1/23/18 10:20 AM, Eryu Guan wrote:
>>> Attributes that only implement .seq_ops are read-only, any write to
>>> them should be rejected. But currently kernel would crash when
>>> writing to such debugfs entries, e.g.
>>>
>>> chmod +w /sys/kernel/debug/block/<dev>/requeue_list
>>> echo 0 > /sys/kernel/debug/block/<dev>/requeue_list
>>> chmod -w /sys/kernel/debug/block/<dev>/requeue_list
>>>
>>> Fix it by returning -EPERM in blk_mq_debugfs_write() when writing to
>>> such attributes.
>>
>> I don't particularly like the fix, since it's not really clear why
>> that comparison makes sense. Can't we just prevent anyone from
>
> It might be the simplest way to check if the attribute defines .seq_ops
> or not. If it is .seq_ops, it is wrong to interpret m->private as
> 'struct blk_mq_debugfs_attr *' because it actually points to 'struct
> request_queue *' or others, which depends on the specific attribute.
>
> So it works for avoiding the oops.
>
>> making the debugfs entries writable? Seems like a much more sane
>> approach.
>
> I guess fs should allow root user to do 'chmod +w' on files in proc,
> debugfs or sysfs. I just tried, it works on proc, debugfs and sysfs.
Yeah good point, I guess the proposed fix is the simplest version
we can do. At least it has a comment. I'll apply it, thanks.
--
Jens Axboe
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2018-01-24 16:45 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-01-23 17:20 [PATCH] blk-mq-debugfs: don't allow write on attributes with seq_operations set Eryu Guan
2018-01-23 21:32 ` Jens Axboe
2018-01-24 3:49 ` Ming Lei
2018-01-24 4:06 ` Eryu Guan
2018-01-24 16:45 ` Jens Axboe
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.