* [PATCH] IB/qib: Validate ->show()/store() callbacks before calling them
@ 2019-11-07 3:20 Viresh Kumar
2019-11-07 7:15 ` Greg Kroah-Hartman
2019-11-14 15:54 ` Jason Gunthorpe
0 siblings, 2 replies; 3+ messages in thread
From: Viresh Kumar @ 2019-11-07 3:20 UTC (permalink / raw)
To: Dennis Dalessandro, Mike Marciniszyn
Cc: Viresh Kumar, Greg Kroah-Hartman, Vincent Guittot, linux-rdma,
linux-kernel
The permissions of the read-only or write-only sysfs files can be
changed (as root) and the user can then try to read a write-only file or
write to a read-only file which will lead to kernel crash here.
Protect against that by always validating the show/store callbacks.
Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
---
drivers/infiniband/hw/qib/qib_sysfs.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/infiniband/hw/qib/qib_sysfs.c b/drivers/infiniband/hw/qib/qib_sysfs.c
index 3926be78036e..568b21eb6ea1 100644
--- a/drivers/infiniband/hw/qib/qib_sysfs.c
+++ b/drivers/infiniband/hw/qib/qib_sysfs.c
@@ -301,6 +301,9 @@ static ssize_t qib_portattr_show(struct kobject *kobj,
struct qib_pportdata *ppd =
container_of(kobj, struct qib_pportdata, pport_kobj);
+ if (!pattr->show)
+ return -EIO;
+
return pattr->show(ppd, buf);
}
@@ -312,6 +315,9 @@ static ssize_t qib_portattr_store(struct kobject *kobj,
struct qib_pportdata *ppd =
container_of(kobj, struct qib_pportdata, pport_kobj);
+ if (!pattr->store)
+ return -EIO;
+
return pattr->store(ppd, buf, len);
}
--
2.21.0.rc0.269.g1a574e7a288b
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] IB/qib: Validate ->show()/store() callbacks before calling them
2019-11-07 3:20 [PATCH] IB/qib: Validate ->show()/store() callbacks before calling them Viresh Kumar
@ 2019-11-07 7:15 ` Greg Kroah-Hartman
2019-11-14 15:54 ` Jason Gunthorpe
1 sibling, 0 replies; 3+ messages in thread
From: Greg Kroah-Hartman @ 2019-11-07 7:15 UTC (permalink / raw)
To: Viresh Kumar
Cc: Dennis Dalessandro, Mike Marciniszyn, Vincent Guittot,
linux-rdma, linux-kernel
On Thu, Nov 07, 2019 at 08:50:25AM +0530, Viresh Kumar wrote:
> The permissions of the read-only or write-only sysfs files can be
> changed (as root) and the user can then try to read a write-only file or
> write to a read-only file which will lead to kernel crash here.
>
> Protect against that by always validating the show/store callbacks.
>
> Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
> ---
> drivers/infiniband/hw/qib/qib_sysfs.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] IB/qib: Validate ->show()/store() callbacks before calling them
2019-11-07 3:20 [PATCH] IB/qib: Validate ->show()/store() callbacks before calling them Viresh Kumar
2019-11-07 7:15 ` Greg Kroah-Hartman
@ 2019-11-14 15:54 ` Jason Gunthorpe
1 sibling, 0 replies; 3+ messages in thread
From: Jason Gunthorpe @ 2019-11-14 15:54 UTC (permalink / raw)
To: Viresh Kumar
Cc: Dennis Dalessandro, Mike Marciniszyn, Greg Kroah-Hartman,
Vincent Guittot, linux-rdma, linux-kernel
On Thu, Nov 07, 2019 at 08:50:25AM +0530, Viresh Kumar wrote:
> The permissions of the read-only or write-only sysfs files can be
> changed (as root) and the user can then try to read a write-only file or
> write to a read-only file which will lead to kernel crash here.
>
> Protect against that by always validating the show/store callbacks.
>
> Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
> ---
> drivers/infiniband/hw/qib/qib_sysfs.c | 6 ++++++
> 1 file changed, 6 insertions(+)
Applied to for-next, thanks
Jason
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-11-14 15:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-07 3:20 [PATCH] IB/qib: Validate ->show()/store() callbacks before calling them Viresh Kumar
2019-11-07 7:15 ` Greg Kroah-Hartman
2019-11-14 15:54 ` Jason Gunthorpe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).