From mboxrd@z Thu Jan 1 00:00:00 1970 From: green at linuxhacker.ru Date: Sat, 6 Feb 2016 02:01:50 -0500 Subject: [lustre-devel] [PATCH 1/2] staging/lustre/libcfs: Properly handle debugfs read- and write-only files In-Reply-To: <1454742111-2231460-1-git-send-email-green@linuxhacker.ru> References: <1454742111-2231460-1-git-send-email-green@linuxhacker.ru> Message-ID: <1454742111-2231460-2-git-send-email-green@linuxhacker.ru> List-Id: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: Greg Kroah-Hartman , devel@driverdev.osuosl.org, Andreas Dilger Cc: Linux Kernel Mailing List , Lustre Development List , Oleg Drokin From: Oleg Drokin It turns out that unlike procfs, debugfs does not really enforce permissions for root (similar to regular filesystems), so we need to ensure we are not providing ->write() method to read-only files and ->read() method for write-only files at registration. This fixes a couple of crashes on unexpected access. Signed-off-by: Oleg Drokin --- drivers/staging/lustre/lustre/libcfs/module.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/drivers/staging/lustre/lustre/libcfs/module.c b/drivers/staging/lustre/lustre/libcfs/module.c index d5a047b..611607a 100644 --- a/drivers/staging/lustre/lustre/libcfs/module.c +++ b/drivers/staging/lustre/lustre/libcfs/module.c @@ -502,13 +502,36 @@ static ssize_t lnet_debugfs_write(struct file *filp, const char __user *buf, return error; } -static const struct file_operations lnet_debugfs_file_operations = { +static const struct file_operations lnet_debugfs_file_operations_rw = { .open = simple_open, .read = lnet_debugfs_read, .write = lnet_debugfs_write, .llseek = default_llseek, }; +static const struct file_operations lnet_debugfs_file_operations_ro = { + .open = simple_open, + .read = lnet_debugfs_read, + .llseek = default_llseek, +}; + +static const struct file_operations lnet_debugfs_file_operations_wo = { + .open = simple_open, + .write = lnet_debugfs_write, + .llseek = default_llseek, +}; + +static const struct file_operations *lnet_debugfs_fops_select(umode_t mode) +{ + if (!(mode & S_IWUGO)) + return &lnet_debugfs_file_operations_ro; + + if (!(mode & S_IRUGO)) + return &lnet_debugfs_file_operations_wo; + + return &lnet_debugfs_file_operations_rw; +} + void lustre_insert_debugfs(struct ctl_table *table, const struct lnet_debugfs_symlink_def *symlinks) { @@ -525,7 +548,7 @@ void lustre_insert_debugfs(struct ctl_table *table, for (; table->procname; table++) debugfs_create_file(table->procname, table->mode, lnet_debugfs_root, table, - &lnet_debugfs_file_operations); + lnet_debugfs_fops_select(table->mode)); for (; symlinks && symlinks->name; symlinks++) debugfs_create_symlink(symlinks->name, lnet_debugfs_root, -- 2.1.0 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751489AbcBFHau (ORCPT ); Sat, 6 Feb 2016 02:30:50 -0500 Received: from linuxhacker.ru ([217.76.32.60]:38760 "EHLO fiona.linuxhacker.ru" rhost-flags-OK-FAIL-OK-OK) by vger.kernel.org with ESMTP id S1750779AbcBFHaj (ORCPT ); Sat, 6 Feb 2016 02:30:39 -0500 X-Greylist: delayed 1309 seconds by postgrey-1.27 at vger.kernel.org; Sat, 06 Feb 2016 02:30:35 EST From: green@linuxhacker.ru To: Greg Kroah-Hartman , devel@driverdev.osuosl.org, Andreas Dilger Cc: Linux Kernel Mailing List , Lustre Development List , Oleg Drokin Subject: [PATCH 1/2] staging/lustre/libcfs: Properly handle debugfs read- and write-only files Date: Sat, 6 Feb 2016 02:01:50 -0500 Message-Id: <1454742111-2231460-2-git-send-email-green@linuxhacker.ru> X-Mailer: git-send-email 2.1.0 In-Reply-To: <1454742111-2231460-1-git-send-email-green@linuxhacker.ru> References: <1454742111-2231460-1-git-send-email-green@linuxhacker.ru> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Oleg Drokin It turns out that unlike procfs, debugfs does not really enforce permissions for root (similar to regular filesystems), so we need to ensure we are not providing ->write() method to read-only files and ->read() method for write-only files at registration. This fixes a couple of crashes on unexpected access. Signed-off-by: Oleg Drokin --- drivers/staging/lustre/lustre/libcfs/module.c | 27 +++++++++++++++++++++++++-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/drivers/staging/lustre/lustre/libcfs/module.c b/drivers/staging/lustre/lustre/libcfs/module.c index d5a047b..611607a 100644 --- a/drivers/staging/lustre/lustre/libcfs/module.c +++ b/drivers/staging/lustre/lustre/libcfs/module.c @@ -502,13 +502,36 @@ static ssize_t lnet_debugfs_write(struct file *filp, const char __user *buf, return error; } -static const struct file_operations lnet_debugfs_file_operations = { +static const struct file_operations lnet_debugfs_file_operations_rw = { .open = simple_open, .read = lnet_debugfs_read, .write = lnet_debugfs_write, .llseek = default_llseek, }; +static const struct file_operations lnet_debugfs_file_operations_ro = { + .open = simple_open, + .read = lnet_debugfs_read, + .llseek = default_llseek, +}; + +static const struct file_operations lnet_debugfs_file_operations_wo = { + .open = simple_open, + .write = lnet_debugfs_write, + .llseek = default_llseek, +}; + +static const struct file_operations *lnet_debugfs_fops_select(umode_t mode) +{ + if (!(mode & S_IWUGO)) + return &lnet_debugfs_file_operations_ro; + + if (!(mode & S_IRUGO)) + return &lnet_debugfs_file_operations_wo; + + return &lnet_debugfs_file_operations_rw; +} + void lustre_insert_debugfs(struct ctl_table *table, const struct lnet_debugfs_symlink_def *symlinks) { @@ -525,7 +548,7 @@ void lustre_insert_debugfs(struct ctl_table *table, for (; table->procname; table++) debugfs_create_file(table->procname, table->mode, lnet_debugfs_root, table, - &lnet_debugfs_file_operations); + lnet_debugfs_fops_select(table->mode)); for (; symlinks && symlinks->name; symlinks++) debugfs_create_symlink(symlinks->name, lnet_debugfs_root, -- 2.1.0