From: "Denis Efremov (Oracle)" <efremov@linux.com>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-kernel@vger.kernel.org
Cc: Jens Axboe <axboe@kernel.dk>, Minchan Kim <minchan@kernel.org>,
Sergey Senozhatsky <senozhatsky@chromium.org>,
Wade Mealing <wmealing@redhat.com>
Subject: Re: [PATCH] driver core: class: mark the struct class for sysfs callbacks as constant
Date: Mon, 17 Apr 2023 17:53:17 +0400 [thread overview]
Message-ID: <6f6e01f2-b485-40c2-30fe-7b7ebbdb4010@linux.com> (raw)
In-Reply-To: <20230325084537.3622280-1-gregkh@linuxfoundation.org>
Hello,
On 3/25/23 12:45, Greg Kroah-Hartman wrote:
> struct class should never be modified in a sysfs callback as there is
> nothing in the structure to modify, and frankly, the structure is almost
> never used in a sysfs callback, so mark it as constant to allow struct
> class to be moved to read-only memory.
>
> While we are touching all class sysfs callbacks also mark the attribute
> as constant as it can not be modified. The bonding code still uses this
> structure so it can not be removed from the function callbacks.
>
...
> diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c
> index b7bb52f8dfbd..3feadfb96114 100644
> --- a/drivers/block/zram/zram_drv.c
> +++ b/drivers/block/zram/zram_drv.c
> @@ -2424,8 +2424,8 @@ static int zram_remove(struct zram *zram)
> * creates a new un-initialized zram device and returns back this device's
> * device_id (or an error code if it fails to create a new device).
> */
> -static ssize_t hot_add_show(struct class *class,
> - struct class_attribute *attr,
> +static ssize_t hot_add_show(const struct class *class,
> + const struct class_attribute *attr,
> char *buf)
> {
> int ret;
> @@ -2438,11 +2438,10 @@ static ssize_t hot_add_show(struct class *class,
> return ret;
> return scnprintf(buf, PAGE_SIZE, "%d\n", ret);
> }
> -static struct class_attribute class_attr_hot_add =
> - __ATTR(hot_add, 0400, hot_add_show, NULL);
> +static CLASS_ATTR_RO(hot_add);
>
> -static ssize_t hot_remove_store(struct class *class,
> - struct class_attribute *attr,
> +static ssize_t hot_remove_store(const struct class *class,
> + const struct class_attribute *attr,
> const char *buf,
> size_t count)
> {
This looks like a security regression (CVE-2020-10781).
Previous fix 853eab68afc80f59f36bbdeb715e5c88c501e680.
Thanks,
Denis Efremov
next prev parent reply other threads:[~2023-04-17 13:53 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-25 8:45 [PATCH] driver core: class: mark the struct class for sysfs callbacks as constant Greg Kroah-Hartman
2023-03-25 8:45 ` Greg Kroah-Hartman
2023-03-25 8:45 ` Greg Kroah-Hartman
2023-03-27 16:05 ` Luis Chamberlain
2023-03-27 16:05 ` Luis Chamberlain
2023-03-27 16:05 ` Luis Chamberlain
2023-04-17 13:53 ` Denis Efremov (Oracle) [this message]
2023-04-17 17:42 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6f6e01f2-b485-40c2-30fe-7b7ebbdb4010@linux.com \
--to=efremov@linux.com \
--cc=axboe@kernel.dk \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=minchan@kernel.org \
--cc=senozhatsky@chromium.org \
--cc=wmealing@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.