From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934999AbYD1PAk (ORCPT ); Mon, 28 Apr 2008 11:00:40 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S964856AbYD1PAJ (ORCPT ); Mon, 28 Apr 2008 11:00:09 -0400 Received: from 82-69-137-158.dsl.in-addr.zen.co.uk ([82.69.137.158]:60732 "EHLO uklogin.uk.level5networks.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S934111AbYD1PAI (ORCPT ); Mon, 28 Apr 2008 11:00:08 -0400 Date: Mon, 28 Apr 2008 15:59:58 +0100 From: Ben Hutchings To: Linux kernel mailing list Cc: Greg Kroah-Hartman Subject: [PATCH] Disallow truncation of files in sysfs Message-ID: <20080428145957.GD8986@solarflare.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.1i Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org sysfs allows attribute files to be truncated, e.g. using ftruncate(), with the expected effect on their inode. For most attributes, this doesn't change the "real" size of the file i.e. how much can be read from it. However, the parameter validation for reading and writing binary attribute files is based on the inode size and not the size specified in the file's bin_attribute, so it can be broken by this. For example, if we try using dd to write to such a file: # pwd /sys/bus/pci/devices/0000:08:00.0 # ls -l config -rw-r--r-- 1 root root 4096 Feb 1 17:35 config # dd if=/dev/zero of=config bs=4 count=1 1+0 records in 1+0 records out # ls -l config -rw-r--r-- 1 root root 0 Feb 1 17:50 config # dd if=/dev/zero of=config bs=4 count=1 seek=128 dd: writing `config': No space left on device 1+0 records in 0+0 records out Also, after truncation to 0, parameter validation for read and write is disabled. Most bin_attribute read and write methods also validate the size and offset, but for some this will allow out-of-range access. This may be a security issue, though access to such files is often limited to root. In any case, the validation should remain for safety's sake!) This was previously reported in Bugzilla as bug 9867. sysfs should ignore size changes or else refuse them (by returning -EINVAL). This patch makes it ignore them. Signed-off-by: Ben Hutchings --- a/fs/sysfs/inode.c +++ b/fs/sysfs/inode.c @@ -59,6 +59,8 @@ if (error) return error; + iattr->ia_valid &= ~ATTR_SIZE; /* ignore size changes */ + error = inode_setattr(inode, iattr); if (error) return error; -- Ben Hutchings, Senior Software Engineer, Solarflare Communications Not speaking for my employer; that's the marketing department's job.