From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-by2nam01on0126.outbound.protection.outlook.com ([104.47.34.126]:59343 "EHLO NAM01-BY2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753778AbeDIASs (ORCPT ); Sun, 8 Apr 2018 20:18:48 -0400 From: Sasha Levin To: "stable@vger.kernel.org" , "linux-kernel@vger.kernel.org" CC: Eryu Guan , Ming Lei , Jens Axboe , Sasha Levin Subject: [PATCH AUTOSEL for 4.15 084/189] blk-mq-debugfs: don't allow write on attributes with seq_operations set Date: Mon, 9 Apr 2018 00:17:51 +0000 Message-ID: <20180409001637.162453-84-alexander.levin@microsoft.com> References: <20180409001637.162453-1-alexander.levin@microsoft.com> In-Reply-To: <20180409001637.162453-1-alexander.levin@microsoft.com> Content-Language: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org List-ID: From: Eryu Guan [ Upstream commit 6b136a24b05c81a24e0b648a4bd938bcd0c4f69e ] Attributes that only implement .seq_ops are read-only, any write to them should be rejected. But currently kernel would crash when writing to such debugfs entries, e.g. chmod +w /sys/kernel/debug/block//requeue_list echo 0 > /sys/kernel/debug/block//requeue_list chmod -w /sys/kernel/debug/block//requeue_list Fix it by returning -EPERM in blk_mq_debugfs_write() when writing to such attributes. Cc: Ming Lei Signed-off-by: Eryu Guan Signed-off-by: Jens Axboe Signed-off-by: Sasha Levin --- block/blk-mq-debugfs.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/block/blk-mq-debugfs.c b/block/blk-mq-debugfs.c index b56a4f35720d..54bd8c31b822 100644 --- a/block/blk-mq-debugfs.c +++ b/block/blk-mq-debugfs.c @@ -703,7 +703,11 @@ static ssize_t blk_mq_debugfs_write(struct file *file,= const char __user *buf, const struct blk_mq_debugfs_attr *attr =3D m->private; void *data =3D d_inode(file->f_path.dentry->d_parent)->i_private; =20 - if (!attr->write) + /* + * Attributes that only implement .seq_ops are read-only and 'attr' is + * the same with 'data' in this case. + */ + if (attr =3D=3D data || !attr->write) return -EPERM; =20 return attr->write(data, buf, count, ppos); --=20 2.15.1