From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Jessica Yu <jeyu@kernel.org>,
Kees Cook <keescook@chromium.org>
Subject: [PATCH 4.19 48/58] module: Refactor section attr into bin attribute
Date: Tue, 14 Jul 2020 20:44:21 +0200 [thread overview]
Message-ID: <20200714184058.548988651@linuxfoundation.org> (raw)
In-Reply-To: <20200714184056.149119318@linuxfoundation.org>
From: Kees Cook <keescook@chromium.org>
commit ed66f991bb19d94cae5d38f77de81f96aac7813f upstream.
In order to gain access to the open file's f_cred for kallsym visibility
permission checks, refactor the module section attributes to use the
bin_attribute instead of attribute interface. Additionally removes the
redundant "name" struct member.
Cc: stable@vger.kernel.org
Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tested-by: Jessica Yu <jeyu@kernel.org>
Acked-by: Jessica Yu <jeyu@kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
kernel/module.c | 45 ++++++++++++++++++++++++---------------------
1 file changed, 24 insertions(+), 21 deletions(-)
--- a/kernel/module.c
+++ b/kernel/module.c
@@ -1451,8 +1451,7 @@ static inline bool sect_empty(const Elf_
}
struct module_sect_attr {
- struct module_attribute mattr;
- char *name;
+ struct bin_attribute battr;
unsigned long address;
};
@@ -1462,11 +1461,16 @@ struct module_sect_attrs {
struct module_sect_attr attrs[0];
};
-static ssize_t module_sect_show(struct module_attribute *mattr,
- struct module_kobject *mk, char *buf)
+static ssize_t module_sect_read(struct file *file, struct kobject *kobj,
+ struct bin_attribute *battr,
+ char *buf, loff_t pos, size_t count)
{
struct module_sect_attr *sattr =
- container_of(mattr, struct module_sect_attr, mattr);
+ container_of(battr, struct module_sect_attr, battr);
+
+ if (pos != 0)
+ return -EINVAL;
+
return sprintf(buf, "0x%px\n", kptr_restrict < 2 ?
(void *)sattr->address : NULL);
}
@@ -1476,7 +1480,7 @@ static void free_sect_attrs(struct modul
unsigned int section;
for (section = 0; section < sect_attrs->nsections; section++)
- kfree(sect_attrs->attrs[section].name);
+ kfree(sect_attrs->attrs[section].battr.attr.name);
kfree(sect_attrs);
}
@@ -1485,42 +1489,41 @@ static void add_sect_attrs(struct module
unsigned int nloaded = 0, i, size[2];
struct module_sect_attrs *sect_attrs;
struct module_sect_attr *sattr;
- struct attribute **gattr;
+ struct bin_attribute **gattr;
/* Count loaded sections and allocate structures */
for (i = 0; i < info->hdr->e_shnum; i++)
if (!sect_empty(&info->sechdrs[i]))
nloaded++;
size[0] = ALIGN(struct_size(sect_attrs, attrs, nloaded),
- sizeof(sect_attrs->grp.attrs[0]));
- size[1] = (nloaded + 1) * sizeof(sect_attrs->grp.attrs[0]);
+ sizeof(sect_attrs->grp.bin_attrs[0]));
+ size[1] = (nloaded + 1) * sizeof(sect_attrs->grp.bin_attrs[0]);
sect_attrs = kzalloc(size[0] + size[1], GFP_KERNEL);
if (sect_attrs == NULL)
return;
/* Setup section attributes. */
sect_attrs->grp.name = "sections";
- sect_attrs->grp.attrs = (void *)sect_attrs + size[0];
+ sect_attrs->grp.bin_attrs = (void *)sect_attrs + size[0];
sect_attrs->nsections = 0;
sattr = §_attrs->attrs[0];
- gattr = §_attrs->grp.attrs[0];
+ gattr = §_attrs->grp.bin_attrs[0];
for (i = 0; i < info->hdr->e_shnum; i++) {
Elf_Shdr *sec = &info->sechdrs[i];
if (sect_empty(sec))
continue;
+ sysfs_bin_attr_init(&sattr->battr);
sattr->address = sec->sh_addr;
- sattr->name = kstrdup(info->secstrings + sec->sh_name,
- GFP_KERNEL);
- if (sattr->name == NULL)
+ sattr->battr.attr.name =
+ kstrdup(info->secstrings + sec->sh_name, GFP_KERNEL);
+ if (sattr->battr.attr.name == NULL)
goto out;
sect_attrs->nsections++;
- sysfs_attr_init(&sattr->mattr.attr);
- sattr->mattr.show = module_sect_show;
- sattr->mattr.store = NULL;
- sattr->mattr.attr.name = sattr->name;
- sattr->mattr.attr.mode = S_IRUSR;
- *(gattr++) = &(sattr++)->mattr.attr;
+ sattr->battr.read = module_sect_read;
+ sattr->battr.size = 3 /* "0x", "\n" */ + (BITS_PER_LONG / 4);
+ sattr->battr.attr.mode = 0400;
+ *(gattr++) = &(sattr++)->battr;
}
*gattr = NULL;
@@ -1610,7 +1613,7 @@ static void add_notes_attrs(struct modul
continue;
if (info->sechdrs[i].sh_type == SHT_NOTE) {
sysfs_bin_attr_init(nattr);
- nattr->attr.name = mod->sect_attrs->attrs[loaded].name;
+ nattr->attr.name = mod->sect_attrs->attrs[loaded].battr.attr.name;
nattr->attr.mode = S_IRUGO;
nattr->size = info->sechdrs[i].sh_size;
nattr->private = (void *) info->sechdrs[i].sh_addr;
next prev parent reply other threads:[~2020-07-14 19:12 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-14 18:43 [PATCH 4.19 00/58] 4.19.133-rc1 review Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 01/58] KVM: s390: reduce number of IO pins to 1 Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 02/58] spi: spi-fsl-dspi: Adding shutdown hook Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 03/58] spi: spi-fsl-dspi: Fix lockup if device is removed during SPI transfer Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 04/58] spi: spi-fsl-dspi: use IRQF_SHARED mode to request IRQ Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 05/58] spi: spi-fsl-dspi: Fix external abort on interrupt in resume or exit paths Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 06/58] regmap: fix alignment issue Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 07/58] ARM: dts: omap4-droid4: Fix spi configuration and increase rate Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 08/58] drm/tegra: hub: Do not enable orphaned window group Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 09/58] gpu: host1x: Detach driver on unregister Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 10/58] spi: spidev: fix a race between spidev_release and spidev_remove Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 11/58] spi: spidev: fix a potential use-after-free in spidev_release() Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 12/58] ixgbe: protect ring accesses with READ- and WRITE_ONCE Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 13/58] i40e: " Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 14/58] drm: panel-orientation-quirks: Add quirk for Asus T101HA panel Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 15/58] drm: panel-orientation-quirks: Use generic orientation-data for Acer S1003 Greg Kroah-Hartman
2020-07-15 14:45 ` Pavel Machek
2020-07-14 18:43 ` [PATCH 4.19 16/58] s390/kasan: fix early pgm check handler execution Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 17/58] drm/sun4i: mixer: Call of_dma_configure if theres an IOMMU Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 18/58] cifs: update ctime and mtime during truncate Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 19/58] ARM: imx6: add missing put_device() call in imx6q_suspend_init() Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 20/58] scsi: mptscsih: Fix read sense data size Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 21/58] usb: dwc3: pci: Fix reference count leak in dwc3_pci_resume_work Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 22/58] block: release bip in a right way in error path Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 23/58] nvme-rdma: assign completion vector correctly Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 24/58] x86/entry: Increase entry_stack size to a full page Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 25/58] net: qrtr: Fix an out of bounds read qrtr_endpoint_post() Greg Kroah-Hartman
2020-07-14 18:43 ` [PATCH 4.19 26/58] drm/mediatek: Check plane visibility in atomic_update Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 27/58] net: cxgb4: fix return error value in t4_prep_fw Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 28/58] smsc95xx: check return value of smsc95xx_reset Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 29/58] smsc95xx: avoid memory leak in smsc95xx_bind Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 30/58] net: hns3: fix use-after-free when doing self test Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 31/58] ALSA: compress: fix partial_drain completion state Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 32/58] arm64: kgdb: Fix single-step exception handling oops Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 33/58] nbd: Fix memory leak in nbd_add_socket Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 34/58] cxgb4: fix all-mask IP address comparison Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 35/58] bnxt_en: fix NULL dereference in case SR-IOV configuration fails Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 36/58] net: macb: mark device wake capable when "magic-packet" property present Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 37/58] mlxsw: spectrum_router: Remove inappropriate usage of WARN_ON() Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 38/58] ALSA: opl3: fix infoleak in opl3 Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 39/58] ALSA: hda - let hs_mic be picked ahead of hp_mic Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 40/58] ALSA: usb-audio: add quirk for MacroSilicon MS2109 Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 41/58] KVM: arm64: Fix definition of PAGE_HYP_DEVICE Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 42/58] KVM: arm64: Stop clobbering x0 for HVC_SOFT_RESTART Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 43/58] KVM: x86: bit 8 of non-leaf PDPEs is not reserved Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 44/58] KVM: x86: Inject #GP if guest attempts to toggle CR4.LA57 in 64-bit mode Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 45/58] KVM: x86: Mark CR4.TSD as being possibly owned by the guest Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 46/58] kallsyms: Refactor kallsyms_show_value() to take cred Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 47/58] kernel: module: Use struct_size() helper Greg Kroah-Hartman
2020-07-14 18:44 ` Greg Kroah-Hartman [this message]
2020-07-14 18:44 ` [PATCH 4.19 49/58] module: Do not expose section addresses to non-CAP_SYSLOG Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 50/58] kprobes: Do not expose probe " Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 51/58] bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok() Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 52/58] Revert "ath9k: Fix general protection fault in ath9k_hif_usb_rx_cb" Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 53/58] btrfs: fix fatal extent_buffer readahead vs releasepage race Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 54/58] drm/radeon: fix double free Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 55/58] dm: use noio when sending kobject event Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 56/58] ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 57/58] ARC: elf: use right ELF_ARCH Greg Kroah-Hartman
2020-07-14 18:44 ` [PATCH 4.19 58/58] s390/mm: fix huge pte soft dirty copying Greg Kroah-Hartman
2020-07-15 9:41 ` [PATCH 4.19 00/58] 4.19.133-rc1 review Naresh Kamboju
2020-07-15 12:39 ` Greg Kroah-Hartman
2020-07-15 10:49 ` Jon Hunter
2020-07-15 15:21 ` Shuah Khan
2020-07-15 16:42 ` Guenter Roeck
2020-07-16 7:45 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200714184058.548988651@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jeyu@kernel.org \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).