lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Mon, 14 Nov 2022 22:46:46 +0800
From:   ZhaoLong Wang <wangzhaolong1@...wei.com>
To:     <richard@....at>, <miquel.raynal@...tlin.com>, <vigneshr@...com>,
        <patchwork@...wei.com>
CC:     <linux-mtd@...ts.infradead.org>, <linux-kernel@...r.kernel.org>,
        <chengzhihao1@...wei.com>, <wangzhaolong1@...wei.com>,
        <yi.zhang@...wei.com>, <miaoxie@...wei.com>,
        <guohanjun@...wei.com>, <huawei.libin@...wei.com>,
        <yuehaibing@...wei.com>, <johnny.chenyi@...wei.com>,
        <weiyongjun1@...wei.com>
Subject: [PATCH -next] ubi: Fix permission display of the debugfs files

Some interface files in debugfs support the read method
dfs_file_read(), but their rwx permissions is shown as
unreadable.

In the user mode, the following problem can be clearly seen:

 # ls -l /sys/kernel/debug/ubi/ubi0/
 total 0
 --w------- 1 root root 0 Oct 22 16:26 chk_fastmap
 --w------- 1 root root 0 Oct 22 16:26 chk_gen
 --w------- 1 root root 0 Oct 22 16:26 chk_io
 -r-------- 1 root root 0 Oct 22 16:26 detailed_erase_block_info
 --w------- 1 root root 0 Oct 22 16:26 tst_disable_bgt
 --w------- 1 root root 0 Oct 22 16:26 tst_emulate_bitflips
 --w------- 1 root root 0 Oct 22 16:26 tst_emulate_io_failures
 --w------- 1 root root 0 Oct 22 16:26 tst_emulate_power_cut
 --w------- 1 root root 0 Oct 22 16:26 tst_emulate_power_cut_max
 --w------- 1 root root 0 Oct 22 16:26 tst_emulate_power_cut_min

It shows that these files do not have read permission 'r',
but we can actually read their contents.

 # echo 1 > /sys/kernel/debug/ubi/ubi0/chk_io
 # cat /sys/kernel/debug/ubi/ubi0/chk_io
 1

User's permission access is determined by capabilities.
Of course, the root user is not restricted from reading
these files.

When reading a debugfs file, the process is as follows:

 ksys_read()
   vfs_read()
     if (file->f_op->read)
       file->f_op->read()
         full_proxy_open()
           real_fops->read()
             dfs_file_read() -- Read method of debugfs file.
     else if (file->f_op->read_iter)
       new_sync_read()
     else
       ret = -EINVAL -- Return -EINVAL if no read method.

This indicates that the debugfs file can be read as long as the read
method of the debugfs file is registered. This patch adds the read
permission display for file that support the read method.

Signed-off-by: ZhaoLong Wang <wangzhaolong1@...wei.com>
---
 drivers/mtd/ubi/debug.c | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/drivers/mtd/ubi/debug.c b/drivers/mtd/ubi/debug.c
index 908d0e088557..552b765af810 100644
--- a/drivers/mtd/ubi/debug.c
+++ b/drivers/mtd/ubi/debug.c
@@ -504,6 +504,7 @@ int ubi_debugfs_init_dev(struct ubi_device *ubi)
 {
 	unsigned long ubi_num = ubi->ubi_num;
 	struct ubi_debug_info *d = &ubi->dbg;
+	umode_t mode = S_IRUSR | S_IWUSR;
 	int n;
 
 	if (!IS_ENABLED(CONFIG_DEBUG_FS))
@@ -518,41 +519,41 @@ int ubi_debugfs_init_dev(struct ubi_device *ubi)
 
 	d->dfs_dir = debugfs_create_dir(d->dfs_dir_name, dfs_rootdir);
 
-	d->dfs_chk_gen = debugfs_create_file("chk_gen", S_IWUSR, d->dfs_dir,
+	d->dfs_chk_gen = debugfs_create_file("chk_gen", mode, d->dfs_dir,
 					     (void *)ubi_num, &dfs_fops);
 
-	d->dfs_chk_io = debugfs_create_file("chk_io", S_IWUSR, d->dfs_dir,
+	d->dfs_chk_io = debugfs_create_file("chk_io", mode, d->dfs_dir,
 					    (void *)ubi_num, &dfs_fops);
 
-	d->dfs_chk_fastmap = debugfs_create_file("chk_fastmap", S_IWUSR,
+	d->dfs_chk_fastmap = debugfs_create_file("chk_fastmap", mode,
 						 d->dfs_dir, (void *)ubi_num,
 						 &dfs_fops);
 
-	d->dfs_disable_bgt = debugfs_create_file("tst_disable_bgt", S_IWUSR,
+	d->dfs_disable_bgt = debugfs_create_file("tst_disable_bgt", mode,
 						 d->dfs_dir, (void *)ubi_num,
 						 &dfs_fops);
 
 	d->dfs_emulate_bitflips = debugfs_create_file("tst_emulate_bitflips",
-						      S_IWUSR, d->dfs_dir,
+						      mode, d->dfs_dir,
 						      (void *)ubi_num,
 						      &dfs_fops);
 
 	d->dfs_emulate_io_failures = debugfs_create_file("tst_emulate_io_failures",
-							 S_IWUSR, d->dfs_dir,
+							 mode, d->dfs_dir,
 							 (void *)ubi_num,
 							 &dfs_fops);
 
 	d->dfs_emulate_power_cut = debugfs_create_file("tst_emulate_power_cut",
-						       S_IWUSR, d->dfs_dir,
+						       mode, d->dfs_dir,
 						       (void *)ubi_num,
 						       &dfs_fops);
 
 	d->dfs_power_cut_min = debugfs_create_file("tst_emulate_power_cut_min",
-						   S_IWUSR, d->dfs_dir,
+						   mode, d->dfs_dir,
 						   (void *)ubi_num, &dfs_fops);
 
 	d->dfs_power_cut_max = debugfs_create_file("tst_emulate_power_cut_max",
-						   S_IWUSR, d->dfs_dir,
+						   mode, d->dfs_dir,
 						   (void *)ubi_num, &dfs_fops);
 
 	debugfs_create_file("detailed_erase_block_info", S_IRUSR, d->dfs_dir,
-- 
2.31.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ