lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <417346e2-09cc-3b33-e4cf-57d00a8edbbe@amd.com>
Date:   Tue, 13 Jun 2023 17:35:11 -0500
From:   Avadhut Naik <avadnaik@....com>
To:     Greg KH <gregkh@...uxfoundation.org>,
        Alexey Kardashevskiy <aik@....com>
Cc:     Avadhut Naik <Avadhut.Naik@....com>, rafael@...nel.org,
        lenb@...nel.org, linux-acpi@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, yazen.ghannam@....com,
        alexey.kardashevskiy@....com, linux-kernel@...r.kernel.org
Subject: [RFC PATCH v3 2/3] fs: debugfs: Add write functionality to debugfs
 blobs

Hi,

	Thanks for reviewing!	

On 6/13/2023 05:22, Greg KH wrote:
> On Tue, Jun 13, 2023 at 08:05:41PM +1000, Alexey Kardashevskiy wrote:
>>
>>
>> On 13/6/23 17:59, Greg KH wrote:
>>> On Mon, Jun 12, 2023 at 09:51:38PM +0000, Avadhut Naik wrote:
>>>>   /**
>>>> - * debugfs_create_blob - create a debugfs file that is used to read a binary blob
>>>> + * debugfs_create_blob - create a debugfs file that is used to read and write
>>>> + * a binary blob
>>>>    * @name: a pointer to a string containing the name of the file to create.
>>>> - * @mode: the read permission that the file should have (other permissions are
>>>> - *	  masked out)
>>>> + * @mode: the permission that the file should have
>>>>    * @parent: a pointer to the parent dentry for this file.  This should be a
>>>>    *          directory dentry if set.  If this parameter is %NULL, then the
>>>>    *          file will be created in the root of the debugfs filesystem.
>>>> @@ -992,7 +1010,7 @@ static const struct file_operations fops_blob = {
>>>>    *
>>>>    * This function creates a file in debugfs with the given name that exports
>>>>    * @blob->data as a binary blob. If the @mode variable is so set it can be
>>>> - * read from. Writing is not supported.
>>>> + * read from and written to.
>>>>    *
>>>>    * This function will return a pointer to a dentry if it succeeds.  This
>>>>    * pointer must be passed to the debugfs_remove() function when the file is
>>>> @@ -1007,7 +1025,7 @@ struct dentry *debugfs_create_blob(const char *name, umode_t mode,
>>>>   				   struct dentry *parent,
>>>>   				   struct debugfs_blob_wrapper *blob)
>>>>   {
>>>> -	return debugfs_create_file_unsafe(name, mode & 0444, parent, blob, &fops_blob);
>>>> +	return debugfs_create_file_unsafe(name, mode, parent, blob, &fops_blob);
>>>
>>> Have you audited all calls to this function to verify that you haven't
>>> just turned on write access to some debugfs files?
>>
>> I just did, it is one of S_IRUGO/S_IRUSR/0444/0400/(S_IFREG | 0444). So we
>> are quite safe here. Except (S_IFREG | 0444) in
>> drivers/platform/chrome/cros_ec_debugfs.c which seems wrong as debugfs files
>> are not regular files.
>>
>>> Why not rename this to debugfs_create_blob_wo() and then make a new
>>> debugfs_create_blob_rw() call to ensure that it all is ok?
>>
>> It is already taking the mode for this purpose. imho just
>> cros_ec_create_panicinfo()'s debugfs_create_blob("panicinfo", S_IFREG |
>> 0444,...) needs fixing.
> 
> Yes, well it's taking the mode, but silently modifying it :)
> 
> Ok, thanks for the audit, respin this with that fix and then I don't
> have a problem with it (other than binary debugfs files fill me with
> dread, what could go wrong...)
> 
	Will add the fix for cros_ec_create_panicinfo()'s debugfs_create_blob()
usage.

Thanks,
Avadhut Naik

> thanks,
> 
> greg k-h

-- 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ