mirror of
https://github.com/FEX-Emu/linux.git
synced 2025-01-12 12:22:42 +00:00
c8a139d001
ops->show() can return a negative error code. Commit 65da3484d9be ("sysfs: correctly handle short reads on PREALLOC attrs.") (in v4.4) caused this to be stored in an unsigned 'size_t' variable, so errors would look like large numbers. As a result, if an error is returned, sysfs_kf_read() will return the value of 'count', typically 4096. Commit 17d0774f8068 ("sysfs: correctly handle read offset on PREALLOC attrs") (in v4.8) extended this error to use the unsigned large 'len' as a size for memmove(). Consequently, if ->show returns an error, then the first read() on the sysfs file will return 4096 and could return uninitialized memory to user-space. If the application performs a subsequent read, this will trigger a memmove() with extremely large count, and is likely to crash the machine is bizarre ways. This bug can currently only be triggered by reading from an md sysfs attribute declared with __ATTR_PREALLOC() during the brief period between when mddev_put() deletes an mddev from the ->all_mddevs list, and when mddev_delayed_delete() - which is scheduled on a workqueue - completes. Before this, an error won't be returned by the ->show() After this, the ->show() won't be called. I can reproduce it reliably only by putting delay like usleep_range(500000,700000); early in mddev_delayed_delete(). Then after creating an md device md0 run echo clear > /sys/block/md0/md/array_state; cat /sys/block/md0/md/array_state The bug can be triggered without the usleep. Fixes: 65da3484d9be ("sysfs: correctly handle short reads on PREALLOC attrs.") Fixes: 17d0774f8068 ("sysfs: correctly handle read offset on PREALLOC attrs") Cc: stable@vger.kernel.org Signed-off-by: NeilBrown <neilb@suse.com> Acked-by: Tejun Heo <tj@kernel.org> Reported-and-tested-by: Miroslav Benes <mbenes@suse.cz> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
508 lines
12 KiB
C
508 lines
12 KiB
C
/*
|
|
* fs/sysfs/file.c - sysfs regular (text) file implementation
|
|
*
|
|
* Copyright (c) 2001-3 Patrick Mochel
|
|
* Copyright (c) 2007 SUSE Linux Products GmbH
|
|
* Copyright (c) 2007 Tejun Heo <teheo@suse.de>
|
|
*
|
|
* This file is released under the GPLv2.
|
|
*
|
|
* Please see Documentation/filesystems/sysfs.txt for more information.
|
|
*/
|
|
|
|
#include <linux/module.h>
|
|
#include <linux/kobject.h>
|
|
#include <linux/kallsyms.h>
|
|
#include <linux/slab.h>
|
|
#include <linux/list.h>
|
|
#include <linux/mutex.h>
|
|
#include <linux/seq_file.h>
|
|
|
|
#include "sysfs.h"
|
|
#include "../kernfs/kernfs-internal.h"
|
|
|
|
/*
|
|
* Determine ktype->sysfs_ops for the given kernfs_node. This function
|
|
* must be called while holding an active reference.
|
|
*/
|
|
static const struct sysfs_ops *sysfs_file_ops(struct kernfs_node *kn)
|
|
{
|
|
struct kobject *kobj = kn->parent->priv;
|
|
|
|
if (kn->flags & KERNFS_LOCKDEP)
|
|
lockdep_assert_held(kn);
|
|
return kobj->ktype ? kobj->ktype->sysfs_ops : NULL;
|
|
}
|
|
|
|
/*
|
|
* Reads on sysfs are handled through seq_file, which takes care of hairy
|
|
* details like buffering and seeking. The following function pipes
|
|
* sysfs_ops->show() result through seq_file.
|
|
*/
|
|
static int sysfs_kf_seq_show(struct seq_file *sf, void *v)
|
|
{
|
|
struct kernfs_open_file *of = sf->private;
|
|
struct kobject *kobj = of->kn->parent->priv;
|
|
const struct sysfs_ops *ops = sysfs_file_ops(of->kn);
|
|
ssize_t count;
|
|
char *buf;
|
|
|
|
/* acquire buffer and ensure that it's >= PAGE_SIZE and clear */
|
|
count = seq_get_buf(sf, &buf);
|
|
if (count < PAGE_SIZE) {
|
|
seq_commit(sf, -1);
|
|
return 0;
|
|
}
|
|
memset(buf, 0, PAGE_SIZE);
|
|
|
|
/*
|
|
* Invoke show(). Control may reach here via seq file lseek even
|
|
* if @ops->show() isn't implemented.
|
|
*/
|
|
if (ops->show) {
|
|
count = ops->show(kobj, of->kn->priv, buf);
|
|
if (count < 0)
|
|
return count;
|
|
}
|
|
|
|
/*
|
|
* The code works fine with PAGE_SIZE return but it's likely to
|
|
* indicate truncated result or overflow in normal use cases.
|
|
*/
|
|
if (count >= (ssize_t)PAGE_SIZE) {
|
|
print_symbol("fill_read_buffer: %s returned bad count\n",
|
|
(unsigned long)ops->show);
|
|
/* Try to struggle along */
|
|
count = PAGE_SIZE - 1;
|
|
}
|
|
seq_commit(sf, count);
|
|
return 0;
|
|
}
|
|
|
|
static ssize_t sysfs_kf_bin_read(struct kernfs_open_file *of, char *buf,
|
|
size_t count, loff_t pos)
|
|
{
|
|
struct bin_attribute *battr = of->kn->priv;
|
|
struct kobject *kobj = of->kn->parent->priv;
|
|
loff_t size = file_inode(of->file)->i_size;
|
|
|
|
if (!count)
|
|
return 0;
|
|
|
|
if (size) {
|
|
if (pos >= size)
|
|
return 0;
|
|
if (pos + count > size)
|
|
count = size - pos;
|
|
}
|
|
|
|
if (!battr->read)
|
|
return -EIO;
|
|
|
|
return battr->read(of->file, kobj, battr, buf, pos, count);
|
|
}
|
|
|
|
/* kernfs read callback for regular sysfs files with pre-alloc */
|
|
static ssize_t sysfs_kf_read(struct kernfs_open_file *of, char *buf,
|
|
size_t count, loff_t pos)
|
|
{
|
|
const struct sysfs_ops *ops = sysfs_file_ops(of->kn);
|
|
struct kobject *kobj = of->kn->parent->priv;
|
|
ssize_t len;
|
|
|
|
/*
|
|
* If buf != of->prealloc_buf, we don't know how
|
|
* large it is, so cannot safely pass it to ->show
|
|
*/
|
|
if (WARN_ON_ONCE(buf != of->prealloc_buf))
|
|
return 0;
|
|
len = ops->show(kobj, of->kn->priv, buf);
|
|
if (len < 0)
|
|
return len;
|
|
if (pos) {
|
|
if (len <= pos)
|
|
return 0;
|
|
len -= pos;
|
|
memmove(buf, buf + pos, len);
|
|
}
|
|
return min_t(ssize_t, count, len);
|
|
}
|
|
|
|
/* kernfs write callback for regular sysfs files */
|
|
static ssize_t sysfs_kf_write(struct kernfs_open_file *of, char *buf,
|
|
size_t count, loff_t pos)
|
|
{
|
|
const struct sysfs_ops *ops = sysfs_file_ops(of->kn);
|
|
struct kobject *kobj = of->kn->parent->priv;
|
|
|
|
if (!count)
|
|
return 0;
|
|
|
|
return ops->store(kobj, of->kn->priv, buf, count);
|
|
}
|
|
|
|
/* kernfs write callback for bin sysfs files */
|
|
static ssize_t sysfs_kf_bin_write(struct kernfs_open_file *of, char *buf,
|
|
size_t count, loff_t pos)
|
|
{
|
|
struct bin_attribute *battr = of->kn->priv;
|
|
struct kobject *kobj = of->kn->parent->priv;
|
|
loff_t size = file_inode(of->file)->i_size;
|
|
|
|
if (size) {
|
|
if (size <= pos)
|
|
return -EFBIG;
|
|
count = min_t(ssize_t, count, size - pos);
|
|
}
|
|
if (!count)
|
|
return 0;
|
|
|
|
if (!battr->write)
|
|
return -EIO;
|
|
|
|
return battr->write(of->file, kobj, battr, buf, pos, count);
|
|
}
|
|
|
|
static int sysfs_kf_bin_mmap(struct kernfs_open_file *of,
|
|
struct vm_area_struct *vma)
|
|
{
|
|
struct bin_attribute *battr = of->kn->priv;
|
|
struct kobject *kobj = of->kn->parent->priv;
|
|
|
|
return battr->mmap(of->file, kobj, battr, vma);
|
|
}
|
|
|
|
void sysfs_notify(struct kobject *kobj, const char *dir, const char *attr)
|
|
{
|
|
struct kernfs_node *kn = kobj->sd, *tmp;
|
|
|
|
if (kn && dir)
|
|
kn = kernfs_find_and_get(kn, dir);
|
|
else
|
|
kernfs_get(kn);
|
|
|
|
if (kn && attr) {
|
|
tmp = kernfs_find_and_get(kn, attr);
|
|
kernfs_put(kn);
|
|
kn = tmp;
|
|
}
|
|
|
|
if (kn) {
|
|
kernfs_notify(kn);
|
|
kernfs_put(kn);
|
|
}
|
|
}
|
|
EXPORT_SYMBOL_GPL(sysfs_notify);
|
|
|
|
static const struct kernfs_ops sysfs_file_kfops_empty = {
|
|
};
|
|
|
|
static const struct kernfs_ops sysfs_file_kfops_ro = {
|
|
.seq_show = sysfs_kf_seq_show,
|
|
};
|
|
|
|
static const struct kernfs_ops sysfs_file_kfops_wo = {
|
|
.write = sysfs_kf_write,
|
|
};
|
|
|
|
static const struct kernfs_ops sysfs_file_kfops_rw = {
|
|
.seq_show = sysfs_kf_seq_show,
|
|
.write = sysfs_kf_write,
|
|
};
|
|
|
|
static const struct kernfs_ops sysfs_prealloc_kfops_ro = {
|
|
.read = sysfs_kf_read,
|
|
.prealloc = true,
|
|
};
|
|
|
|
static const struct kernfs_ops sysfs_prealloc_kfops_wo = {
|
|
.write = sysfs_kf_write,
|
|
.prealloc = true,
|
|
};
|
|
|
|
static const struct kernfs_ops sysfs_prealloc_kfops_rw = {
|
|
.read = sysfs_kf_read,
|
|
.write = sysfs_kf_write,
|
|
.prealloc = true,
|
|
};
|
|
|
|
static const struct kernfs_ops sysfs_bin_kfops_ro = {
|
|
.read = sysfs_kf_bin_read,
|
|
};
|
|
|
|
static const struct kernfs_ops sysfs_bin_kfops_wo = {
|
|
.write = sysfs_kf_bin_write,
|
|
};
|
|
|
|
static const struct kernfs_ops sysfs_bin_kfops_rw = {
|
|
.read = sysfs_kf_bin_read,
|
|
.write = sysfs_kf_bin_write,
|
|
};
|
|
|
|
static const struct kernfs_ops sysfs_bin_kfops_mmap = {
|
|
.read = sysfs_kf_bin_read,
|
|
.write = sysfs_kf_bin_write,
|
|
.mmap = sysfs_kf_bin_mmap,
|
|
};
|
|
|
|
int sysfs_add_file_mode_ns(struct kernfs_node *parent,
|
|
const struct attribute *attr, bool is_bin,
|
|
umode_t mode, const void *ns)
|
|
{
|
|
struct lock_class_key *key = NULL;
|
|
const struct kernfs_ops *ops;
|
|
struct kernfs_node *kn;
|
|
loff_t size;
|
|
|
|
if (!is_bin) {
|
|
struct kobject *kobj = parent->priv;
|
|
const struct sysfs_ops *sysfs_ops = kobj->ktype->sysfs_ops;
|
|
|
|
/* every kobject with an attribute needs a ktype assigned */
|
|
if (WARN(!sysfs_ops, KERN_ERR
|
|
"missing sysfs attribute operations for kobject: %s\n",
|
|
kobject_name(kobj)))
|
|
return -EINVAL;
|
|
|
|
if (sysfs_ops->show && sysfs_ops->store) {
|
|
if (mode & SYSFS_PREALLOC)
|
|
ops = &sysfs_prealloc_kfops_rw;
|
|
else
|
|
ops = &sysfs_file_kfops_rw;
|
|
} else if (sysfs_ops->show) {
|
|
if (mode & SYSFS_PREALLOC)
|
|
ops = &sysfs_prealloc_kfops_ro;
|
|
else
|
|
ops = &sysfs_file_kfops_ro;
|
|
} else if (sysfs_ops->store) {
|
|
if (mode & SYSFS_PREALLOC)
|
|
ops = &sysfs_prealloc_kfops_wo;
|
|
else
|
|
ops = &sysfs_file_kfops_wo;
|
|
} else
|
|
ops = &sysfs_file_kfops_empty;
|
|
|
|
size = PAGE_SIZE;
|
|
} else {
|
|
struct bin_attribute *battr = (void *)attr;
|
|
|
|
if (battr->mmap)
|
|
ops = &sysfs_bin_kfops_mmap;
|
|
else if (battr->read && battr->write)
|
|
ops = &sysfs_bin_kfops_rw;
|
|
else if (battr->read)
|
|
ops = &sysfs_bin_kfops_ro;
|
|
else if (battr->write)
|
|
ops = &sysfs_bin_kfops_wo;
|
|
else
|
|
ops = &sysfs_file_kfops_empty;
|
|
|
|
size = battr->size;
|
|
}
|
|
|
|
#ifdef CONFIG_DEBUG_LOCK_ALLOC
|
|
if (!attr->ignore_lockdep)
|
|
key = attr->key ?: (struct lock_class_key *)&attr->skey;
|
|
#endif
|
|
kn = __kernfs_create_file(parent, attr->name, mode & 0777, size, ops,
|
|
(void *)attr, ns, key);
|
|
if (IS_ERR(kn)) {
|
|
if (PTR_ERR(kn) == -EEXIST)
|
|
sysfs_warn_dup(parent, attr->name);
|
|
return PTR_ERR(kn);
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
int sysfs_add_file(struct kernfs_node *parent, const struct attribute *attr,
|
|
bool is_bin)
|
|
{
|
|
return sysfs_add_file_mode_ns(parent, attr, is_bin, attr->mode, NULL);
|
|
}
|
|
|
|
/**
|
|
* sysfs_create_file_ns - create an attribute file for an object with custom ns
|
|
* @kobj: object we're creating for
|
|
* @attr: attribute descriptor
|
|
* @ns: namespace the new file should belong to
|
|
*/
|
|
int sysfs_create_file_ns(struct kobject *kobj, const struct attribute *attr,
|
|
const void *ns)
|
|
{
|
|
BUG_ON(!kobj || !kobj->sd || !attr);
|
|
|
|
return sysfs_add_file_mode_ns(kobj->sd, attr, false, attr->mode, ns);
|
|
|
|
}
|
|
EXPORT_SYMBOL_GPL(sysfs_create_file_ns);
|
|
|
|
int sysfs_create_files(struct kobject *kobj, const struct attribute **ptr)
|
|
{
|
|
int err = 0;
|
|
int i;
|
|
|
|
for (i = 0; ptr[i] && !err; i++)
|
|
err = sysfs_create_file(kobj, ptr[i]);
|
|
if (err)
|
|
while (--i >= 0)
|
|
sysfs_remove_file(kobj, ptr[i]);
|
|
return err;
|
|
}
|
|
EXPORT_SYMBOL_GPL(sysfs_create_files);
|
|
|
|
/**
|
|
* sysfs_add_file_to_group - add an attribute file to a pre-existing group.
|
|
* @kobj: object we're acting for.
|
|
* @attr: attribute descriptor.
|
|
* @group: group name.
|
|
*/
|
|
int sysfs_add_file_to_group(struct kobject *kobj,
|
|
const struct attribute *attr, const char *group)
|
|
{
|
|
struct kernfs_node *parent;
|
|
int error;
|
|
|
|
if (group) {
|
|
parent = kernfs_find_and_get(kobj->sd, group);
|
|
} else {
|
|
parent = kobj->sd;
|
|
kernfs_get(parent);
|
|
}
|
|
|
|
if (!parent)
|
|
return -ENOENT;
|
|
|
|
error = sysfs_add_file(parent, attr, false);
|
|
kernfs_put(parent);
|
|
|
|
return error;
|
|
}
|
|
EXPORT_SYMBOL_GPL(sysfs_add_file_to_group);
|
|
|
|
/**
|
|
* sysfs_chmod_file - update the modified mode value on an object attribute.
|
|
* @kobj: object we're acting for.
|
|
* @attr: attribute descriptor.
|
|
* @mode: file permissions.
|
|
*
|
|
*/
|
|
int sysfs_chmod_file(struct kobject *kobj, const struct attribute *attr,
|
|
umode_t mode)
|
|
{
|
|
struct kernfs_node *kn;
|
|
struct iattr newattrs;
|
|
int rc;
|
|
|
|
kn = kernfs_find_and_get(kobj->sd, attr->name);
|
|
if (!kn)
|
|
return -ENOENT;
|
|
|
|
newattrs.ia_mode = (mode & S_IALLUGO) | (kn->mode & ~S_IALLUGO);
|
|
newattrs.ia_valid = ATTR_MODE;
|
|
|
|
rc = kernfs_setattr(kn, &newattrs);
|
|
|
|
kernfs_put(kn);
|
|
return rc;
|
|
}
|
|
EXPORT_SYMBOL_GPL(sysfs_chmod_file);
|
|
|
|
/**
|
|
* sysfs_remove_file_ns - remove an object attribute with a custom ns tag
|
|
* @kobj: object we're acting for
|
|
* @attr: attribute descriptor
|
|
* @ns: namespace tag of the file to remove
|
|
*
|
|
* Hash the attribute name and namespace tag and kill the victim.
|
|
*/
|
|
void sysfs_remove_file_ns(struct kobject *kobj, const struct attribute *attr,
|
|
const void *ns)
|
|
{
|
|
struct kernfs_node *parent = kobj->sd;
|
|
|
|
kernfs_remove_by_name_ns(parent, attr->name, ns);
|
|
}
|
|
EXPORT_SYMBOL_GPL(sysfs_remove_file_ns);
|
|
|
|
/**
|
|
* sysfs_remove_file_self - remove an object attribute from its own method
|
|
* @kobj: object we're acting for
|
|
* @attr: attribute descriptor
|
|
*
|
|
* See kernfs_remove_self() for details.
|
|
*/
|
|
bool sysfs_remove_file_self(struct kobject *kobj, const struct attribute *attr)
|
|
{
|
|
struct kernfs_node *parent = kobj->sd;
|
|
struct kernfs_node *kn;
|
|
bool ret;
|
|
|
|
kn = kernfs_find_and_get(parent, attr->name);
|
|
if (WARN_ON_ONCE(!kn))
|
|
return false;
|
|
|
|
ret = kernfs_remove_self(kn);
|
|
|
|
kernfs_put(kn);
|
|
return ret;
|
|
}
|
|
|
|
void sysfs_remove_files(struct kobject *kobj, const struct attribute **ptr)
|
|
{
|
|
int i;
|
|
for (i = 0; ptr[i]; i++)
|
|
sysfs_remove_file(kobj, ptr[i]);
|
|
}
|
|
EXPORT_SYMBOL_GPL(sysfs_remove_files);
|
|
|
|
/**
|
|
* sysfs_remove_file_from_group - remove an attribute file from a group.
|
|
* @kobj: object we're acting for.
|
|
* @attr: attribute descriptor.
|
|
* @group: group name.
|
|
*/
|
|
void sysfs_remove_file_from_group(struct kobject *kobj,
|
|
const struct attribute *attr, const char *group)
|
|
{
|
|
struct kernfs_node *parent;
|
|
|
|
if (group) {
|
|
parent = kernfs_find_and_get(kobj->sd, group);
|
|
} else {
|
|
parent = kobj->sd;
|
|
kernfs_get(parent);
|
|
}
|
|
|
|
if (parent) {
|
|
kernfs_remove_by_name(parent, attr->name);
|
|
kernfs_put(parent);
|
|
}
|
|
}
|
|
EXPORT_SYMBOL_GPL(sysfs_remove_file_from_group);
|
|
|
|
/**
|
|
* sysfs_create_bin_file - create binary file for object.
|
|
* @kobj: object.
|
|
* @attr: attribute descriptor.
|
|
*/
|
|
int sysfs_create_bin_file(struct kobject *kobj,
|
|
const struct bin_attribute *attr)
|
|
{
|
|
BUG_ON(!kobj || !kobj->sd || !attr);
|
|
|
|
return sysfs_add_file(kobj->sd, &attr->attr, true);
|
|
}
|
|
EXPORT_SYMBOL_GPL(sysfs_create_bin_file);
|
|
|
|
/**
|
|
* sysfs_remove_bin_file - remove binary file for object.
|
|
* @kobj: object.
|
|
* @attr: attribute descriptor.
|
|
*/
|
|
void sysfs_remove_bin_file(struct kobject *kobj,
|
|
const struct bin_attribute *attr)
|
|
{
|
|
kernfs_remove_by_name(kobj->sd, attr->attr.name);
|
|
}
|
|
EXPORT_SYMBOL_GPL(sysfs_remove_bin_file);
|