--- /dev/null
+From 7ee23491b39259ae83899dd93b2a29ef0f22f0a7 Mon Sep 17 00:00:00 2001
+From: Viresh Kumar <viresh.kumar@linaro.org>
+Date: Thu, 7 Nov 2019 08:50:25 +0530
+Subject: RDMA/qib: Validate ->show()/store() callbacks before calling them
+
+From: Viresh Kumar <viresh.kumar@linaro.org>
+
+commit 7ee23491b39259ae83899dd93b2a29ef0f22f0a7 upstream.
+
+The permissions of the read-only or write-only sysfs files can be
+changed (as root) and the user can then try to read a write-only file or
+write to a read-only file which will lead to kernel crash here.
+
+Protect against that by always validating the show/store callbacks.
+
+Link: https://lore.kernel.org/r/d45cc26361a174ae12dbb86c994ef334d257924b.1573096807.git.viresh.kumar@linaro.org
+Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/hw/qib/qib_sysfs.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/infiniband/hw/qib/qib_sysfs.c
++++ b/drivers/infiniband/hw/qib/qib_sysfs.c
+@@ -301,6 +301,9 @@ static ssize_t qib_portattr_show(struct
+ struct qib_pportdata *ppd =
+ container_of(kobj, struct qib_pportdata, pport_kobj);
+
++ if (!pattr->show)
++ return -EIO;
++
+ return pattr->show(ppd, buf);
+ }
+
+@@ -312,6 +315,9 @@ static ssize_t qib_portattr_store(struct
+ struct qib_pportdata *ppd =
+ container_of(kobj, struct qib_pportdata, pport_kobj);
+
++ if (!pattr->store)
++ return -EIO;
++
+ return pattr->store(ppd, buf, len);
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
