From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 11 Dec 2019 08:56:18 +0000 (+0100)
Subject: 4.4-stable patches
X-Git-Tag: v5.4.3~29
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=52ae2fc33baf05eb4da5468f7fa1b26998fc49dc;p=thirdparty%2Fkernel%2Fstable-queue.git

4.4-stable patches

added patches:
	rdma-qib-validate-show-store-callbacks-before-calling-them.patch
---

diff --git a/queue-4.4/rdma-qib-validate-show-store-callbacks-before-calling-them.patch b/queue-4.4/rdma-qib-validate-show-store-callbacks-before-calling-them.patch
new file mode 100644
index 00000000000..24a1abb1fe6
--- /dev/null
+++ b/queue-4.4/rdma-qib-validate-show-store-callbacks-before-calling-them.patch
@@ -0,0 +1,48 @@
+From 7ee23491b39259ae83899dd93b2a29ef0f22f0a7 Mon Sep 17 00:00:00 2001
+From: Viresh Kumar <viresh.kumar@linaro.org>
+Date: Thu, 7 Nov 2019 08:50:25 +0530
+Subject: RDMA/qib: Validate ->show()/store() callbacks before calling them
+
+From: Viresh Kumar <viresh.kumar@linaro.org>
+
+commit 7ee23491b39259ae83899dd93b2a29ef0f22f0a7 upstream.
+
+The permissions of the read-only or write-only sysfs files can be
+changed (as root) and the user can then try to read a write-only file or
+write to a read-only file which will lead to kernel crash here.
+
+Protect against that by always validating the show/store callbacks.
+
+Link: https://lore.kernel.org/r/d45cc26361a174ae12dbb86c994ef334d257924b.1573096807.git.viresh.kumar@linaro.org
+Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/hw/qib/qib_sysfs.c |    6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/infiniband/hw/qib/qib_sysfs.c
++++ b/drivers/infiniband/hw/qib/qib_sysfs.c
+@@ -301,6 +301,9 @@ static ssize_t qib_portattr_show(struct
+ 	struct qib_pportdata *ppd =
+ 		container_of(kobj, struct qib_pportdata, pport_kobj);
+ 
++	if (!pattr->show)
++		return -EIO;
++
+ 	return pattr->show(ppd, buf);
+ }
+ 
+@@ -312,6 +315,9 @@ static ssize_t qib_portattr_store(struct
+ 	struct qib_pportdata *ppd =
+ 		container_of(kobj, struct qib_pportdata, pport_kobj);
+ 
++	if (!pattr->store)
++		return -EIO;
++
+ 	return pattr->store(ppd, buf, len);
+ }
+ 
diff --git a/queue-4.4/series b/queue-4.4/series
index e570631d4eb..7de344ee12b 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -66,3 +66,4 @@ kvm-x86-fix-presentation-of-tsx-feature-in-arch_capabilities.patch
 crypto-crypto4xx-fix-double-free-in-crypto4xx_destroy_sdr.patch
 crypto-user-fix-memory-leak-in-crypto_report.patch
 spi-atmel-fix-cs-high-support.patch
+rdma-qib-validate-show-store-callbacks-before-calling-them.patch