From 348a4c7c27fd737f0d311abb50ffff3776b9cea1 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 11 Dec 2019 09:57:11 +0100
Subject: [PATCH] 4.19-stable patches

added patches:
	rdma-qib-validate-show-store-callbacks-before-calling-them.patch
---
 ...-store-callbacks-before-calling-them.patch | 48 +++++++++++++++++++
 queue-4.19/series                             |  1 +
 2 files changed, 49 insertions(+)
 create mode 100644 queue-4.19/rdma-qib-validate-show-store-callbacks-before-calling-them.patch

diff --git a/queue-4.19/rdma-qib-validate-show-store-callbacks-before-calling-them.patch b/queue-4.19/rdma-qib-validate-show-store-callbacks-before-calling-them.patch
new file mode 100644
index 00000000000..24a1abb1fe6
--- /dev/null
+++ b/queue-4.19/rdma-qib-validate-show-store-callbacks-before-calling-them.patch
@@ -0,0 +1,48 @@
+From 7ee23491b39259ae83899dd93b2a29ef0f22f0a7 Mon Sep 17 00:00:00 2001
+From: Viresh Kumar <viresh.kumar@linaro.org>
+Date: Thu, 7 Nov 2019 08:50:25 +0530
+Subject: RDMA/qib: Validate ->show()/store() callbacks before calling them
+
+From: Viresh Kumar <viresh.kumar@linaro.org>
+
+commit 7ee23491b39259ae83899dd93b2a29ef0f22f0a7 upstream.
+
+The permissions of the read-only or write-only sysfs files can be
+changed (as root) and the user can then try to read a write-only file or
+write to a read-only file which will lead to kernel crash here.
+
+Protect against that by always validating the show/store callbacks.
+
+Link: https://lore.kernel.org/r/d45cc26361a174ae12dbb86c994ef334d257924b.1573096807.git.viresh.kumar@linaro.org
+Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/hw/qib/qib_sysfs.c |    6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/infiniband/hw/qib/qib_sysfs.c
++++ b/drivers/infiniband/hw/qib/qib_sysfs.c
+@@ -301,6 +301,9 @@ static ssize_t qib_portattr_show(struct
+ 	struct qib_pportdata *ppd =
+ 		container_of(kobj, struct qib_pportdata, pport_kobj);
+ 
++	if (!pattr->show)
++		return -EIO;
++
+ 	return pattr->show(ppd, buf);
+ }
+ 
+@@ -312,6 +315,9 @@ static ssize_t qib_portattr_store(struct
+ 	struct qib_pportdata *ppd =
+ 		container_of(kobj, struct qib_pportdata, pport_kobj);
+ 
++	if (!pattr->store)
++		return -EIO;
++
+ 	return pattr->store(ppd, buf, len);
+ }
+ 
diff --git a/queue-4.19/series b/queue-4.19/series
index d96f03ac353..d279b64b101 100644
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -240,3 +240,4 @@ crypto-user-fix-memory-leak-in-crypto_report.patch
 spi-atmel-fix-cs-high-support.patch
 mwifiex-update-set_mac_address-logic.patch
 can-ucan-fix-non-atomic-allocation-in-completion-handler.patch
+rdma-qib-validate-show-store-callbacks-before-calling-them.patch
-- 
2.47.3