From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 11 Dec 2019 08:57:27 +0000 (+0100)
Subject: 5.3-stable patches
X-Git-Tag: v5.4.3~25
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=569aaea6d9eeb8617715f7ee19aa0e46e2e42c74;p=thirdparty%2Fkernel%2Fstable-queue.git

5.3-stable patches

added patches:
	rdma-qib-validate-show-store-callbacks-before-calling-them.patch
---

diff --git a/queue-5.3/rdma-qib-validate-show-store-callbacks-before-calling-them.patch b/queue-5.3/rdma-qib-validate-show-store-callbacks-before-calling-them.patch
new file mode 100644
index 00000000000..24a1abb1fe6
--- /dev/null
+++ b/queue-5.3/rdma-qib-validate-show-store-callbacks-before-calling-them.patch
@@ -0,0 +1,48 @@
+From 7ee23491b39259ae83899dd93b2a29ef0f22f0a7 Mon Sep 17 00:00:00 2001
+From: Viresh Kumar <viresh.kumar@linaro.org>
+Date: Thu, 7 Nov 2019 08:50:25 +0530
+Subject: RDMA/qib: Validate ->show()/store() callbacks before calling them
+
+From: Viresh Kumar <viresh.kumar@linaro.org>
+
+commit 7ee23491b39259ae83899dd93b2a29ef0f22f0a7 upstream.
+
+The permissions of the read-only or write-only sysfs files can be
+changed (as root) and the user can then try to read a write-only file or
+write to a read-only file which will lead to kernel crash here.
+
+Protect against that by always validating the show/store callbacks.
+
+Link: https://lore.kernel.org/r/d45cc26361a174ae12dbb86c994ef334d257924b.1573096807.git.viresh.kumar@linaro.org
+Signed-off-by: Viresh Kumar <viresh.kumar@linaro.org>
+Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/infiniband/hw/qib/qib_sysfs.c |    6 ++++++
+ 1 file changed, 6 insertions(+)
+
+--- a/drivers/infiniband/hw/qib/qib_sysfs.c
++++ b/drivers/infiniband/hw/qib/qib_sysfs.c
+@@ -301,6 +301,9 @@ static ssize_t qib_portattr_show(struct
+ 	struct qib_pportdata *ppd =
+ 		container_of(kobj, struct qib_pportdata, pport_kobj);
+ 
++	if (!pattr->show)
++		return -EIO;
++
+ 	return pattr->show(ppd, buf);
+ }
+ 
+@@ -312,6 +315,9 @@ static ssize_t qib_portattr_store(struct
+ 	struct qib_pportdata *ppd =
+ 		container_of(kobj, struct qib_pportdata, pport_kobj);
+ 
++	if (!pattr->store)
++		return -EIO;
++
+ 	return pattr->store(ppd, buf, len);
+ }
+ 
diff --git a/queue-5.3/series b/queue-5.3/series
index fbb53ffcb3e..8e2e1c4429c 100644
--- a/queue-5.3/series
+++ b/queue-5.3/series
@@ -96,3 +96,4 @@ spi-atmel-fix-cs-high-support.patch
 spi-fix-spi_cs_high-setting-when-using-native-and-gpio-cs.patch
 spi-fix-null-pointer-when-setting-spi_cs_high-for-gpio-cs.patch
 can-ucan-fix-non-atomic-allocation-in-completion-handler.patch
+rdma-qib-validate-show-store-callbacks-before-calling-them.patch