tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al

Check pde->proc_ops->proc_lseek directly may cause UAF in rmmod scenario.
It's a gap in proc_reg_open() after commit 654b33ada4ab("proc: fix UAF in
proc_get_inode()"). Followed by AI Viro's suggestion, fix it in same
manner.

Link: https://lkml.kernel.org/r/20250607021353.1127963-1-wangzijie1@honor.com
Fixes: 3f61631d47f1 ("take care to handle NULL ->proc_lseek()")
Signed-off-by: wangzijie <wangzijie1@honor.com>
Reviewed-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
Cc: Kirill A. Shuemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>

authored by

wangzijie and committed by
Andrew Morton ff7ec8dc a6fde7ad

+9 -1
+2
fs/proc/generic.c
··· 569 569 if (pde->proc_ops->proc_compat_ioctl) 570 570 pde->flags |= PROC_ENTRY_proc_compat_ioctl; 571 571 #endif 572 + if (pde->proc_ops->proc_lseek) 573 + pde->flags |= PROC_ENTRY_proc_lseek; 572 574 } 573 575 574 576 struct proc_dir_entry *proc_create_data(const char *name, umode_t mode,
+1 -1
fs/proc/inode.c
··· 473 473 typeof_member(struct proc_ops, proc_open) open; 474 474 struct pde_opener *pdeo; 475 475 476 - if (!pde->proc_ops->proc_lseek) 476 + if (!pde_has_proc_lseek(pde)) 477 477 file->f_mode &= ~FMODE_LSEEK; 478 478 479 479 if (pde_is_permanent(pde)) {
+5
fs/proc/internal.h
··· 99 99 #endif 100 100 } 101 101 102 + static inline bool pde_has_proc_lseek(const struct proc_dir_entry *pde) 103 + { 104 + return pde->flags & PROC_ENTRY_proc_lseek; 105 + } 106 + 102 107 extern struct kmem_cache *proc_dir_entry_cache; 103 108 void pde_free(struct proc_dir_entry *pde); 104 109
+1
include/linux/proc_fs.h
··· 27 27 28 28 PROC_ENTRY_proc_read_iter = 1U << 1, 29 29 PROC_ENTRY_proc_compat_ioctl = 1U << 2, 30 + PROC_ENTRY_proc_lseek = 1U << 3, 30 31 }; 31 32 32 33 struct proc_ops {