ACK: [SRU][PATCH 1/1][C, D, u] UBUNTU: SAUCE: debugfs: avoid EPERM when no open file operation defined

Tyler Hicks tyhicks at canonical.com
Wed Jan 9 21:09:18 UTC 2019 

On 2019-01-09 12:52:35, Kamal Mostafa wrote:
> From: Vasily Gorbik <gor at linux.ibm.com>
> 
> BugLink: https://bugs.launchpad.net/bugs/1807686
> 
> With "debugfs: Restrict debugfs when the kernel is locked down"
> return code "r" is unconditionally set to -EPERM, which stays like that
> until function return if no "open" file operation defined, effectivelly
> resulting in "Operation not permitted" for all such files despite kernel
> lock down status or CONFIG_LOCK_DOWN_KERNEL being enabled.
> 
> In particular this breaks 2 debugfs files on s390:
> /sys/kernel/debug/s390_hypfs/diag_304
> /sys/kernel/debug/s390_hypfs/diag_204
> 
> To address that set EPERM return code only when debugfs_is_locked_down
> returns true.
> 
> Fixes: 3fc322605158 ("debugfs: Restrict debugfs when the kernel is locked down")
> Signed-off-by: Vasily Gorbik <gor at linux.ibm.com>
> Reference: https://lore.kernel.org/patchwork/patch/1015495/
> Fixes: a1ba65da9cea ("UBUNTU: SAUCE: (efi-lockdown) debugfs: Restrict debugfs when the kernel is locked down")
> Signed-off-by: Kamal Mostafa <kamal at canonical.com>

Acked-by: Tyler Hicks <tyhicks at canonical.com>

Tyler

> ---
>  fs/debugfs/file.c | 10 ++++++----
>  1 file changed, 6 insertions(+), 4 deletions(-)
> 
> diff --git a/fs/debugfs/file.c b/fs/debugfs/file.c
> index c33042c1eff3..3a5033ff9ec7 100644
> --- a/fs/debugfs/file.c
> +++ b/fs/debugfs/file.c
> @@ -167,9 +167,10 @@ static int open_proxy_open(struct inode *inode, struct file *filp)
>  
>  	real_fops = debugfs_real_fops(filp);
>  
> -	r = -EPERM;
> -	if (debugfs_is_locked_down(inode, filp, real_fops))
> +	if (debugfs_is_locked_down(inode, filp, real_fops)) {
> +		r = -EPERM;
>  		goto out;
> +	}
>  
>  	real_fops = fops_get(real_fops);
>  	if (!real_fops) {
> @@ -296,9 +297,10 @@ static int full_proxy_open(struct inode *inode, struct file *filp)
>  		return r == -EIO ? -ENOENT : r;
>  
>  	real_fops = debugfs_real_fops(filp);
> -	r = -EPERM;
> -	if (debugfs_is_locked_down(inode, filp, real_fops))
> +	if (debugfs_is_locked_down(inode, filp, real_fops)) {
> +		r = -EPERM;
>  		goto out;
> +	}
>  
>  	real_fops = fops_get(real_fops);
>  	if (!real_fops) {
> -- 
> 2.17.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

More information about the kernel-team mailing list