[PATCH] Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()"
Tim Gardner
tim.gardner at canonical.com
Fri Mar 12 17:55:22 UTC 2021
To whomever applies this patch, it looks like the CVE number got
truncated. It should be CVE-2020-10781.
On 3/12/21 10:32 AM, Tim Gardner wrote:
> From: Wade Mealing <wmealing at redhat.com>
>
> CVE-020-10781
>
> Turns out that the permissions for 0400 really are what we want here,
> otherwise any user can read from this file.
>
> [fixed formatting, added changelog, and made attribute static - gregkh]
>
> Reported-by: Wade Mealing <wmealing at redhat.com>
> Cc: stable <stable at vger.kernel.org>
> Fixes: f40609d1591f ("zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()")
> Link: https://bugzilla.redhat.com/show_bug.cgi?id=1847832
> Reviewed-by: Steffen Maier <maier at linux.ibm.com>
> Acked-by: Minchan Kim <minchan at kernel.org>
> Link: https://lore.kernel.org/r/20200617114946.GA2131650@kroah.com
> Signed-off-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
> (cherry picked from commit 853eab68afc80f59f36bbdeb715e5c88c501e680)
> Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
> ---
> drivers/block/zram/zram_drv.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/block/zram/zram_drv.c b/drivers/block/zram/zram_drv.c
> index 1bdb5793842b..a928c97b0467 100644
> --- a/drivers/block/zram/zram_drv.c
> +++ b/drivers/block/zram/zram_drv.c
> @@ -2026,7 +2026,8 @@ static ssize_t hot_add_show(struct class *class,
> return ret;
> return scnprintf(buf, PAGE_SIZE, "%d\n", ret);
> }
> -static CLASS_ATTR_RO(hot_add);
> +static struct class_attribute class_attr_hot_add =
> + __ATTR(hot_add, 0400, hot_add_show, NULL);
>
> static ssize_t hot_remove_store(struct class *class,
> struct class_attribute *attr,
>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list