Message ID | 20230523074535.249802-22-hch@lst.de (mailing list archive) |
---|---|
State | Handled Elsewhere, archived |
Headers | show |
Series | [01/24] driver core: return bool from driver_probe_done | expand |
On Tue, May 23, 2023 at 9:46 AM Christoph Hellwig <hch@lst.de> wrote: > > resume_store is a sysfs attribute written during normal kernel runtime, > and it should not use the early_lookup_bdev API that bypasses all normal > path based permission checking, and might cause problems with certain > container environments renaming devices. > > Switch to lookup_bdev, which does a normal path lookup instead, and fall > back to trying to parse a numeric dev_t just like early_lookup_bdev did. > > Note that this strictly speaking changes the kernel ABI as the PARTUUID= > and PARTLABEL= style syntax is now not available during a running > systems. They never were intended for that, but this breaks things > we'll have to figure out a way to make them available again. But if > avoidable in any way I'd rather avoid that. > > Signed-off-by: Christoph Hellwig <hch@lst.de> > Fixes: 421a5fa1a6cf ("PM / hibernate: use name_to_dev_t to parse resume") Acked-by: Rafael J. Wysocki <rafael@kernel.org> > --- > kernel/power/hibernate.c | 18 +++++++++++++++++- > 1 file changed, 17 insertions(+), 1 deletion(-) > > diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c > index c52dedb9f7c8e8..7ae95ec72f9902 100644 > --- a/kernel/power/hibernate.c > +++ b/kernel/power/hibernate.c > @@ -1178,7 +1178,23 @@ static ssize_t resume_store(struct kobject *kobj, struct kobj_attribute *attr, > if (!name) > return -ENOMEM; > > - error = early_lookup_bdev(name, &dev); > + error = lookup_bdev(name, &dev); > + if (error) { > + unsigned maj, min, offset; > + char *p, dummy; > + > + if (sscanf(name, "%u:%u%c", &maj, &min, &dummy) == 2 || > + sscanf(name, "%u:%u:%u:%c", &maj, &min, &offset, > + &dummy) == 3) { > + dev = MKDEV(maj, min); > + if (maj != MAJOR(dev) || min != MINOR(dev)) > + error = -EINVAL; > + } else { > + dev = new_decode_dev(simple_strtoul(name, &p, 16)); > + if (*p) > + error = -EINVAL; > + } > + } > kfree(name); > if (error) > return error; > -- > 2.39.2 >
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c index c52dedb9f7c8e8..7ae95ec72f9902 100644 --- a/kernel/power/hibernate.c +++ b/kernel/power/hibernate.c @@ -1178,7 +1178,23 @@ static ssize_t resume_store(struct kobject *kobj, struct kobj_attribute *attr, if (!name) return -ENOMEM; - error = early_lookup_bdev(name, &dev); + error = lookup_bdev(name, &dev); + if (error) { + unsigned maj, min, offset; + char *p, dummy; + + if (sscanf(name, "%u:%u%c", &maj, &min, &dummy) == 2 || + sscanf(name, "%u:%u:%u:%c", &maj, &min, &offset, + &dummy) == 3) { + dev = MKDEV(maj, min); + if (maj != MAJOR(dev) || min != MINOR(dev)) + error = -EINVAL; + } else { + dev = new_decode_dev(simple_strtoul(name, &p, 16)); + if (*p) + error = -EINVAL; + } + } kfree(name); if (error) return error;
resume_store is a sysfs attribute written during normal kernel runtime, and it should not use the early_lookup_bdev API that bypasses all normal path based permission checking, and might cause problems with certain container environments renaming devices. Switch to lookup_bdev, which does a normal path lookup instead, and fall back to trying to parse a numeric dev_t just like early_lookup_bdev did. Note that this strictly speaking changes the kernel ABI as the PARTUUID= and PARTLABEL= style syntax is now not available during a running systems. They never were intended for that, but this breaks things we'll have to figure out a way to make them available again. But if avoidable in any way I'd rather avoid that. Signed-off-by: Christoph Hellwig <hch@lst.de> Fixes: 421a5fa1a6cf ("PM / hibernate: use name_to_dev_t to parse resume") --- kernel/power/hibernate.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-)