ACPI: Split out custom_method functionality into an own driver
With /sys/kernel/debug/acpi/custom_method root can write to arbitrary memory and increase his priveleges, even if these are restricted. -> Make this an own debug .config option and warn about the security issue in the config description. -> Still keep acpi/debugfs.c which now only creates an empty /sys/kernel/debug/acpi directory. There might be other users of it later. Signed-off-by: Thomas Renninger <trenn@suse.de> Acked-by: Rafael J. Wysocki <rjw@sisk.pl> Acked-by: rui.zhang@intel.com Signed-off-by: Len Brown <len.brown@intel.com>
This commit is contained in:
Thomas Renninger
committed by
Len Brown
Len Brown
parent
aecad432fd
commit
526b4af47f
@ -3,9 +3,6 @@
|
||||
*/
|
||||
|
||||
#include <linux/init.h>
|
||||
#include <linux/module.h>
|
||||
#include <linux/kernel.h>
|
||||
#include <linux/uaccess.h>
|
||||
#include <linux/debugfs.h>
|
||||
#include <acpi/acpi_drivers.h>
|
||||
|
||||
@ -13,84 +10,9 @@
|
||||
ACPI_MODULE_NAME("debugfs");
|
||||
|
||||
struct dentry *acpi_debugfs_dir;
|
||||
static struct dentry *cm_dentry;
|
||||
|
||||
/* /sys/kernel/debug/acpi/custom_method */
|
||||
|
||||
static ssize_t cm_write(struct file *file, const char __user * user_buf,
|
||||
size_t count, loff_t *ppos)
|
||||
{
|
||||
static char *buf;
|
||||
static u32 max_size;
|
||||
static u32 uncopied_bytes;
|
||||
|
||||
struct acpi_table_header table;
|
||||
acpi_status status;
|
||||
|
||||
if (!(*ppos)) {
|
||||
/* parse the table header to get the table length */
|
||||
if (count <= sizeof(struct acpi_table_header))
|
||||
return -EINVAL;
|
||||
if (copy_from_user(&table, user_buf,
|
||||
sizeof(struct acpi_table_header)))
|
||||
return -EFAULT;
|
||||
uncopied_bytes = max_size = table.length;
|
||||
buf = kzalloc(max_size, GFP_KERNEL);
|
||||
if (!buf)
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
if (buf == NULL)
|
||||
return -EINVAL;
|
||||
|
||||
if ((*ppos > max_size) ||
|
||||
(*ppos + count > max_size) ||
|
||||
(*ppos + count < count) ||
|
||||
(count > uncopied_bytes))
|
||||
return -EINVAL;
|
||||
|
||||
if (copy_from_user(buf + (*ppos), user_buf, count)) {
|
||||
kfree(buf);
|
||||
buf = NULL;
|
||||
return -EFAULT;
|
||||
}
|
||||
|
||||
uncopied_bytes -= count;
|
||||
*ppos += count;
|
||||
|
||||
if (!uncopied_bytes) {
|
||||
status = acpi_install_method(buf);
|
||||
kfree(buf);
|
||||
buf = NULL;
|
||||
if (ACPI_FAILURE(status))
|
||||
return -EINVAL;
|
||||
add_taint(TAINT_OVERRIDDEN_ACPI_TABLE);
|
||||
}
|
||||
|
||||
return count;
|
||||
}
|
||||
|
||||
static const struct file_operations cm_fops = {
|
||||
.write = cm_write,
|
||||
.llseek = default_llseek,
|
||||
};
|
||||
|
||||
static int __init acpi_custom_method_init(void)
|
||||
{
|
||||
if (!acpi_debugfs_dir)
|
||||
return -ENOENT;
|
||||
|
||||
cm_dentry = debugfs_create_file("custom_method", S_IWUSR,
|
||||
acpi_debugfs_dir, NULL, &cm_fops);
|
||||
if (!cm_dentry)
|
||||
return -ENODEV;
|
||||
|
||||
return 0;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(acpi_debugfs_dir);
|
||||
|
||||
void __init acpi_debugfs_init(void)
|
||||
{
|
||||
acpi_debugfs_dir = debugfs_create_dir("acpi", NULL);
|
||||
|
||||
acpi_custom_method_init();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user