diff options
| author | wangzijie <wangzijie1@honor.com> | 2025-06-07 05:13:53 +0300 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-08-15 13:05:03 +0300 |
| commit | c35b0feb80b48720dfbbf4e33759c7be3faaebb6 (patch) | |
| tree | 350293cec00b54e60f27ea9ac7be2d3e49295cb2 /include/linux | |
| parent | 0425e67b95432f5bb575e7796a6f8420a425b35b (diff) | |
| download | linux-c35b0feb80b48720dfbbf4e33759c7be3faaebb6.tar.xz | |
proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al
[ Upstream commit ff7ec8dc1b646296f8d94c39339e8d3833d16c05 ]
Check pde->proc_ops->proc_lseek directly may cause UAF in rmmod scenario.
It's a gap in proc_reg_open() after commit 654b33ada4ab("proc: fix UAF in
proc_get_inode()"). Followed by AI Viro's suggestion, fix it in same
manner.
Link: https://lkml.kernel.org/r/20250607021353.1127963-1-wangzijie1@honor.com
Fixes: 3f61631d47f1 ("take care to handle NULL ->proc_lseek()")
Signed-off-by: wangzijie <wangzijie1@honor.com>
Reviewed-by: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Alexei Starovoitov <ast@kernel.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
Cc: Kirill A. Shuemov <kirill.shutemov@linux.intel.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/proc_fs.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/proc_fs.h b/include/linux/proc_fs.h index 39532c19aa28..ca9cd8a2569e 100644 --- a/include/linux/proc_fs.h +++ b/include/linux/proc_fs.h @@ -27,6 +27,7 @@ enum { PROC_ENTRY_proc_read_iter = 1U << 1, PROC_ENTRY_proc_compat_ioctl = 1U << 2, + PROC_ENTRY_proc_lseek = 1U << 3, }; struct proc_ops { |