From 3a01d1b572ac7b49d6a6f8860359fa0e581ca2da Mon Sep 17 00:00:00 2001 From: Zheng Yejian Date: Sat, 29 May 2021 16:55:05 +0800 Subject: [PATCH] sysfs: Remove address alignment constraint in sysfs_emit{_at} hulk inclusion category: bugfix bugzilla: 51349 CVE: CVE-2021-27365 --------------------------- sysfs_emit and sysfs_emit_at have a constraint that output buffer should be alignment with PAGE_SIZE, but currently we can not guarantee it since 59bb47985c1d ("mm, sl[aou]b: guarantee natural alignment for kmalloc(power-of-two)") is not merged. This may lead to an unexpected warning when execute like: 'cat /sys/class/iscsi_transport/tcp/handle'. As for the necessity of the address alignment constraint, Joe Perches (the code author) wrote that: > It's to make sure it's a PAGE_SIZE aligned buffer. > It's just so it would not be misused/abused in non-sysfs derived cases. So we'll not need to introduce 59bb47985c1d ("mm, sl[aou]b: guarantee natural alignment for kmalloc(power-of-two)") but just remove the address alignment constraint. For more discussions of the issue, see: https://www.spinics.net/lists/stable/msg455428.html Signed-off-by: Zheng Yejian Reviewed-by: zhangyi (F) Signed-off-by: Yang Yingliang Reviewed-by: Zhang Yi Signed-off-by: Yang Yingliang --- fs/sysfs/file.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c index ba8a7daa994f..6bc675aa3e59 100644 --- a/fs/sysfs/file.c +++ b/fs/sysfs/file.c @@ -574,7 +574,7 @@ int sysfs_emit(char *buf, const char *fmt, ...) va_list args; int len; - if (WARN(!buf || offset_in_page(buf), + if (WARN(!buf, "invalid sysfs_emit: buf:%p\n", buf)) return 0; @@ -602,7 +602,7 @@ int sysfs_emit_at(char *buf, int at, const char *fmt, ...) va_list args; int len; - if (WARN(!buf || offset_in_page(buf) || at < 0 || at >= PAGE_SIZE, + if (WARN(!buf || at < 0 || at >= PAGE_SIZE, "invalid sysfs_emit_at: buf:%p at:%d\n", buf, at)) return 0; -- GitLab