From cc3db3636edecabb5359cea3bd938eecb8272510 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Mon, 12 Aug 2019 01:31:15 +0100 Subject: [PATCH] tracefs: Fix potential null dereference in default_file_open() Closes: #934304 --- debian/changelog | 2 ++ ...ntial-null-dereference-in-default_fi.patch | 29 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 32 insertions(+) create mode 100644 debian/patches/features/all/lockdown/tracefs-fix-potential-null-dereference-in-default_fi.patch diff --git a/debian/changelog b/debian/changelog index 477b6a9c7f3f..8e40582c542c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,8 @@ linux (5.2.7-2) UNRELEASED; urgency=medium [ Ben Hutchings ] * [armel] fb-modules: Remove xgifb, which was removed upstream (fixes FTBFS) + * tracefs: Fix potential null dereference in default_file_open() + (Closes: #934304) -- Salvatore Bonaccorso Sun, 11 Aug 2019 14:14:00 +0200 diff --git a/debian/patches/features/all/lockdown/tracefs-fix-potential-null-dereference-in-default_fi.patch b/debian/patches/features/all/lockdown/tracefs-fix-potential-null-dereference-in-default_fi.patch new file mode 100644 index 000000000000..b9fa05fc0f4f --- /dev/null +++ b/debian/patches/features/all/lockdown/tracefs-fix-potential-null-dereference-in-default_fi.patch @@ -0,0 +1,29 @@ +From: Ben Hutchings +Date: Mon, 12 Aug 2019 01:17:32 +0100 +Subject: tracefs: Fix potential null dereference in default_file_open() +Bug-Debian: https://bugs.debian.org/934304 +Forwarded: https://lore.kernel.org/linux-security-module/20190812002833.2zij7tfsqtpvqu3a@decadent.org.uk/ + +The "open" operation in struct file_operations is optional, and +ftrace_event_id_fops does not set it. In default_file_open(), after +all other checks have passed, return 0 if the underlying struct +file_operations does not implement open. + +Fixes: 757ff7244358 ("tracefs: Restrict tracefs when the kernel is …") +References: https://bugs.debian.org/934304 +Signed-off-by: Ben Hutchings +--- + fs/tracefs/inode.c | 2 ++ + 1 file changed, 2 insertions(+) + +--- a/fs/tracefs/inode.c ++++ b/fs/tracefs/inode.c +@@ -41,6 +41,8 @@ static int default_open_file(struct inod + return -EPERM; + + real_fops = dentry->d_fsdata; ++ if (!real_fops->open) ++ return 0; + return real_fops->open(inode, filp); + } + diff --git a/debian/patches/series b/debian/patches/series index 8d2846a914fd..b543b69d90f4 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -120,6 +120,7 @@ features/all/lockdown/0028-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b. features/all/lockdown/0029-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch features/all/lockdown/0030-lockdown-Print-current-comm-in-restriction-messages.patch features/all/lockdown/0031-tracefs-Restrict-tracefs-when-the-kernel-is-locked-d.patch +features/all/lockdown/tracefs-fix-potential-null-dereference-in-default_fi.patch features/all/lockdown/0032-efi-Restrict-efivar_ssdt_load-when-the-kernel-is-loc.patch # some missing pieces features/all/lockdown/enable-cold-boot-attack-mitigation.patch