On Tue, May 23, 2023 at 9:46 AM Christoph Hellwig <hch@xxxxxx> wrote:
>
> resume_store is a sysfs attribute written during normal kernel runtime,
> and it should not use the early_lookup_bdev API that bypasses all normal
> path based permission checking, and might cause problems with certain
> container environments renaming devices.
>
> Switch to lookup_bdev, which does a normal path lookup instead, and fall
> back to trying to parse a numeric dev_t just like early_lookup_bdev did.
>
> Note that this strictly speaking changes the kernel ABI as the PARTUUID=
> and PARTLABEL= style syntax is now not available during a running
> systems. They never were intended for that, but this breaks things
> we'll have to figure out a way to make them available again. But if
> avoidable in any way I'd rather avoid that.
>
> Signed-off-by: Christoph Hellwig <hch@xxxxxx>
> Fixes: 421a5fa1a6cf ("PM / hibernate: use name_to_dev_t to parse resume")
Acked-by: Rafael J. Wysocki <rafael@xxxxxxxxxx>
> ---
> kernel/power/hibernate.c | 18 +++++++++++++++++-
> 1 file changed, 17 insertions(+), 1 deletion(-)
>
> diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
> index c52dedb9f7c8e8..7ae95ec72f9902 100644
> --- a/kernel/power/hibernate.c
> +++ b/kernel/power/hibernate.c
> @@ -1178,7 +1178,23 @@ static ssize_t resume_store(struct kobject *kobj, struct kobj_attribute *attr,
> if (!name)
> return -ENOMEM;
>
> - error = early_lookup_bdev(name, &dev);
> + error = lookup_bdev(name, &dev);
> + if (error) {
> + unsigned maj, min, offset;
> + char *p, dummy;
> +
> + if (sscanf(name, "%u:%u%c", &maj, &min, &dummy) == 2 ||
> + sscanf(name, "%u:%u:%u:%c", &maj, &min, &offset,
> + &dummy) == 3) {
> + dev = MKDEV(maj, min);
> + if (maj != MAJOR(dev) || min != MINOR(dev))
> + error = -EINVAL;
> + } else {
> + dev = new_decode_dev(simple_strtoul(name, &p, 16));
> + if (*p)
> + error = -EINVAL;
> + }
> + }
> kfree(name);
> if (error)
> return error;
> --
> 2.39.2
>
