On Fri, Apr 02, 2021 at 08:32:21AM +0200, Christoph Hellwig wrote: > On Thu, Apr 01, 2021 at 03:13:20PM -0700, Kees Cook wrote: > > The sysfs interface to seq_file continues to be rather fragile > > (seq_get_buf() should not be used outside of seq_file), as seen with > > some recent exploits[1]. Move the seq_file buffer to the vmap area > > (while retaining the accounting flag), since it has guard pages that will > > catch and stop linear overflows. This seems justified given that sysfs's > > use of seq_file almost always already uses PAGE_SIZE allocations, has > > normally short-lived allocations, and is not normally on a performance > > critical path. > > This looks completely weird to me. In the end sysfs uses nothing > of the seq_file infrastructure, so why do we even pretend to use it? > Just switch sysfs_file_kfops_ro and sysfs_file_kfops_rw from using > ->seq_show to ->read and do the vmalloc there instead of pretending > this is a seq_file. As far as I can tell it's a result of kernfs using seq_file, but sysfs never converted all its callbacks to use seq_file. > > Once seq_get_buf() has been removed (and all sysfs callbacks using > > seq_file directly), this change can also be removed. > > And with sysfs out of the way I think kiling off the other few users > should be pretty easy as well. Let me look at switching to "read" ... it is a twisty maze. :) -- Kees Cook
