On Mon, Sep 25, 2023 at 12:40:47AM +0200, Ben Hutchings wrote: > On Wed, 2023-08-09 at 12:42 +0200, Greg Kroah-Hartman wrote: > > From: Joe Perches <joe@xxxxxxxxxxx> > > > > commit aa838896d87af561a33ecefea1caa4c15a68bc47 upstream. > > > > Convert the various sprintf fmaily calls in sysfs device show functions > > to sysfs_emit and sysfs_emit_at for PAGE_SIZE buffer safety. > > [...] > > Signed-off-by: Joe Perches <joe@xxxxxxxxxxx> > > Link: https://lore.kernel.org/r/3d033c33056d88bbe34d4ddb62afd05ee166ab9a.1600285923.git.joe@xxxxxxxxxxx > > [ Brennan : Regenerated for 4.19 to fix CVE-2022-20166 ] > > When I looked into the referenced security issue, it seemed to only be > exploitable through wakelock names, and in the upstream kernel only > after commit c8377adfa781 "PM / wakeup: Show wakeup sources stats in > sysfs" (first included in 5.4). So I would be interested to know if > and why a fix was needed for 4.19. It should not be needed there. > More importantly, this backported version uniformly converts to > sysfs_emit(), but there are 3 places sysfs_emit_at() must be used > instead: Ick, ok, I'll go revert the commit, thanks. greg k-h
