Received: by 10.192.165.148 with SMTP id m20csp816143imm;
        Fri, 27 Apr 2018 08:00:13 -0700 (PDT)
X-Google-Smtp-Source: AB8JxZoe4IAq+NZPqR5V1jme9A28rKbNmcQQSlcuJ9zRVwbddpqCt7xoWpY7i9qntThByicWkk8X
X-Received: by 2002:a65:4189:: with SMTP id a9-v6mr2427995pgq.118.1524841213525;
        Fri, 27 Apr 2018 08:00:13 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1524841213; cv=none;
        d=google.com; s=arc-20160816;
        b=UaVkODMDv2SOmOZZOQH83D3XTQfvI4dI75GyrEErw/bW6VD2U7cmPMZysSyNPOYCa8
         7UqGHqcUvQpNd3VKEQTRYstCMggjzaB8SMySgKueveJtpWlWIwnbm78HilCTlg4SuGKS
         GswQCsJUjkWRA5Lz/ezj2IW/cxS6UHRpNHoSKD6LjGk6T8n0aPabT4l+gXlt8wAeJsvo
         dH8eKWKOoiA6TQpqnqcMtalOhviMtW4G3XJLTLzWe+4JjNP8/KCuTLLT1iuRB5Vn3hDh
         UQmm4V8w5Emtksxv6DERGWn7ekhTRKxULvbcIyQuiy0RRpI/7BYklLj+zZP+1qXyM4fr
         d2UQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject
         :message-id:date:from:references:in-reply-to:mime-version
         :dkim-signature:dkim-signature:arc-authentication-results;
        bh=5hI/znEsQTrcR0RQpsbmLZLFeIN6cNT5Tpmsd2uTHlE=;
        b=j1fmH9UgOTNPnCjiFt8Mdp2ae6Itg82KM7Y2cyFRy/iiHUEYvmSeZS/FOpnPDLf12X
         HvCwVOBTPinkBO2SpQaQCjbrPP9KEf8MjtSUZn/j2kTVhmt9rm1ehEZeMxKZ4AI2moB8
         Hduaa2UnyNo6X7FLGN8n0FNcKsrFXYL7+uJuxdG8J/bdJgItM8B//Y7rU9Uv9oWNO8SR
         fuXb7FZm2dgS5C0+CT4nDHTuc19Ru43ihOsnPL4uv3QoH2o2rOLMKBA+y3e5Le7cXleQ
         PT5oxTFCWyFII7UZa7hzRvLMKfGm7W9ynKAt0WgcI2HF7nmT0/SWvcwUeN1DPdmSofxu
         8wUA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=D0CS5Le2;
       dkim=fail header.i=@chromium.org header.s=google header.b=WGkP5iUP;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j18si1342610pfi.235.2018.04.27.07.59.59;
        Fri, 27 Apr 2018 08:00:13 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=D0CS5Le2;
       dkim=fail header.i=@chromium.org header.s=google header.b=WGkP5iUP;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S934169AbeD0O6y (ORCPT <rfc822;hubert.jasudowicz@gmail.com>
        + 99 others); Fri, 27 Apr 2018 10:58:54 -0400
Received: from mail-vk0-f68.google.com ([209.85.213.68]:46440 "EHLO
        mail-vk0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S933787AbeD0O6j (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 27 Apr 2018 10:58:39 -0400
Received: by mail-vk0-f68.google.com with SMTP id i190-v6so1243177vkd.13
        for <linux-kernel@vger.kernel.org>; Fri, 27 Apr 2018 07:58:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc:content-transfer-encoding;
        bh=5hI/znEsQTrcR0RQpsbmLZLFeIN6cNT5Tpmsd2uTHlE=;
        b=D0CS5Le2qP2V8+gQkzwpW1+X6oN0uyHlOTIFmBhFxZgbJholZPUoxIpPFKThf77c6M
         PkE71MO+iZmBErLrY1vL3D85rGOHH3VvmWS2emiAnUifza0oY9PJT5i+x+FB9QmjLXDT
         LRQb9bi3Mbj3OBbm1YOinbz/4oDrr8Rbwdkpo2H02o9ZumAYydY8zADS01av6/GM9NmS
         8/yoioSpV6feF1sPs1vMirW7r7zlU4PIIso4OLS5EaWlEYEbeAfz74VlepS6BUuBYI02
         Lut5RH0wIyqDzSDrHWdWr8OiaWhZFQ2ggQ/0Xt6+KvxgTZZ0PUvkCvF9z3a3BmtJWqIj
         lNWw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc:content-transfer-encoding;
        bh=5hI/znEsQTrcR0RQpsbmLZLFeIN6cNT5Tpmsd2uTHlE=;
        b=WGkP5iUP3m+bZE0vdjwAKbeMbT8YfpW6rJvlVxbic1QxS6CpuECHscVCO6ygRhefjk
         2EJM9iwaDhnJPAe2w9cM9KWmnMStEP8a+D2BczyV1AP0CCfwU84D/3iIpMCsaNYA2jT/
         +64ZfxTQT42JZeOUX42qMh+B9FqLYoMHdZIRI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc:content-transfer-encoding;
        bh=5hI/znEsQTrcR0RQpsbmLZLFeIN6cNT5Tpmsd2uTHlE=;
        b=J77b0PZkodmIxS2d+ZCZEiRLZYuydXf5yufG9Pis+bi6CJJp8pUox4oY4SC93mtW0+
         AL7eFRC8i553ZPB9sMQg9l8fCIaTw3XwndWdQATnQPPARNKiiHKpUEReDwq0yVwrMehH
         RKYN7pMDRhtOJhd0TMQBkIifp+jEzX7GSU3z5TpcfysrI2ls1G0KgBLhzJ2XCcY19U5C
         bqAEiOWIIqL4tzQohmvFHaOuCKM6/UApU/hi3OGNAtyMoHgGlud8xypPOdHsugprVUzj
         jRITgZT87WNx/ppjxrT278SkiBf3qEkCFinRJbto3bYJ9q0UxvHUK6Qy3KinBBtCSm7T
         BxQQ==
X-Gm-Message-State: ALQs6tA0dhurq8wMDnwyTcpMC8/rEJloxVE4UwT9spYTNQtyLvugQN3G
        n5BdVfyV7bSDUXxXhOPv462D6JA6iQJWG3k8pwJYCw==
X-Received: by 2002:a1f:b084:: with SMTP id z126-v6mr1768570vke.96.1524841117858;
 Fri, 27 Apr 2018 07:58:37 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.31.140.207 with HTTP; Fri, 27 Apr 2018 07:58:35 -0700 (PDT)
In-Reply-To: <20180427134936.GA31171@kroah.com>
References: <20180427123547.15727-1-tmricht@linux.ibm.com> <20180427134936.GA31171@kroah.com>
From:   Kees Cook <keescook@chromium.org>
Date:   Fri, 27 Apr 2018 07:58:35 -0700
X-Google-Sender-Auth: Nvyl6xY_XsgGoRSYsGNBg5vtft8
Message-ID: <CAGXu5j+LK8-g9bg+RNn+-v1LpRC32sTCAUNZr1v0HXquiG9fQw@mail.gmail.com>
Subject: Re: [PATCH v2] inode: debugfs_create_dir uses mode permission from parent
To:     Greg KH <gregkh@linuxfoundation.org>
Cc:     Thomas Richter <tmricht@linux.ibm.com>,
        Kernel Hardening <kernel-hardening@lists.openwall.com>,
        brueckner@linux.vnet.ibm.com,
        Martin Schwidefsky <schwidefsky@de.ibm.com>,
        Heiko Carstens <heiko.carstens@de.ibm.com>,
        LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Apr 27, 2018 at 6:49 AM, Greg KH <gregkh@linuxfoundation.org> wrote=
:
> I'm going to add Kees and the kernel-hardning list here, as I'd like
> their opinions for the patch below.
>
> Kees, do you have any problems with this patch?  I know you worked on
> making debugfs more "secure" from non-root users, this should still keep
> the intial mount permissions all fine, right?  Anything I'm not
> considering here?

This appears correct to me. I'd like to see some stronger rationale
for why this is needed, just so I have a "design" to compare the
implementation against. :)

Normally, the top-level directory permissions should block all the
subdirectories too. The only time I think of this being needed is if
someone is explicitly bind-mounting a subdirectory to another location
(e.g. Chrome OS does this for the i915 subdirectory). In that case,
I'd expect them to tweak permissions too. Thomas, what's your
use-case?

-Kees

>
> thanks,
>
> greg k-h
>
> On Fri, Apr 27, 2018 at 02:35:47PM +0200, Thomas Richter wrote:
>> Currently function debugfs_create_dir() creates a new
>> directory in the debugfs (usually mounted /sys/kernel/debug)
>> with permission rwxr-xr-x. This is hard coded.
>>
>> Change this to use the parent directory permission.
>>
>> Output before the patch:
>> root@s8360047 ~]# tree -dp -L 1 /sys/kernel/debug/
>> /sys/kernel/debug/
>> =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  bdi
>> =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  block
>> =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  dasd
>> =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  device_component
>> =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  extfrag
>> =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  hid
>> =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  kprobes
>> =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  kvm
>> =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  memblock
>> =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  pm_qos
>> =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  qdio
>> =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  s390
>> =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  s390dbf
>> =E2=94=94=E2=94=80=E2=94=80 [drwx------]  tracing
>>
>> 14 directories
>> [root@s8360047 linux]#
>>
>> Output after the patch:
>> [root@s8360047 ~]# tree -dp -L 1 /sys/kernel/debug/
>> sys/kernel/debug/
>> =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  bdi
>> =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  block
>> =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  dasd
>> =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  device_component
>> =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  extfrag
>> =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  hid
>> =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  kprobes
>> =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  kvm
>> =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  memblock
>> =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  pm_qos
>> =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  qdio
>> =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  s390
>> =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  s390dbf
>> =E2=94=94=E2=94=80=E2=94=80 [drwx------]  tracing
>>
>> 14 directories
>> [root@s8360047 linux]#
>>
>> Here is the full diff output done with:
>> [root@s8360047 ~]# diff -u treefull.before treefull.after |
>>       sed 's-^- # -' > treefull.diff
>>  # --- treefull.before        2018-04-27 13:22:04.532824564 +0200
>>  # +++ treefull.after 2018-04-27 13:24:12.106182062 +0200
>>  # @@ -1,55 +1,55 @@
>>  #  /sys/kernel/debug/
>>  # -=E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  bdi
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  1:0
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  1:1
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  1:10
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  1:11
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  1:12
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  1:13
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  1:14
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  1:15
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  1:2
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  1:3
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  1:4
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  1:5
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  1:6
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  1:7
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  1:8
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  1:9
>>  # -=E2=94=82   =E2=94=94=E2=94=80=E2=94=80 [drwxr-xr-x]  94:0
>>  # -=E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  block
>>  # -=E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  dasd
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  0.0.e18a
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  dasda
>>  # -=E2=94=82   =E2=94=94=E2=94=80=E2=94=80 [drwxr-xr-x]  global
>>  # -=E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  device_component
>>  # -=E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  extfrag
>>  # -=E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  hid
>>  # -=E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  kprobes
>>  # -=E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  kvm
>>  # -=E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  memblock
>>  # -=E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  pm_qos
>>  # -=E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  qdio
>>  # -=E2=94=82   =E2=94=94=E2=94=80=E2=94=80 [drwxr-xr-x]  0.0.f5f2
>>  # -=E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  s390
>>  # -=E2=94=82   =E2=94=94=E2=94=80=E2=94=80 [drwxr-xr-x]  stsi
>>  # -=E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  s390dbf
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  0.0.e18a
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  cio_crw
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  cio_msg
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  cio_trace
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  dasd
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  kvm-trace
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  lgr
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  qdio_0.0.f5f2
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  qdio_error
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  qdio_setup
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  qeth_card_0.0.=
f5f0
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  qeth_control
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  qeth_msg
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  qeth_setup
>>  # -=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  vmcp
>>  # -=E2=94=82   =E2=94=94=E2=94=80=E2=94=80 [drwxr-xr-x]  vmur
>>  # +=E2=94=9C=E2=94=80=E2=94=80 [drwx------]  bdi
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  1:0
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  1:1
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  1:10
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  1:11
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  1:12
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  1:13
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  1:14
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  1:15
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  1:2
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  1:3
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  1:4
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  1:5
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  1:6
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  1:7
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  1:8
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  1:9
>>  # +=E2=94=82   =E2=94=94=E2=94=80=E2=94=80 [drwx------]  94:0
>>  # +=E2=94=9C=E2=94=80=E2=94=80 [drwx------]  block
>>  # +=E2=94=9C=E2=94=80=E2=94=80 [drwx------]  dasd
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  0.0.e18a
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  dasda
>>  # +=E2=94=82   =E2=94=94=E2=94=80=E2=94=80 [drwx------]  global
>>  # +=E2=94=9C=E2=94=80=E2=94=80 [drwx------]  device_component
>>  # +=E2=94=9C=E2=94=80=E2=94=80 [drwx------]  extfrag
>>  # +=E2=94=9C=E2=94=80=E2=94=80 [drwx------]  hid
>>  # +=E2=94=9C=E2=94=80=E2=94=80 [drwx------]  kprobes
>>  # +=E2=94=9C=E2=94=80=E2=94=80 [drwx------]  kvm
>>  # +=E2=94=9C=E2=94=80=E2=94=80 [drwx------]  memblock
>>  # +=E2=94=9C=E2=94=80=E2=94=80 [drwx------]  pm_qos
>>  # +=E2=94=9C=E2=94=80=E2=94=80 [drwx------]  qdio
>>  # +=E2=94=82   =E2=94=94=E2=94=80=E2=94=80 [drwx------]  0.0.f5f2
>>  # +=E2=94=9C=E2=94=80=E2=94=80 [drwx------]  s390
>>  # +=E2=94=82   =E2=94=94=E2=94=80=E2=94=80 [drwx------]  stsi
>>  # +=E2=94=9C=E2=94=80=E2=94=80 [drwx------]  s390dbf
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  0.0.e18a
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  cio_crw
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  cio_msg
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  cio_trace
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  dasd
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  kvm-trace
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  lgr
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  qdio_0.0.f5f2
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  qdio_error
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  qdio_setup
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  qeth_card_0.0.=
f5f0
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  qeth_control
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  qeth_msg
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  qeth_setup
>>  # +=E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwx------]  vmcp
>>  # +=E2=94=82   =E2=94=94=E2=94=80=E2=94=80 [drwx------]  vmur
>>  #  =E2=94=94=E2=94=80=E2=94=80 [drwx------]  tracing
>>  #      =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  events
>>  #      =E2=94=82   =E2=94=9C=E2=94=80=E2=94=80 [drwxr-xr-x]  alarmtimer
>>
>> Fixes: edac65eaf8d5c ("debugfs: take mode-dependent parts of debugfs_get=
_inode() into callers")
>> Signed-off-by: Thomas Richter <tmricht@linux.ibm.com>
>> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
>> ---
>>  fs/debugfs/inode.c | 4 +++-
>>  1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/fs/debugfs/inode.c b/fs/debugfs/inode.c
>> index 13b0135..a913b12 100644
>> --- a/fs/debugfs/inode.c
>> +++ b/fs/debugfs/inode.c
>> @@ -512,7 +512,9 @@ struct dentry *debugfs_create_dir(const char *name, =
struct dentry *parent)
>>       if (unlikely(!inode))
>>               return failed_creating(dentry);
>>
>> -     inode->i_mode =3D S_IFDIR | S_IRWXU | S_IRUGO | S_IXUGO;
>> +     if (!parent)
>> +             parent =3D debugfs_mount->mnt_root;
>> +     inode->i_mode =3D S_IFDIR | ((d_inode(parent)->i_mode & 0770));
>>       inode->i_op =3D &simple_dir_inode_operations;
>>       inode->i_fop =3D &simple_dir_operations;
>>
>> --
>> 2.9.3



--=20
Kees Cook
Pixel Security