Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp5641771imu; Mon, 26 Nov 2018 03:24:32 -0800 (PST) X-Google-Smtp-Source: AFSGD/U5x7eTrt6xYzGvoLtoZUP42GcSW2/k7HBDNoFpJGfvh8kBqD+KLN+DeZjiPwkJ7ZVlM/Jz X-Received: by 2002:a63:fd53:: with SMTP id m19mr24774640pgj.340.1543231472254; Mon, 26 Nov 2018 03:24:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1543231472; cv=none; d=google.com; s=arc-20160816; b=BqnCbuwZbLnfj+h/mTdZwjMLRc3v97YmiTeEHBUn/4U3TK1lLjQmDCwaOxmgLdFHct PDseoxpnNHETewXsi43voBg/30UfhhbKvbY0YUevjg4v/Z8sMoypxGh8I56G1UVCEStT iby8LOX0Fz+MXojFvop6KhouDgWBwhGc/aisf6gp8B57CdFIuCeDQU01PyZfqC7u6HRW Lop+Qa5RbEA4D4gpFLLxFDF0mRr6Fw6wb0TwLKsWUneL/z4SAqV0WEhqJtgrrkgtjPEJ M5sy7v5qjXMCspC87yNShTTp1lFPfvFJrjOyUOrl9M6ck7N6+lcxltfoj0ryVyaleCzB 7YPg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=z7iSbQd3aFVEWwyaXNizG3yZ4TPbpThLqf41mG/0isM=; b=azlTZ4zqJm0rL8gDlpuHPpvhkHzQEl102HVo9UZlpUJQjpzu4IW4XdPP2Lt6PZAwlt lEXzDvdiMuoAa3Aj9QnIZL6KGLQKs6IiJT+oGsKFGJq/v59q5JCDSHEAVAi5WjUHpwHR KMotYt5yaGFEvV+8Tv4bJccYTuxJDPYEk3/BjCRruCe4S74DYsvRrdoGsfFGadUtBZ8X nENcZpTpxeR5/X6g6oIaiWemIIJRQBjDlnm8bkqQ0H5ZEm8YmMofBKgygdGXn2o6vB/J c0HCGhD7l2XFAmSkr9rN1NzkRYaNTDxo/CHzVsVuiZMxlWk97kXNwj6oLgpaU7y001me 5+gg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=H1BhnuGo; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m8si6247956pls.400.2018.11.26.03.24.17; Mon, 26 Nov 2018 03:24:32 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=H1BhnuGo; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728428AbeKZVuQ (ORCPT + 99 others); Mon, 26 Nov 2018 16:50:16 -0500 Received: from mail.kernel.org ([198.145.29.99]:59412 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727504AbeKZVuQ (ORCPT ); Mon, 26 Nov 2018 16:50:16 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9FFFA21104; Mon, 26 Nov 2018 10:56:30 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1543229791; bh=VnjsFWEhdunkV3Tv5ZYaLtINfeBOmKWlox59sAm2JjM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=H1BhnuGorKCAL7JOa4F3kEKt9L4ehN7URfuGGpx+Mj6uMy/liSfotNpisbpb1EZSF t+83DjEadlI6O/Nvc9BIc3S9yjF3fb+LCKmVbpj0unkPqQEdFbi9EN9l4VQ2aKOvK/ zPGK8G+07rEcaJU+hXpkovBmOH7Mpn+3v/LVL42g= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Taehee Yoo , Pablo Neira Ayuso , Sasha Levin Subject: [PATCH 4.4 50/70] netfilter: xt_IDLETIMER: add sysfs filename checking routine Date: Mon, 26 Nov 2018 11:51:05 +0100 Message-Id: <20181126105051.792018362@linuxfoundation.org> X-Mailer: git-send-email 2.19.2 In-Reply-To: <20181126105046.722096341@linuxfoundation.org> References: <20181126105046.722096341@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ [ Upstream commit 54451f60c8fa061af9051a53be9786393947367c ] When IDLETIMER rule is added, sysfs file is created under /sys/class/xt_idletimer/timers/ But some label name shouldn't be used. ".", "..", "power", "uevent", "subsystem", etc... So that sysfs filename checking routine is needed. test commands: %iptables -I INPUT -j IDLETIMER --timeout 1 --label "power" splat looks like: [95765.423132] sysfs: cannot create duplicate filename '/devices/virtual/xt_idletimer/timers/power' [95765.433418] CPU: 0 PID: 8446 Comm: iptables Not tainted 4.19.0-rc6+ #20 [95765.449755] Call Trace: [95765.449755] dump_stack+0xc9/0x16b [95765.449755] ? show_regs_print_info+0x5/0x5 [95765.449755] sysfs_warn_dup+0x74/0x90 [95765.449755] sysfs_add_file_mode_ns+0x352/0x500 [95765.449755] sysfs_create_file_ns+0x179/0x270 [95765.449755] ? sysfs_add_file_mode_ns+0x500/0x500 [95765.449755] ? idletimer_tg_checkentry+0x3e5/0xb1b [xt_IDLETIMER] [95765.449755] ? rcu_read_lock_sched_held+0x114/0x130 [95765.449755] ? __kmalloc_track_caller+0x211/0x2b0 [95765.449755] ? memcpy+0x34/0x50 [95765.449755] idletimer_tg_checkentry+0x4e2/0xb1b [xt_IDLETIMER] [ ... ] Fixes: 0902b469bd25 ("netfilter: xtables: idletimer target implementation") Signed-off-by: Taehee Yoo Signed-off-by: Pablo Neira Ayuso Signed-off-by: Sasha Levin --- net/netfilter/xt_IDLETIMER.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/net/netfilter/xt_IDLETIMER.c b/net/netfilter/xt_IDLETIMER.c index 1718f536689f..8a1d2af3eed0 100644 --- a/net/netfilter/xt_IDLETIMER.c +++ b/net/netfilter/xt_IDLETIMER.c @@ -116,6 +116,22 @@ static void idletimer_tg_expired(unsigned long data) schedule_work(&timer->work); } +static int idletimer_check_sysfs_name(const char *name, unsigned int size) +{ + int ret; + + ret = xt_check_proc_name(name, size); + if (ret < 0) + return ret; + + if (!strcmp(name, "power") || + !strcmp(name, "subsystem") || + !strcmp(name, "uevent")) + return -EINVAL; + + return 0; +} + static int idletimer_tg_create(struct idletimer_tg_info *info) { int ret; @@ -126,6 +142,10 @@ static int idletimer_tg_create(struct idletimer_tg_info *info) goto out; } + ret = idletimer_check_sysfs_name(info->label, sizeof(info->label)); + if (ret < 0) + goto out_free_timer; + sysfs_attr_init(&info->timer->attr.attr); info->timer->attr.attr.name = kstrdup(info->label, GFP_KERNEL); if (!info->timer->attr.attr.name) { -- 2.17.1