diff options
author | Michal Suchanek <msuchanek@suse.de> | 2022-01-04 20:05:05 +0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-01-27 12:54:02 +0300 |
commit | b3dda01d1d4705cf2be57c5469a2e6964168f688 (patch) | |
tree | 5a9c5b2041b54d901e813583d177acdc126ab0ad /fs/debugfs | |
parent | b9b5da3e187edc62f735b86f6223b222c37d46e4 (diff) | |
download | linux-b3dda01d1d4705cf2be57c5469a2e6964168f688.tar.xz |
debugfs: lockdown: Allow reading debugfs files that are not world readable
[ Upstream commit 358fcf5ddbec4e6706405847d6a666f5933a6c25 ]
When the kernel is locked down the kernel allows reading only debugfs
files with mode 444. Mode 400 is also valid but is not allowed.
Make the 444 into a mask.
Fixes: 5496197f9b08 ("debugfs: Restrict debugfs when the kernel is locked down")
Signed-off-by: Michal Suchanek <msuchanek@suse.de>
Link: https://lore.kernel.org/r/20220104170505.10248-1-msuchanek@suse.de
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'fs/debugfs')
-rw-r--r-- | fs/debugfs/file.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/debugfs/file.c b/fs/debugfs/file.c index 3aa5eb9ce498..96059af28f50 100644 --- a/fs/debugfs/file.c +++ b/fs/debugfs/file.c @@ -147,7 +147,7 @@ static int debugfs_locked_down(struct inode *inode, struct file *filp, const struct file_operations *real_fops) { - if ((inode->i_mode & 07777) == 0444 && + if ((inode->i_mode & 07777 & ~0444) == 0 && !(filp->f_mode & FMODE_WRITE) && !real_fops->unlocked_ioctl && !real_fops->compat_ioctl && |