On Mon, Sep 25, 2023 at 12:40:47AM +0200, Ben Hutchings wrote:
On Wed, 2023-08-09 at 12:42 +0200, Greg Kroah-Hartman wrote:
From: Joe Perches joe@perches.com
commit aa838896d87af561a33ecefea1caa4c15a68bc47 upstream.
Convert the various sprintf fmaily calls in sysfs device show functions to sysfs_emit and sysfs_emit_at for PAGE_SIZE buffer safety.
[...]
Signed-off-by: Joe Perches joe@perches.com Link: https://lore.kernel.org/r/3d033c33056d88bbe34d4ddb62afd05ee166ab9a.160028592... [ Brennan : Regenerated for 4.19 to fix CVE-2022-20166 ]
When I looked into the referenced security issue, it seemed to only be exploitable through wakelock names, and in the upstream kernel only after commit c8377adfa781 "PM / wakeup: Show wakeup sources stats in sysfs" (first included in 5.4). So I would be interested to know if and why a fix was needed for 4.19.
It should not be needed there.
More importantly, this backported version uniformly converts to sysfs_emit(), but there are 3 places sysfs_emit_at() must be used instead:
Ick, ok, I'll go revert the commit, thanks.
greg k-h