From patchwork Thu Jan 23 07:48:44 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vasily Averin X-Patchwork-Id: 11346941 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0BF4792A for ; Thu, 23 Jan 2020 07:48:54 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id DF29924673 for ; Thu, 23 Jan 2020 07:48:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725955AbgAWHsx (ORCPT ); Thu, 23 Jan 2020 02:48:53 -0500 Received: from relay.sw.ru ([185.231.240.75]:37314 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725785AbgAWHsx (ORCPT ); Thu, 23 Jan 2020 02:48:53 -0500 Received: from vvs-ws.sw.ru ([172.16.24.21]) by relay.sw.ru with esmtp (Exim 4.92.3) (envelope-from ) id 1iuXEK-00067q-Va; Thu, 23 Jan 2020 10:48:45 +0300 From: Vasily Averin Subject: [PATCH 0/2] tpm: seq_file .next functions should increase position index To: linux-integrity@vger.kernel.org Cc: Peter Huewe , Jarkko Sakkinen , Jason Gunthorpe Message-ID: <897eab01-9af7-4dd5-313d-10a3fd765941@virtuozzo.com> Date: Thu, 23 Jan 2020 10:48:44 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.2 MIME-Version: 1.0 Content-Language: en-US Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org In Aug 2018 NeilBrown noticed commit 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code and interface") "Some ->next functions do not increment *pos when they return NULL... Note that such ->next functions are buggy and should be fixed. A simple demonstration is dd if=/proc/swaps bs=1000 skip=1 Choose any block size larger than the size of /proc/swaps. This will always show the whole last line of /proc/swaps" Described problem is still actual. If you make lseek into middle of last output line following read will output end of last line and whole last line once again. $ dd if=/proc/swaps bs=1 # usual output Filename Type Size Used Priority /dev/dm-0 partition 4194812 97536 -2 104+0 records in 104+0 records out 104 bytes copied $ dd if=/proc/swaps bs=40 skip=1 # last line was generated twice dd: /proc/swaps: cannot skip to specified offset v/dm-0 partition 4194812 97536 -2 /dev/dm-0 partition 4194812 97536 -2 3+1 records in 3+1 records out 131 bytes copied There are lot of other affected files, I've found 30+ including /proc/net/ip_tables_matches and /proc/sysvipc/* This patch-set fixes files related to tpm driver https://bugzilla.kernel.org/show_bug.cgi?id=206283 Vasily Averin (2): tpm1_bios_measurements_next should increase position index tpm2_bios_measurements_next should increase position index drivers/char/tpm/eventlog/tpm1.c | 2 +- drivers/char/tpm/eventlog/tpm2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)