Re: [PATCH] acpi/ec: Deny write access unless requested by module param

From: Thomas Renninger
Date: Wed Feb 17 2016 - 09:27:40 EST


On Saturday, February 06, 2016 02:08:08 AM green@xxxxxxxxxxxxxx wrote:
> From: Oleg Drokin <green@xxxxxxxxxxxxxx>
>
> In debugfs it's not enough to just set file mode to read-only to
> deny write access to a file, instead just don't provide
> the write method unless write access is really requested.
>
> Signed-off-by: Oleg Drokin <green@xxxxxxxxxxxxxx>
Signed-off-by: Thomas Renninger <trenn@xxxxxxxx>

Thanks!

> ---
> I assume allowing run-time changes via /sys/module is preferrable,
> opposed to forced module unload and reload to change this option,
> but I can submit another patch to only depend on the module parameter
> too, please let me know.
>
> drivers/acpi/ec_sys.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/drivers/acpi/ec_sys.c b/drivers/acpi/ec_sys.c
> index bea8e42..6c7dd7a 100644
> --- a/drivers/acpi/ec_sys.c
> +++ b/drivers/acpi/ec_sys.c
> @@ -73,6 +73,9 @@ static ssize_t acpi_ec_write_io(struct file *f, const char
> __user *buf, loff_t init_off = *off;
> int err = 0;
>
> + if (!write_support)
> + return -EINVAL;
> +
> if (*off >= EC_SPACE_SIZE)
> return 0;
> if (*off + count >= EC_SPACE_SIZE) {