releases/6.1.149/s390-hypfs-avoid-unnecessary-ioctl-registration-in-d.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From d6394560508ba783afbb7297c7ca5cb67038cf36 Mon Sep 17 00:00:00 2001
 From: Sasha Levin <sashal@kernel.org>
 Date: Thu, 21 Aug 2025 14:35:40 +0200
 Subject: s390/hypfs: Avoid unnecessary ioctl registration in debugfs

 From: Peter Oberparleiter <oberpar@linux.ibm.com>

 [ Upstream commit fec7bdfe7f8694a0c39e6c3ec026ff61ca1058b9 ]

 Currently, hypfs registers ioctl callbacks for all debugfs files,
 despite only one file requiring them. This leads to unintended exposure
 of unused interfaces to user space and can trigger side effects such as
 restricted access when kernel lockdown is enabled.

 Restrict ioctl registration to only those files that implement ioctl
 functionality to avoid interface clutter and unnecessary access
 restrictions.

 Tested-by: Mete Durlu <meted@linux.ibm.com>
 Reviewed-by: Vasily Gorbik <gor@linux.ibm.com>
 Fixes: 5496197f9b08 ("debugfs: Restrict debugfs when the kernel is locked down")
 Signed-off-by: Peter Oberparleiter <oberpar@linux.ibm.com>
 Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
 Signed-off-by: Sasha Levin <sashal@kernel.org>
 ---
  arch/s390/hypfs/hypfs_dbfs.c | 18 +++++++++++-------
  1 file changed, 11 insertions(+), 7 deletions(-)

 diff --git a/arch/s390/hypfs/hypfs_dbfs.c b/arch/s390/hypfs/hypfs_dbfs.c
 index f4c7dbfaf8ee..c5f53dc3dbbc 100644
 --- a/arch/s390/hypfs/hypfs_dbfs.c
 +++ b/arch/s390/hypfs/hypfs_dbfs.c
 @@ -64,24 +64,28 @@ static long dbfs_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
  	long rc;

  	mutex_lock(&df->lock);
 -	if (df->unlocked_ioctl)
 -		rc = df->unlocked_ioctl(file, cmd, arg);
 -	else
 -		rc = -ENOTTY;
 +	rc = df->unlocked_ioctl(file, cmd, arg);
  	mutex_unlock(&df->lock);
  	return rc;
  }

 -static const struct file_operations dbfs_ops = {
 +static const struct file_operations dbfs_ops_ioctl = {
  	.read		= dbfs_read,
  	.llseek		= no_llseek,
  	.unlocked_ioctl = dbfs_ioctl,
  };

 +static const struct file_operations dbfs_ops = {
 +	.read		= dbfs_read,
 +};
 +
  void hypfs_dbfs_create_file(struct hypfs_dbfs_file *df)
  {
 -	df->dentry = debugfs_create_file(df->name, 0400, dbfs_dir, df,
 -					 &dbfs_ops);
 +	const struct file_operations *fops = &dbfs_ops;
 +
 +	if (df->unlocked_ioctl)
 +		fops = &dbfs_ops_ioctl;
 +	df->dentry = debugfs_create_file(df->name, 0400, dbfs_dir, df, fops);
  	mutex_init(&df->lock);
  }

 --
 2.50.1
	From d6394560508ba783afbb7297c7ca5cb67038cf36 Mon Sep 17 00:00:00 2001
	From: Sasha Levin <sashal@kernel.org>
	Date: Thu, 21 Aug 2025 14:35:40 +0200
	Subject: s390/hypfs: Avoid unnecessary ioctl registration in debugfs

	From: Peter Oberparleiter <oberpar@linux.ibm.com>

	[ Upstream commit fec7bdfe7f8694a0c39e6c3ec026ff61ca1058b9 ]

	Currently, hypfs registers ioctl callbacks for all debugfs files,
	despite only one file requiring them. This leads to unintended exposure
	of unused interfaces to user space and can trigger side effects such as
	restricted access when kernel lockdown is enabled.

	Restrict ioctl registration to only those files that implement ioctl
	functionality to avoid interface clutter and unnecessary access
	restrictions.

	Tested-by: Mete Durlu <meted@linux.ibm.com>
	Reviewed-by: Vasily Gorbik <gor@linux.ibm.com>
	Fixes: 5496197f9b08 ("debugfs: Restrict debugfs when the kernel is locked down")
	Signed-off-by: Peter Oberparleiter <oberpar@linux.ibm.com>
	Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
	Signed-off-by: Sasha Levin <sashal@kernel.org>
	---
	arch/s390/hypfs/hypfs_dbfs.c \| 18 +++++++++++-------
	1 file changed, 11 insertions(+), 7 deletions(-)

	diff --git a/arch/s390/hypfs/hypfs_dbfs.c b/arch/s390/hypfs/hypfs_dbfs.c
	index f4c7dbfaf8ee..c5f53dc3dbbc 100644
	--- a/arch/s390/hypfs/hypfs_dbfs.c
	+++ b/arch/s390/hypfs/hypfs_dbfs.c
	@@ -64,24 +64,28 @@ static long dbfs_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
	long rc;

	mutex_lock(&df->lock);
	- if (df->unlocked_ioctl)
	- rc = df->unlocked_ioctl(file, cmd, arg);
	- else
	- rc = -ENOTTY;
	+ rc = df->unlocked_ioctl(file, cmd, arg);
	mutex_unlock(&df->lock);
	return rc;
	}

	-static const struct file_operations dbfs_ops = {
	+static const struct file_operations dbfs_ops_ioctl = {
	.read = dbfs_read,
	.llseek = no_llseek,
	.unlocked_ioctl = dbfs_ioctl,
	};

	+static const struct file_operations dbfs_ops = {
	+ .read = dbfs_read,
	+};
	+
	void hypfs_dbfs_create_file(struct hypfs_dbfs_file *df)
	{
	- df->dentry = debugfs_create_file(df->name, 0400, dbfs_dir, df,
	- &dbfs_ops);
	+ const struct file_operations *fops = &dbfs_ops;
	+
	+ if (df->unlocked_ioctl)
	+ fops = &dbfs_ops_ioctl;
	+ df->dentry = debugfs_create_file(df->name, 0400, dbfs_dir, df, fops);
	mutex_init(&df->lock);
	}

	--
	2.50.1