[PATCH OLK-6.6 0/2] CVE-2026-23094
CVE-2026-23094 Chenghai Huang (1): uacce: fix isolate sysfs check condition Liu Kai (1): Revert "uacce: fix isolate sysfs check condition" drivers/misc/uacce/uacce.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) -- 2.34.1
hulk inclusion category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/13627 CVE: CVE-2026-23094 -------------------------------- This reverts commit 5a1b055b7c0abe63f3e7e6ee7f3894f5d3bfc1de. Fixes: 5a1b055b7c0a ("uacce: fix isolate sysfs check condition") Signed-off-by: Liu Kai <liukai284@huawei.com> --- drivers/misc/uacce/uacce.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/misc/uacce/uacce.c b/drivers/misc/uacce/uacce.c index 4dcf3bff4c8f..0879c98e2e1f 100644 --- a/drivers/misc/uacce/uacce.c +++ b/drivers/misc/uacce/uacce.c @@ -842,7 +842,7 @@ static umode_t uacce_dev_is_visible(struct kobject *kobj, return 0; if (attr == &dev_attr_isolate_strategy.attr && - (!uacce->ops->isolate_err_threshold_read || + (!uacce->ops->isolate_err_threshold_read && !uacce->ops->isolate_err_threshold_write)) return 0; -- 2.34.1
From: Chenghai Huang <huangchenghai2@huawei.com> stable inclusion from stable-v6.6.122 commit 9ab05cdcac354b1b1139918f49c6418b9005d042 category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/13627 CVE: CVE-2026-23094 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=... -------------------------------- commit 98eec349259b1fd876f350b1c600403bcef8f85d upstream. uacce supports the device isolation feature. If the driver implements the isolate_err_threshold_read and isolate_err_threshold_write callback functions, uacce will create sysfs files now. Users can read and configure the isolation policy through sysfs. Currently, sysfs files are created as long as either isolate_err_threshold_read or isolate_err_threshold_write callback functions are present. However, accessing a non-existent callback function may cause the system to crash. Therefore, intercept the creation of sysfs if neither read nor write exists; create sysfs if either is supported, but intercept unsupported operations at the call site. Fixes: e3e289fbc0b5 ("uacce: supports device isolation feature") Cc: stable@vger.kernel.org Signed-off-by: Chenghai Huang <huangchenghai2@huawei.com> Acked-by: Zhangfei Gao <zhangfei.gao@linaro.org> Link: https://patch.msgid.link/20251202061256.4158641-3-huangchenghai2@huawei.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Liu Kai <liukai284@huawei.com> --- drivers/misc/uacce/uacce.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/drivers/misc/uacce/uacce.c b/drivers/misc/uacce/uacce.c index 0879c98e2e1f..02f402ee0a49 100644 --- a/drivers/misc/uacce/uacce.c +++ b/drivers/misc/uacce/uacce.c @@ -751,6 +751,9 @@ static ssize_t isolate_strategy_show(struct device *dev, struct device_attribute struct uacce_device *uacce = to_uacce_device(dev); u32 val; + if (!uacce->ops->isolate_err_threshold_read) + return -ENOENT; + val = uacce->ops->isolate_err_threshold_read(uacce); return sysfs_emit(buf, "%u\n", val); @@ -763,6 +766,9 @@ static ssize_t isolate_strategy_store(struct device *dev, struct device_attribut unsigned long val; int ret; + if (!uacce->ops->isolate_err_threshold_write) + return -ENOENT; + if (kstrtoul(buf, 0, &val) < 0) return -EINVAL; -- 2.34.1
反馈: 您发送到kernel@openeuler.org的补丁/补丁集,已成功转换为PR! PR链接地址: https://atomgit.com/openeuler/kernel/merge_requests/20817 邮件列表地址:https://mailweb.openeuler.org/archives/list/kernel@openeuler.org/message/A2W... FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://atomgit.com/openeuler/kernel/merge_requests/20817 Mailing list address: https://mailweb.openeuler.org/archives/list/kernel@openeuler.org/message/A2W...
participants (2)
-
Liu Kai -
patchwork bot