s390/hypfs: Avoid unnecessary ioctl registration in debugfs

jira KERNEL-216
Rebuild_History Non-Buildable kernel-5.14.0-611.9.1.el9_7
commit-author Peter Oberparleiter <oberpar@linux.ibm.com>
commit fec7bdf

Currently, hypfs registers ioctl callbacks for all debugfs files,
despite only one file requiring them. This leads to unintended exposure
of unused interfaces to user space and can trigger side effects such as
restricted access when kernel lockdown is enabled.

Restrict ioctl registration to only those files that implement ioctl
functionality to avoid interface clutter and unnecessary access
restrictions.

	Tested-by: Mete Durlu <meted@linux.ibm.com>
	Reviewed-by: Vasily Gorbik <gor@linux.ibm.com>
Fixes: 5496197 ("debugfs: Restrict debugfs when the kernel is locked down")
	Signed-off-by: Peter Oberparleiter <oberpar@linux.ibm.com>
	Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
(cherry picked from commit fec7bdf)
	Signed-off-by: Jonathan Maple <jmaple@ciq.com>

Author: PlaidCat

arch/s390/hypfs/hypfs_dbfs.c

@@ -64,24 +64,28 @@ static long dbfs_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 	long rc;
 
 	mutex_lock(&df->lock);
-	if (df->unlocked_ioctl)
-		rc = df->unlocked_ioctl(file, cmd, arg);
-	else
-		rc = -ENOTTY;
+	rc = df->unlocked_ioctl(file, cmd, arg);
 	mutex_unlock(&df->lock);
 	return rc;
 }
 
-static const struct file_operations dbfs_ops = {
+static const struct file_operations dbfs_ops_ioctl = {
 	.read		= dbfs_read,
 	.llseek		= no_llseek,
 	.unlocked_ioctl = dbfs_ioctl,
 };
 
+static const struct file_operations dbfs_ops = {
+	.read		= dbfs_read,
+};
+
 void hypfs_dbfs_create_file(struct hypfs_dbfs_file *df)
 {
-	df->dentry = debugfs_create_file(df->name, 0400, dbfs_dir, df,
-					 &dbfs_ops);
+	const struct file_operations *fops = &dbfs_ops;
+
+	if (df->unlocked_ioctl)
+		fops = &dbfs_ops_ioctl;
+	df->dentry = debugfs_create_file(df->name, 0400, dbfs_dir, df, fops);
 	mutex_init(&df->lock);
 }