From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,MENTIONS_GIT_HOSTING, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5C620C4363C for ; Wed, 7 Oct 2020 03:24:29 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 95F0F2087E for ; Wed, 7 Oct 2020 03:24:28 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 95F0F2087E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=ellerman.id.au Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Received: from bilbo.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 4C5fp22z48zDqKh for ; Wed, 7 Oct 2020 14:24:26 +1100 (AEDT) Received: from ozlabs.org (bilbo.ozlabs.org [IPv6:2401:3900:2:1::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4C5fkJ0JckzDqFC for ; Wed, 7 Oct 2020 14:21:12 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=ellerman.id.au Received: by ozlabs.org (Postfix, from userid 1034) id 4C5fkH1lfVz9sTR; Wed, 7 Oct 2020 14:21:11 +1100 (AEDT) From: Michael Ellerman To: Andrew Donnellan , linuxppc-dev@lists.ozlabs.org In-Reply-To: <20200820044512.7543-1-ajd@linux.ibm.com> References: <20200820044512.7543-1-ajd@linux.ibm.com> Subject: Re: [PATCH v2 1/2] powerpc/rtas: Restrict RTAS requests from userspace Message-Id: <160204083771.257875.2183236339326581440.b4-ty@ellerman.id.au> Date: Wed, 7 Oct 2020 14:21:11 +1100 (AEDT) X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: nathanl@linux.ibm.com, leobras.c@gmail.com, stable@vger.kernel.org, dja@axtens.net Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" On Thu, 20 Aug 2020 14:45:12 +1000, Andrew Donnellan wrote: > A number of userspace utilities depend on making calls to RTAS to retrieve > information and update various things. > > The existing API through which we expose RTAS to userspace exposes more > RTAS functionality than we actually need, through the sys_rtas syscall, > which allows root (or anyone with CAP_SYS_ADMIN) to make any RTAS call they > want with arbitrary arguments. > > [...] Applied to powerpc/next. [1/2] powerpc/rtas: Restrict RTAS requests from userspace https://git.kernel.org/powerpc/c/bd59380c5ba4147dcbaad3e582b55ccfd120b764 [2/2] selftests/powerpc: Add a rtas_filter selftest https://git.kernel.org/powerpc/c/dc9af82ea0614bb138705d1f5230d53b3b1dfb83 cheers