nvdimm.lists.linux.dev archive mirror
 help / color / mirror / Atom feed
* [PATCH 0/3] libnvdimm: fix physical address disclosure
@ 2017-09-26 22:57 Dan Williams
  2017-09-26 22:57 ` [PATCH 1/3] libnvdimm, region : make 'resource' attribute only readable by root Dan Williams
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: Dan Williams @ 2017-09-26 22:57 UTC (permalink / raw)
  To: linux-nvdimm; +Cc: Dave Hansen, linux-kernel, stable

Physical address information should be restricted to root. This is
consistent with the policy of /proc/iomem and /sys/firmware/acpi/tables.

---

Dan Williams (3):
      libnvdimm, region : make 'resource' attribute only readable by root
      libnvdimm, namespace: make 'resource' attribute only readable by root
      libnvdimm, pfn: make 'resource' attribute only readable by root


 drivers/nvdimm/namespace_devs.c |    2 +-
 drivers/nvdimm/pfn_devs.c       |    8 ++++++++
 drivers/nvdimm/region_devs.c    |    8 ++++++--
 3 files changed, 15 insertions(+), 3 deletions(-)
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm

^ permalink raw reply	[flat|nested] 4+ messages in thread
* [PATCH 1/3] libnvdimm, region : make 'resource' attribute only readable by root
  2017-09-26 22:57 [PATCH 0/3] libnvdimm: fix physical address disclosure Dan Williams
@ 2017-09-26 22:57 ` Dan Williams
  2017-09-26 22:57 ` [PATCH 2/3] libnvdimm, namespace: " Dan Williams
  2017-09-26 22:57 ` [PATCH 3/3] libnvdimm, pfn: " Dan Williams
  2 siblings, 0 replies; 4+ messages in thread
From: Dan Williams @ 2017-09-26 22:57 UTC (permalink / raw)
  To: linux-nvdimm; +Cc: Dave Hansen, linux-kernel, stable

For the same reason that /proc/iomem returns 0's for non-root readers
and acpi tables are root-only, make the 'resource' attribute for region
devices only readable by root. Otherwise we disclose physical address
information.

Fixes: 802f4be6feee ("libnvdimm: Add 'resource' sysfs attribute to regions")
Cc: <stable@vger.kernel.org>
Cc: Dave Jiang <dave.jiang@intel.com>
Cc: Johannes Thumshirn <jthumshirn@suse.de>
Reported-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
---
 drivers/nvdimm/region_devs.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/nvdimm/region_devs.c b/drivers/nvdimm/region_devs.c
index 829d760f651c..abaf38c61220 100644
--- a/drivers/nvdimm/region_devs.c
+++ b/drivers/nvdimm/region_devs.c
@@ -562,8 +562,12 @@ static umode_t region_visible(struct kobject *kobj, struct attribute *a, int n)
 	if (!is_nd_pmem(dev) && a == &dev_attr_badblocks.attr)
 		return 0;
 
-	if (!is_nd_pmem(dev) && a == &dev_attr_resource.attr)
-		return 0;
+	if (a == &dev_attr_resource.attr) {
+		if (is_nd_pmem(dev))
+			return 0400;
+		else
+			return 0;
+	}
 
 	if (a == &dev_attr_deep_flush.attr) {
 		int has_flush = nvdimm_has_flush(nd_region);

_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH 2/3] libnvdimm, namespace: make 'resource' attribute only readable by root
  2017-09-26 22:57 [PATCH 0/3] libnvdimm: fix physical address disclosure Dan Williams
  2017-09-26 22:57 ` [PATCH 1/3] libnvdimm, region : make 'resource' attribute only readable by root Dan Williams
@ 2017-09-26 22:57 ` Dan Williams
  2017-09-26 22:57 ` [PATCH 3/3] libnvdimm, pfn: " Dan Williams
  2 siblings, 0 replies; 4+ messages in thread
From: Dan Williams @ 2017-09-26 22:57 UTC (permalink / raw)
  To: linux-nvdimm; +Cc: Dave Hansen, linux-kernel, stable

For the same reason that /proc/iomem returns 0's for non-root readers
and acpi tables are root-only, make the 'resource' attribute for
namespace devices only readable by root. Otherwise we disclose physical
address information.

Fixes: bf9bccc14c05 ("libnvdimm: pmem label sets and namespace instantiation")
Cc: <stable@vger.kernel.org>
Reported-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
---
 drivers/nvdimm/namespace_devs.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/nvdimm/namespace_devs.c b/drivers/nvdimm/namespace_devs.c
index 3e4d1e7998da..0af988739a06 100644
--- a/drivers/nvdimm/namespace_devs.c
+++ b/drivers/nvdimm/namespace_devs.c
@@ -1620,7 +1620,7 @@ static umode_t namespace_visible(struct kobject *kobj,
 	if (a == &dev_attr_resource.attr) {
 		if (is_namespace_blk(dev))
 			return 0;
-		return a->mode;
+		return 0400;
 	}
 
 	if (is_namespace_pmem(dev) || is_namespace_blk(dev)) {

_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* [PATCH 3/3] libnvdimm, pfn: make 'resource' attribute only readable by root
  2017-09-26 22:57 [PATCH 0/3] libnvdimm: fix physical address disclosure Dan Williams
  2017-09-26 22:57 ` [PATCH 1/3] libnvdimm, region : make 'resource' attribute only readable by root Dan Williams
  2017-09-26 22:57 ` [PATCH 2/3] libnvdimm, namespace: " Dan Williams
@ 2017-09-26 22:57 ` Dan Williams
  2 siblings, 0 replies; 4+ messages in thread
From: Dan Williams @ 2017-09-26 22:57 UTC (permalink / raw)
  To: linux-nvdimm; +Cc: Dave Hansen, linux-kernel, stable

For the same reason that /proc/iomem returns 0's for non-root readers
and acpi tables are root-only, make the 'resource' attribute for pfn
devices only readable by root. Otherwise we disclose physical address
information.

Fixes: f6ed58c70d14 ("libnvdimm, pfn: 'resource'-address and 'size'...")
Cc: <stable@vger.kernel.org>
Reported-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
---
 drivers/nvdimm/pfn_devs.c |    8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/drivers/nvdimm/pfn_devs.c b/drivers/nvdimm/pfn_devs.c
index 9576c444f0ab..65cc171c721d 100644
--- a/drivers/nvdimm/pfn_devs.c
+++ b/drivers/nvdimm/pfn_devs.c
@@ -282,8 +282,16 @@ static struct attribute *nd_pfn_attributes[] = {
 	NULL,
 };
 
+static umode_t pfn_visible(struct kobject *kobj, struct attribute *a, int n)
+{
+	if (a == &dev_attr_resource.attr)
+		return 0400;
+	return a->mode;
+}
+
 struct attribute_group nd_pfn_attribute_group = {
 	.attrs = nd_pfn_attributes,
+	.is_visible = pfn_visible,
 };
 
 static const struct attribute_group *nd_pfn_attribute_groups[] = {

_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm

^ permalink raw reply related	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-09-26 23:00 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-26 22:57 [PATCH 0/3] libnvdimm: fix physical address disclosure Dan Williams
2017-09-26 22:57 ` [PATCH 1/3] libnvdimm, region : make 'resource' attribute only readable by root Dan Williams
2017-09-26 22:57 ` [PATCH 2/3] libnvdimm, namespace: " Dan Williams
2017-09-26 22:57 ` [PATCH 3/3] libnvdimm, pfn: " Dan Williams

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).