* [PATCH 0/3] libnvdimm: fix physical address disclosure
@ 2017-09-26 22:57 Dan Williams
2017-09-26 22:57 ` [PATCH 1/3] libnvdimm, region : make 'resource' attribute only readable by root Dan Williams
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Dan Williams @ 2017-09-26 22:57 UTC (permalink / raw)
To: linux-nvdimm; +Cc: Dave Hansen, linux-kernel, stable
Physical address information should be restricted to root. This is
consistent with the policy of /proc/iomem and /sys/firmware/acpi/tables.
---
Dan Williams (3):
libnvdimm, region : make 'resource' attribute only readable by root
libnvdimm, namespace: make 'resource' attribute only readable by root
libnvdimm, pfn: make 'resource' attribute only readable by root
drivers/nvdimm/namespace_devs.c | 2 +-
drivers/nvdimm/pfn_devs.c | 8 ++++++++
drivers/nvdimm/region_devs.c | 8 ++++++--
3 files changed, 15 insertions(+), 3 deletions(-)
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH 1/3] libnvdimm, region : make 'resource' attribute only readable by root
2017-09-26 22:57 [PATCH 0/3] libnvdimm: fix physical address disclosure Dan Williams
@ 2017-09-26 22:57 ` Dan Williams
2017-09-26 22:57 ` [PATCH 2/3] libnvdimm, namespace: " Dan Williams
2017-09-26 22:57 ` [PATCH 3/3] libnvdimm, pfn: " Dan Williams
2 siblings, 0 replies; 4+ messages in thread
From: Dan Williams @ 2017-09-26 22:57 UTC (permalink / raw)
To: linux-nvdimm; +Cc: Dave Hansen, linux-kernel, stable
For the same reason that /proc/iomem returns 0's for non-root readers
and acpi tables are root-only, make the 'resource' attribute for region
devices only readable by root. Otherwise we disclose physical address
information.
Fixes: 802f4be6feee ("libnvdimm: Add 'resource' sysfs attribute to regions")
Cc: <stable@vger.kernel.org>
Cc: Dave Jiang <dave.jiang@intel.com>
Cc: Johannes Thumshirn <jthumshirn@suse.de>
Reported-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
---
drivers/nvdimm/region_devs.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/nvdimm/region_devs.c b/drivers/nvdimm/region_devs.c
index 829d760f651c..abaf38c61220 100644
--- a/drivers/nvdimm/region_devs.c
+++ b/drivers/nvdimm/region_devs.c
@@ -562,8 +562,12 @@ static umode_t region_visible(struct kobject *kobj, struct attribute *a, int n)
if (!is_nd_pmem(dev) && a == &dev_attr_badblocks.attr)
return 0;
- if (!is_nd_pmem(dev) && a == &dev_attr_resource.attr)
- return 0;
+ if (a == &dev_attr_resource.attr) {
+ if (is_nd_pmem(dev))
+ return 0400;
+ else
+ return 0;
+ }
if (a == &dev_attr_deep_flush.attr) {
int has_flush = nvdimm_has_flush(nd_region);
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 2/3] libnvdimm, namespace: make 'resource' attribute only readable by root
2017-09-26 22:57 [PATCH 0/3] libnvdimm: fix physical address disclosure Dan Williams
2017-09-26 22:57 ` [PATCH 1/3] libnvdimm, region : make 'resource' attribute only readable by root Dan Williams
@ 2017-09-26 22:57 ` Dan Williams
2017-09-26 22:57 ` [PATCH 3/3] libnvdimm, pfn: " Dan Williams
2 siblings, 0 replies; 4+ messages in thread
From: Dan Williams @ 2017-09-26 22:57 UTC (permalink / raw)
To: linux-nvdimm; +Cc: Dave Hansen, linux-kernel, stable
For the same reason that /proc/iomem returns 0's for non-root readers
and acpi tables are root-only, make the 'resource' attribute for
namespace devices only readable by root. Otherwise we disclose physical
address information.
Fixes: bf9bccc14c05 ("libnvdimm: pmem label sets and namespace instantiation")
Cc: <stable@vger.kernel.org>
Reported-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
---
drivers/nvdimm/namespace_devs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/nvdimm/namespace_devs.c b/drivers/nvdimm/namespace_devs.c
index 3e4d1e7998da..0af988739a06 100644
--- a/drivers/nvdimm/namespace_devs.c
+++ b/drivers/nvdimm/namespace_devs.c
@@ -1620,7 +1620,7 @@ static umode_t namespace_visible(struct kobject *kobj,
if (a == &dev_attr_resource.attr) {
if (is_namespace_blk(dev))
return 0;
- return a->mode;
+ return 0400;
}
if (is_namespace_pmem(dev) || is_namespace_blk(dev)) {
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH 3/3] libnvdimm, pfn: make 'resource' attribute only readable by root
2017-09-26 22:57 [PATCH 0/3] libnvdimm: fix physical address disclosure Dan Williams
2017-09-26 22:57 ` [PATCH 1/3] libnvdimm, region : make 'resource' attribute only readable by root Dan Williams
2017-09-26 22:57 ` [PATCH 2/3] libnvdimm, namespace: " Dan Williams
@ 2017-09-26 22:57 ` Dan Williams
2 siblings, 0 replies; 4+ messages in thread
From: Dan Williams @ 2017-09-26 22:57 UTC (permalink / raw)
To: linux-nvdimm; +Cc: Dave Hansen, linux-kernel, stable
For the same reason that /proc/iomem returns 0's for non-root readers
and acpi tables are root-only, make the 'resource' attribute for pfn
devices only readable by root. Otherwise we disclose physical address
information.
Fixes: f6ed58c70d14 ("libnvdimm, pfn: 'resource'-address and 'size'...")
Cc: <stable@vger.kernel.org>
Reported-by: Dave Hansen <dave.hansen@linux.intel.com>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
---
drivers/nvdimm/pfn_devs.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/drivers/nvdimm/pfn_devs.c b/drivers/nvdimm/pfn_devs.c
index 9576c444f0ab..65cc171c721d 100644
--- a/drivers/nvdimm/pfn_devs.c
+++ b/drivers/nvdimm/pfn_devs.c
@@ -282,8 +282,16 @@ static struct attribute *nd_pfn_attributes[] = {
NULL,
};
+static umode_t pfn_visible(struct kobject *kobj, struct attribute *a, int n)
+{
+ if (a == &dev_attr_resource.attr)
+ return 0400;
+ return a->mode;
+}
+
struct attribute_group nd_pfn_attribute_group = {
.attrs = nd_pfn_attributes,
+ .is_visible = pfn_visible,
};
static const struct attribute_group *nd_pfn_attribute_groups[] = {
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2017-09-26 23:00 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-26 22:57 [PATCH 0/3] libnvdimm: fix physical address disclosure Dan Williams
2017-09-26 22:57 ` [PATCH 1/3] libnvdimm, region : make 'resource' attribute only readable by root Dan Williams
2017-09-26 22:57 ` [PATCH 2/3] libnvdimm, namespace: " Dan Williams
2017-09-26 22:57 ` [PATCH 3/3] libnvdimm, pfn: " Dan Williams
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).