This is a note to let you know that I've just added the patch titled
efi: Move some sysfs files to be read-only by root
to the 4.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
efi-move-some-sysfs-files-to-be-read-only-by-root.patch
and it can be found in the queue-4.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From af97a77bc01ce49a466f9d4c0125479e2e2230b6 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Date: Wed, 6 Dec 2017 09:50:08 +0000
Subject: efi: Move some sysfs files to be read-only by root
From: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
commit af97a77bc01ce49a466f9d4c0125479e2e2230b6 upstream.
Thanks to the scripts/leaking_addresses.pl script, it was found that
some EFI values should not be readable by non-root users.
So make them root-only, and to do that, add a __ATTR_RO_MODE() macro to
make this easier, and use it in other places at the same time.
Reported-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
Tested-by: Dave Young <dyoung@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx>
Cc: H. Peter Anvin <hpa@xxxxxxxxx>
Cc: Matt Fleming <matt@xxxxxxxxxxxxxxxxxxx>
Cc: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: linux-efi@xxxxxxxxxxxxxxx
Link: http://lkml.kernel.org/r/20171206095010.24170-2-ard.biesheuvel@xxxxxxxxxx
Signed-off-by: Ingo Molnar <mingo@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/firmware/efi/efi.c | 3 +--
drivers/firmware/efi/esrt.c | 15 ++++++---------
drivers/firmware/efi/runtime-map.c | 10 +++++-----
include/linux/sysfs.h | 6 ++++++
4 files changed, 18 insertions(+), 16 deletions(-)
--- a/drivers/firmware/efi/efi.c
+++ b/drivers/firmware/efi/efi.c
@@ -113,8 +113,7 @@ static ssize_t systab_show(struct kobjec
return str - buf;
}
-static struct kobj_attribute efi_attr_systab =
- __ATTR(systab, 0400, systab_show, NULL);
+static struct kobj_attribute efi_attr_systab = __ATTR_RO_MODE(systab, 0400);
#define EFI_FIELD(var) efi.var
--- a/drivers/firmware/efi/esrt.c
+++ b/drivers/firmware/efi/esrt.c
@@ -105,7 +105,7 @@ static const struct sysfs_ops esre_attr_
};
/* Generic ESRT Entry ("ESRE") support. */
-static ssize_t esre_fw_class_show(struct esre_entry *entry, char *buf)
+static ssize_t fw_class_show(struct esre_entry *entry, char *buf)
{
char *str = buf;
@@ -116,18 +116,16 @@ static ssize_t esre_fw_class_show(struct
return str - buf;
}
-static struct esre_attribute esre_fw_class = __ATTR(fw_class, 0400,
- esre_fw_class_show, NULL);
+static struct esre_attribute esre_fw_class = __ATTR_RO_MODE(fw_class, 0400);
#define esre_attr_decl(name, size, fmt) \
-static ssize_t esre_##name##_show(struct esre_entry *entry, char *buf) \
+static ssize_t name##_show(struct esre_entry *entry, char *buf) \
{ \
return sprintf(buf, fmt "\n", \
le##size##_to_cpu(entry->esre.esre1->name)); \
} \
\
-static struct esre_attribute esre_##name = __ATTR(name, 0400, \
- esre_##name##_show, NULL)
+static struct esre_attribute esre_##name = __ATTR_RO_MODE(name, 0400)
esre_attr_decl(fw_type, 32, "%u");
esre_attr_decl(fw_version, 32, "%u");
@@ -195,14 +193,13 @@ static int esre_create_sysfs_entry(void
/* support for displaying ESRT fields at the top level */
#define esrt_attr_decl(name, size, fmt) \
-static ssize_t esrt_##name##_show(struct kobject *kobj, \
+static ssize_t name##_show(struct kobject *kobj, \
struct kobj_attribute *attr, char *buf)\
{ \
return sprintf(buf, fmt "\n", le##size##_to_cpu(esrt->name)); \
} \
\
-static struct kobj_attribute esrt_##name = __ATTR(name, 0400, \
- esrt_##name##_show, NULL)
+static struct kobj_attribute esrt_##name = __ATTR_RO_MODE(name, 0400)
esrt_attr_decl(fw_resource_count, 32, "%u");
esrt_attr_decl(fw_resource_count_max, 32, "%u");
--- a/drivers/firmware/efi/runtime-map.c
+++ b/drivers/firmware/efi/runtime-map.c
@@ -67,11 +67,11 @@ static ssize_t map_attr_show(struct kobj
return map_attr->show(entry, buf);
}
-static struct map_attribute map_type_attr = __ATTR_RO(type);
-static struct map_attribute map_phys_addr_attr = __ATTR_RO(phys_addr);
-static struct map_attribute map_virt_addr_attr = __ATTR_RO(virt_addr);
-static struct map_attribute map_num_pages_attr = __ATTR_RO(num_pages);
-static struct map_attribute map_attribute_attr = __ATTR_RO(attribute);
+static struct map_attribute map_type_attr = __ATTR_RO_MODE(type, 0400);
+static struct map_attribute map_phys_addr_attr = __ATTR_RO_MODE(phys_addr, 0400);
+static struct map_attribute map_virt_addr_attr = __ATTR_RO_MODE(virt_addr, 0400);
+static struct map_attribute map_num_pages_attr = __ATTR_RO_MODE(num_pages, 0400);
+static struct map_attribute map_attribute_attr = __ATTR_RO_MODE(attribute, 0400);
/*
* These are default attributes that are added for every memmap entry.
--- a/include/linux/sysfs.h
+++ b/include/linux/sysfs.h
@@ -116,6 +116,12 @@ struct attribute_group {
.show = _name##_show, \
}
+#define __ATTR_RO_MODE(_name, _mode) { \
+ .attr = { .name = __stringify(_name), \
+ .mode = VERIFY_OCTAL_PERMISSIONS(_mode) }, \
+ .show = _name##_show, \
+}
+
#define __ATTR_WO(_name) { \
.attr = { .name = __stringify(_name), .mode = S_IWUSR }, \
.store = _name##_store, \
Patches currently in stable-queue which might be from gregkh@xxxxxxxxxxxxxxxxxxx are
queue-4.4/hv-kvp-avoid-reading-past-allocated-blocks-from-kvp-file.patch
queue-4.4/x.509-reject-invalid-bit-string-for-subjectpublickey.patch
queue-4.4/asn.1-check-for-error-from-asn1_op_end__act-actions.patch
queue-4.4/can-ems_usb-cancel-urb-on-epipe-and-eproto.patch
queue-4.4/efi-esrt-use-memunmap-instead-of-kfree-to-free-the-remapping.patch
queue-4.4/alsa-seq-remove-spurious-warn_on-at-timer-check.patch
queue-4.4/s390-fix-compat-system-call-table.patch
queue-4.4/can-esd_usb2-cancel-urb-on-epipe-and-eproto.patch
queue-4.4/scsi-use-dma_get_cache_alignment-as-minimum-dma-alignment.patch
queue-4.4/can-ti_hecc-fix-napi-poll-return-value-for-repoll.patch
queue-4.4/iommu-vt-d-fix-scatterlist-offset-handling.patch
queue-4.4/can-usb_8dev-cancel-urb-on-epipe-and-eproto.patch
queue-4.4/alsa-pcm-prevent-uaf-in-snd_pcm_info.patch
queue-4.4/can-kvaser_usb-cancel-urb-on-epipe-and-eproto.patch
queue-4.4/isa-prevent-null-dereference-in-isa_bus-driver-callbacks.patch
queue-4.4/alsa-usb-audio-add-check-return-value-for-usb_string.patch
queue-4.4/scsi-dma-mapping-always-provide-dma_get_cache_alignment.patch
queue-4.4/kdb-fix-handling-of-kallsyms_symbol_next-return-value.patch
queue-4.4/can-kvaser_usb-ratelimit-errors-if-incomplete-messages-are-received.patch
queue-4.4/kvm-vmx-remove-i-o-port-0x80-bypass-on-intel-hosts.patch
queue-4.4/efi-move-some-sysfs-files-to-be-read-only-by-root.patch
queue-4.4/virtio-release-virtio-index-when-fail-to-device_register.patch
queue-4.4/can-kvaser_usb-free-buf-in-error-paths.patch
queue-4.4/media-dvb-i2c-transfers-over-usb-cannot-be-done-from-stack.patch
queue-4.4/asn.1-fix-out-of-bounds-read-when-parsing-indefinite-length-item.patch
queue-4.4/scsi-libsas-align-sata_device-s-rps_resp-on-a-cacheline.patch
queue-4.4/arm64-kvm-fix-vttbr_baddr_mask-bug_on-off-by-one.patch
queue-4.4/can-kvaser_usb-fix-comparison-bug-in-kvaser_usb_read_bulk_callback.patch
queue-4.4/drm-exynos-gem-drop-noncontig-flag-for-buffers-allocated-without-iommu.patch
queue-4.4/arm64-fpsimd-prevent-registers-leaking-from-dead-tasks.patch
queue-4.4/alsa-usb-audio-fix-out-of-bound-error.patch
queue-4.4/x86-pci-make-broadcom_postcore_init-check-acpi_disabled.patch