Commit e7de4f7b authored by Andrew Donnellan's avatar Andrew Donnellan Committed by Michael Ellerman

powerpc/powernv: Restrict OPAL symbol map to only be readable by root

Currently the OPAL symbol map is globally readable, which seems bad as
it contains physical addresses.

Restrict it to root.

Fixes: c8742f85 ("powerpc/powernv: Expose OPAL firmware symbol map")
Cc: stable@vger.kernel.org # v3.19+
Suggested-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
Signed-off-by: default avatarAndrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: default avatarMichael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20190503075253.22798-1-ajd@linux.ibm.com
parent 8b856a09
...@@ -705,7 +705,10 @@ static ssize_t symbol_map_read(struct file *fp, struct kobject *kobj, ...@@ -705,7 +705,10 @@ static ssize_t symbol_map_read(struct file *fp, struct kobject *kobj,
bin_attr->size); bin_attr->size);
} }
static BIN_ATTR_RO(symbol_map, 0); static struct bin_attribute symbol_map_attr = {
.attr = {.name = "symbol_map", .mode = 0400},
.read = symbol_map_read
};
static void opal_export_symmap(void) static void opal_export_symmap(void)
{ {
...@@ -722,10 +725,10 @@ static void opal_export_symmap(void) ...@@ -722,10 +725,10 @@ static void opal_export_symmap(void)
return; return;
/* Setup attributes */ /* Setup attributes */
bin_attr_symbol_map.private = __va(be64_to_cpu(syms[0])); symbol_map_attr.private = __va(be64_to_cpu(syms[0]));
bin_attr_symbol_map.size = be64_to_cpu(syms[1]); symbol_map_attr.size = be64_to_cpu(syms[1]);
rc = sysfs_create_bin_file(opal_kobj, &bin_attr_symbol_map); rc = sysfs_create_bin_file(opal_kobj, &symbol_map_attr);
if (rc) if (rc)
pr_warn("Error %d creating OPAL symbols file\n", rc); pr_warn("Error %d creating OPAL symbols file\n", rc);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment