Message ID | 1497012990-82012-2-git-send-email-brad.figg@canonical.com |
---|---|
State | New |
Headers | show |
On Fri, Jun 09, 2017 at 05:56:30AM -0700, Brad Figg wrote: > From: Linus Torvalds <torvalds@linux-foundation.org> > > CVE-2015-8944 > > In commit c4004b02f8e5b ("x86: remove the kernel code/data/bss resources > from /proc/iomem") I was hoping to remove the phyiscal kernel address > data from /proc/iomem entirely, but that had to be reverted because some > system programs actually use it. > > This limits all the detailed resource information to properly > credentialed users instead. > > Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> > (cherry picked from commit 51d7b120418e99d6b3bf8df9eb3cc31e8171dee4) > Signed-off-by: Brad Figg <brad.figg@canonical.com> > --- > kernel/resource.c | 13 +++++++++++-- > 1 file changed, 11 insertions(+), 2 deletions(-) > > diff --git a/kernel/resource.c b/kernel/resource.c > index 449282e..b97a740 100644 > --- a/kernel/resource.c > +++ b/kernel/resource.c > @@ -95,16 +95,25 @@ static int r_show(struct seq_file *m, void *v) > { > struct resource *root = m->private; > struct resource *r = v, *p; > + unsigned long long start, end; > int width = root->end < 0x10000 ? 4 : 8; > int depth; > > for (depth = 0, p = r; depth < MAX_IORES_LEVEL; depth++, p = p->parent) > if (p->parent == root) > break; > + > + if (file_ns_capable(m->file, &init_user_ns, CAP_SYS_ADMIN)) { > + start = r->start; > + end = r->end; > + } else { > + start = end = 0; > + } > + > seq_printf(m, "%*s%0*llx-%0*llx : %s\n", > depth * 2, "", > - width, (unsigned long long) r->start, > - width, (unsigned long long) r->end, > + width, start, > + width, end, > r->name ? r->name : "<BAD>"); > return 0; > } Clean cherry-pick. Looks to do what is claimed. Therefore: Acked-by: Andy Whitcroft <apw@canonical.com> -apw
Applied to T/X master-next (ignored for V due to severity) Thanks, -Stefan
On 09.06.2017 14:56, Brad Figg wrote: > From: Linus Torvalds <torvalds@linux-foundation.org> > > CVE-2015-8944 > > In commit c4004b02f8e5b ("x86: remove the kernel code/data/bss resources > from /proc/iomem") I was hoping to remove the phyiscal kernel address > data from /proc/iomem entirely, but that had to be reverted because some > system programs actually use it. > > This limits all the detailed resource information to properly > credentialed users instead. > > Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> > (cherry picked from commit 51d7b120418e99d6b3bf8df9eb3cc31e8171dee4) > Signed-off-by: Brad Figg <brad.figg@canonical.com> > --- > kernel/resource.c | 13 +++++++++++-- > 1 file changed, 11 insertions(+), 2 deletions(-) > > diff --git a/kernel/resource.c b/kernel/resource.c > index 449282e..b97a740 100644 > --- a/kernel/resource.c > +++ b/kernel/resource.c > @@ -95,16 +95,25 @@ static int r_show(struct seq_file *m, void *v) > { > struct resource *root = m->private; > struct resource *r = v, *p; > + unsigned long long start, end; > int width = root->end < 0x10000 ? 4 : 8; > int depth; > > for (depth = 0, p = r; depth < MAX_IORES_LEVEL; depth++, p = p->parent) > if (p->parent == root) > break; > + > + if (file_ns_capable(m->file, &init_user_ns, CAP_SYS_ADMIN)) { struct seq_file does not hold a reference to file in X/T. This was only introduced in 34dbbcdb (v4.6). -Stefan > + start = r->start; > + end = r->end; > + } else { > + start = end = 0; > + } > + > seq_printf(m, "%*s%0*llx-%0*llx : %s\n", > depth * 2, "", > - width, (unsigned long long) r->start, > - width, (unsigned long long) r->end, > + width, start, > + width, end, > r->name ? r->name : "<BAD>"); > return 0; > } >
diff --git a/kernel/resource.c b/kernel/resource.c index 449282e..b97a740 100644 --- a/kernel/resource.c +++ b/kernel/resource.c @@ -95,16 +95,25 @@ static int r_show(struct seq_file *m, void *v) { struct resource *root = m->private; struct resource *r = v, *p; + unsigned long long start, end; int width = root->end < 0x10000 ? 4 : 8; int depth; for (depth = 0, p = r; depth < MAX_IORES_LEVEL; depth++, p = p->parent) if (p->parent == root) break; + + if (file_ns_capable(m->file, &init_user_ns, CAP_SYS_ADMIN)) { + start = r->start; + end = r->end; + } else { + start = end = 0; + } + seq_printf(m, "%*s%0*llx-%0*llx : %s\n", depth * 2, "", - width, (unsigned long long) r->start, - width, (unsigned long long) r->end, + width, start, + width, end, r->name ? r->name : "<BAD>"); return 0; }