iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
bd59380c5b
linux/arch/powerpc/kernel
History
Andrew Donnellan bd59380c5b powerpc/rtas: Restrict RTAS requests from userspace 
A number of userspace utilities depend on making calls to RTAS to retrieve
information and update various things.

The existing API through which we expose RTAS to userspace exposes more
RTAS functionality than we actually need, through the sys_rtas syscall,
which allows root (or anyone with CAP_SYS_ADMIN) to make any RTAS call they
want with arbitrary arguments.

Many RTAS calls take the address of a buffer as an argument, and it's up to
the caller to specify the physical address of the buffer as an argument. We
allocate a buffer (the "RMO buffer") in the Real Memory Area that RTAS can
access, and then expose the physical address and size of this buffer in
/proc/powerpc/rtas/rmo_buffer. Userspace is expected to read this address,
poke at the buffer using /dev/mem, and pass an address in the RMO buffer to
the RTAS call.

However, there's nothing stopping the caller from specifying whatever
address they want in the RTAS call, and it's easy to construct a series of
RTAS calls that can overwrite arbitrary bytes (even without /dev/mem
access).

Additionally, there are some RTAS calls that do potentially dangerous
things and for which there are no legitimate userspace use cases.

In the past, this would not have been a particularly big deal as it was
assumed that root could modify all system state freely, but with Secure
Boot and lockdown we need to care about this.

We can't fundamentally change the ABI at this point, however we can address
this by implementing a filter that checks RTAS calls against a list
of permitted calls and forces the caller to use addresses within the RMO
buffer.

The list is based off the list of calls that are used by the librtas
userspace library, and has been tested with a number of existing userspace
RTAS utilities. For compatibility with any applications we are not aware of
that require other calls, the filter can be turned off at build time.

Cc: stable@vger.kernel.org
Reported-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20200820044512.7543-1-ajd@linux.ibm.com
2020-10-06 23:22:27 +11:00
..
ptrace powerpc/watchpoint/ptrace: Introduce PPC_DEBUG_FEATURE_DATA_BP_ARCH_31 2020-09-15 22:13:20 +10:00
syscalls all arch: remove system call sys_sysctl 2020-08-14 19:56:56 -07:00
trace powerpc: Add a ppc_inst_as_str() helper 2020-07-23 17:41:36 +10:00
vdso32 Revert "powerpc/build: vdso linker warning for orphan sections" 2020-09-03 15:42:26 +10:00
vdso64 Revert "powerpc/build: vdso linker warning for orphan sections" 2020-09-03 15:42:26 +10:00
.gitignore
align.c powerpc: Use fallthrough pseudo-keyword 2020-07-29 21:09:37 +10:00
asm-offsets.c powerpc/tm: Save and restore AMR on treclaim and trechkpt 2020-10-06 23:22:25 +11:00
audit.c
btext.c mm: reorder includes after introduction of linux/pgtable.h 2020-06-09 09:39:13 -07:00
cacheinfo.c powerpc/cacheinfo: Warn if cache object chain becomes unordered 2020-07-30 22:53:48 +10:00
cacheinfo.h
compat_audit.c
cpu_setup_6xx.S powerpc/32: Blacklist functions running with MMU disabled for kprobe 2020-06-02 20:59:11 +10:00
cpu_setup_44x.S
cpu_setup_fsl_booke.S
cpu_setup_pa6t.S
cpu_setup_power.S powerpc/perf: Initialize power10 PMU registers in cpu setup routine 2020-07-26 23:34:23 +10:00
cpu_setup_ppc970.S
cputable.c powerpc: untangle cputable mce include 2020-10-06 23:22:22 +11:00
crash_dump.c
dawr.c powerpc/watchpoint: Guest support for 2nd DAWR hcall 2020-07-26 23:34:19 +10:00
dbell.c powerpc: Inline doorbell sending functions 2020-07-29 21:02:09 +10:00
dma-iommu.c powerpc/dma: Fix dma_map_ops::get_required_mask 2020-09-08 14:20:55 +10:00
dma-mask.c
dma-swiotlb.c
dt_cpu_ftrs.c powerpc: untangle cputable mce include 2020-10-06 23:22:22 +11:00
early_32.c
eeh_cache.c
eeh_driver.c pci-v5.9-changes 2020-08-07 18:48:15 -07:00
eeh_event.c
eeh_pe.c powerpc/eeh: Clean up PE addressing 2020-10-06 23:22:25 +11:00
eeh_sysfs.c powerpc/eeh: Pass eeh_dev to eeh_ops->resume_notify() 2020-07-26 23:34:20 +10:00
eeh.c powerpc/eeh: Clean up PE addressing 2020-10-06 23:22:25 +11:00
entry_32.S powerpc: Select ARCH_HAS_MEMBARRIER_SYNC_CORE 2020-07-23 17:43:23 +10:00
entry_64.S powerpc/64s: scv entry should set PPR 2020-08-27 17:41:13 +10:00
epapr_hcalls.S
epapr_paravirt.c
exceptions-64e.S powerpc/64e: remove 64s specific interrupt soft-mask code 2020-10-06 23:22:23 +11:00
exceptions-64s.S powerpc updates for 5.9 2020-08-07 10:33:50 -07:00
fadump.c powerpc/fadump: Remove set but not used variable 'elf' 2020-08-25 01:31:32 +10:00
firmware.c powerpc/pseries: Add KVM guest doorbell restrictions 2020-07-29 21:02:10 +10:00
fpu.S powerpc/fpu: Drop cvt_fd() and cvt_df() 2020-09-02 11:00:19 +10:00
fsl_booke_entry_mapping.S
head_8xx.S mm: reorder includes after introduction of linux/pgtable.h 2020-06-09 09:39:13 -07:00
head_32.h powerpc/32: Fix vmap stack - Properly set r1 before activating MMU 2020-09-15 22:13:33 +10:00
head_32.S powerpc/powermac: Fix low_sleep_handler with KUAP and KUEP 2020-09-15 22:13:37 +10:00
head_40x.S powerpc/40x: Fix assembler warning about r0 2020-08-03 22:12:41 +10:00
head_44x.S mm: reorder includes after introduction of linux/pgtable.h 2020-06-09 09:39:13 -07:00
head_64.S powerpc/64: Remove unused generic_secondary_thread_init() 2020-09-08 22:24:17 +10:00
head_booke.h
head_fsl_booke.S mm: reorder includes after introduction of linux/pgtable.h 2020-06-09 09:39:13 -07:00
hw_breakpoint_constraints.c powerpc/watchpoint: Move DAWR detection logic outside of hw_breakpoint.c 2020-09-15 22:13:19 +10:00
hw_breakpoint.c powerpc/watchpoint: Move DAWR detection logic outside of hw_breakpoint.c 2020-09-15 22:13:19 +10:00
idle_6xx.S powerpc/32: Blacklist functions running with MMU disabled for kprobe 2020-06-02 20:59:11 +10:00
idle_book3e.S
idle_book3s.S
idle_e500.S powerpc/32: Blacklist functions running with MMU disabled for kprobe 2020-06-02 20:59:11 +10:00
idle.c powerpc: Move arch_cpu_idle_dead() into smp.c 2020-09-18 19:59:43 +10:00
ima_arch.c
io-workarounds.c mm: reorder includes after introduction of linux/pgtable.h 2020-06-09 09:39:13 -07:00
io.c
iomap.c iomap: constify ioreadX() iomem argument (as in generic implementation) 2020-08-14 19:56:57 -07:00
iommu.c
irq.c powerpc/64: make restore_interrupts 64e only 2020-10-06 23:22:24 +11:00
isa-bridge.c powerpc: remove __ioremap_at and __iounmap_at 2020-06-02 10:59:10 -07:00
jump_label.c
kgdb.c maccess: make get_kernel_nofault() check for minimal type compatibility 2020-06-18 12:10:37 -07:00
kprobes-ftrace.c
kprobes.c powerpc: Add a ppc_inst_as_str() helper 2020-07-23 17:41:36 +10:00
kvm_emul.S
kvm.c
l2cr_6xx.S powerpc/32: Blacklist functions running with MMU disabled for kprobe 2020-06-02 20:59:11 +10:00
legacy_serial.c
Makefile powerpc/watchpoint: Move DAWR detection logic outside of hw_breakpoint.c 2020-09-15 22:13:19 +10:00
mce_power.c powerpc/powernv: Machine check handler for POWER10 2020-07-23 17:43:30 +10:00
mce.c powerpc/64s: Move HMI IRQ stat from percpu variable to paca. 2020-07-29 23:47:53 +10:00
misc_32.S powerpc: Rewrite FSL_BOOKE flush_cache_instruction() in C 2020-09-02 11:00:21 +10:00
misc_64.S powerpc/book3s64/keys/kuap: Reset AMR/IAMR values on kexec 2020-07-20 22:57:59 +10:00
misc.S powerpc/32: Blacklist functions running with MMU disabled for kprobe 2020-06-02 20:59:11 +10:00
module_32.c
module_64.c maccess: rename probe_kernel_{read,write} to copy_{from,to}_kernel_nofault 2020-06-17 10:57:41 -07:00
module.c powerpc: Use MODULES_VADDR if defined 2020-07-27 00:01:30 +10:00
module.lds
msi.c
note.S
nvram_64.c powerpc updates for 5.8 2020-06-05 12:39:30 -07:00
of_platform.c powerpc/eeh: Remove eeh_dev_phb_init_dynamic() 2020-07-26 23:34:19 +10:00
optprobes_head.S
optprobes.c powerpc: Add ppc_inst_as_u64() 2020-05-26 23:36:57 +10:00
paca.c Merge branch 'fixes' into next 2020-07-18 22:43:55 +10:00
pci_32.c
pci_64.c powerpc updates for 5.8 2020-06-05 12:39:30 -07:00
pci_dn.c powerpc/eeh: Rename eeh_{add_to|remove_from}_parent_pe() 2020-07-26 23:34:21 +10:00
pci_of_scan.c
pci-common.c powerpc/pci: unmap legacy INTx interrupts when a PHB is removed 2020-09-15 22:13:39 +10:00
pci-hotplug.c
pmc.c
ppc32.h
ppc_save_regs.S
proc_powerpc.c
process.c powerpc/process: Fix uninitialised variable error 2020-09-18 18:12:46 +10:00
prom_init_check.sh
prom_init.c powerpc/prom_init: Check display props exist before enabling btext 2020-09-18 19:59:44 +10:00
prom_parse.c
prom.c powerpc/mm/book3s: Split radix and hash MAX_PHYSMEM limit 2020-09-15 22:13:22 +10:00
reloc_32.S
reloc_64.S
rtas_flash.c
rtas_pci.c mm: reorder includes after introduction of linux/pgtable.h 2020-06-09 09:39:13 -07:00
rtas-proc.c
rtas-rtc.c
rtas.c powerpc/rtas: Restrict RTAS requests from userspace 2020-10-06 23:22:27 +11:00
rtasd.c powerpc/rtasd: simplify handle_rtas_event(), emit message on events 2020-07-16 13:12:38 +10:00
secure_boot.c powerpc/pseries: Detect secure and trusted boot state of the system. 2020-07-16 14:49:53 +10:00
security.c powerpc/security: Allow for processors that flush the link stack using the special bcctr 2020-07-16 13:12:32 +10:00
secvar-ops.c
secvar-sysfs.c
setup_32.c mm: reorder includes after introduction of linux/pgtable.h 2020-06-09 09:39:13 -07:00
setup_64.c powerpc/64/mm: implement page mapping percpu first chunk allocator 2020-09-15 22:13:22 +10:00
setup-common.c powerpc: Fix P10 PVR revision in /proc/cpuinfo for SMT4 cores 2020-08-17 13:11:22 +10:00
setup.h
signal_32.c powerpc/signal_32: Simplify loop in PPC64 save_general_regs() 2020-07-15 12:04:40 +10:00
signal_64.c powerpc/signal64: Don't opencode page prefaulting 2020-07-15 12:04:40 +10:00
signal.c powerpc/64s: system call support for scv/rfscv instructions 2020-07-22 23:00:27 +10:00
signal.h
smp-tbsync.c
smp.c powerpc/smp: Optimize update_coregroup_mask 2020-10-06 23:22:27 +11:00
stacktrace.c kernel: rename show_stack_loglvl() => show_stack() 2020-06-09 09:39:13 -07:00
suspend.c
swsusp_32.S powerpc/32: Blacklist functions running with MMU disabled for kprobe 2020-06-02 20:59:11 +10:00
swsusp_64.c
swsusp_asm64.S
swsusp_booke.S
swsusp.c
sys_ppc32.c
syscall_64.c Merge branch 'scv' support into next 2020-07-23 17:43:44 +10:00
syscalls.c
sysfs.c powerpc/sysfs: Remove unused 'err' variable in sysfs_create_dscr_default() 2020-09-18 20:05:24 +10:00
systbl_chk.sh
systbl.S
tau_6xx.c powerpc/tau: Disable TAU between measurements 2020-09-15 22:13:30 +10:00
time.c powerpc64: Break asm/percpu.h vs spinlock_types.h dependency 2020-07-10 12:00:01 +02:00
tm.S powerpc/tm: Save and restore AMR on treclaim and trechkpt 2020-10-06 23:22:25 +11:00
traps.c powerpc/32s: Remove TAUException wart in traps.c 2020-07-29 21:08:18 +10:00
ucall.S
udbg_16550.c
udbg.c
uprobes.c powerpc: Add ppc_inst_next() 2020-05-26 23:36:51 +10:00
vdso.c powerpc/vdso: Fix vdso cpu truncation 2020-07-16 13:12:47 +10:00
vecemu.c
vector.S powerpc: re-initialise lazy FPU/VEC counters on every fault 2020-07-16 13:00:24 +10:00
vmlinux.lds.S powerpc updates for 5.8 2020-06-05 12:39:30 -07:00
watchdog.c