Re: [PATCH v2 1/2] powerpc/rtas: Restrict RTAS requests from userspace

2020-12-08 Thread Andrew Donnellan
On 9/12/20 5:59 am, Tyrel Datwyler wrote: + { "ibm,open-errinct", -1, -1, -1, -1, -1 }, There is a typo here. Should be ibm,open-errinjct. kernel: [ 1100.408626] sys_rtas: RTAS call blocked - exploit attempt? kernel: [ 1100.408631] sys_rtas: token=0x26, nargs=0 (called by errinjct) Whic

Re: [PATCH v2 1/2] powerpc/rtas: Restrict RTAS requests from userspace

2020-12-08 Thread Tyrel Datwyler
On 8/19/20 9:45 PM, Andrew Donnellan wrote: > A number of userspace utilities depend on making calls to RTAS to retrieve > information and update various things. > > The existing API through which we expose RTAS to userspace exposes more > RTAS functionality than we actually need, through the sys_

Re: [PATCH v2 1/2] powerpc/rtas: Restrict RTAS requests from userspace

2020-10-08 Thread Michael Ellerman
Michael Ellerman writes: > Andrew Donnellan writes: >> On 26/8/20 11:53 pm, Sasha Levin wrote: >>> How should we proceed with this patch? >> >> mpe: I believe we came to the conclusion that we shouldn't put this in >> stable just yet? > > Yeah. > > Let's give it a little time to get some wider t

Re: [PATCH v2 1/2] powerpc/rtas: Restrict RTAS requests from userspace

2020-10-08 Thread Michael Ellerman
Andrew Donnellan writes: > On 26/8/20 11:53 pm, Sasha Levin wrote: >> How should we proceed with this patch? > > mpe: I believe we came to the conclusion that we shouldn't put this in > stable just yet? Yeah. Let's give it a little time to get some wider testing before we backport it. cheers

Re: [PATCH v2 1/2] powerpc/rtas: Restrict RTAS requests from userspace

2020-10-06 Thread Andrew Donnellan
On 26/8/20 11:53 pm, Sasha Levin wrote: How should we proceed with this patch? mpe: I believe we came to the conclusion that we shouldn't put this in stable just yet? -- Andrew Donnellan OzLabs, ADL Canberra a...@linux.ibm.com IBM Australia Limited

Re: [PATCH v2 1/2] powerpc/rtas: Restrict RTAS requests from userspace

2020-10-06 Thread Michael Ellerman
On Thu, 20 Aug 2020 14:45:12 +1000, Andrew Donnellan wrote: > A number of userspace utilities depend on making calls to RTAS to retrieve > information and update various things. > > The existing API through which we expose RTAS to userspace exposes more > RTAS functionality than we actually need,

Re: [PATCH v2 1/2] powerpc/rtas: Restrict RTAS requests from userspace

2020-08-26 Thread Sasha Levin
Hi [This is an automated email] This commit has been processed because it contains a -stable tag. The stable tag indicates that it's relevant for the following trees: all The bot has tested the following trees: v5.8.2, v5.7.16, v5.4.59, v4.19.140, v4.14.193, v4.9.232, v4.4.232. v5.8.2: Build O

[PATCH v2 1/2] powerpc/rtas: Restrict RTAS requests from userspace

2020-08-19 Thread Andrew Donnellan
A number of userspace utilities depend on making calls to RTAS to retrieve information and update various things. The existing API through which we expose RTAS to userspace exposes more RTAS functionality than we actually need, through the sys_rtas syscall, which allows root (or anyone with CAP_SY