Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit af97a77b authored by Greg Kroah-Hartman's avatar Greg Kroah-Hartman Committed by Ingo Molnar
Browse files

efi: Move some sysfs files to be read-only by root 



Thanks to the scripts/leaking_addresses.pl script, it was found that
some EFI values should not be readable by non-root users.

So make them root-only, and to do that, add a __ATTR_RO_MODE() macro to
make this easier, and use it in other places at the same time.

Reported-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Tested-by: default avatarDave Young <dyoung@redhat.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarArd Biesheuvel <ard.biesheuvel@linaro.org>
Cc: H. Peter Anvin <hpa@zytor.com>
Cc: Matt Fleming <matt@codeblueprint.co.uk>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: linux-efi@vger.kernel.org
Cc: stable <stable@vger.kernel.org>
Link: http://lkml.kernel.org/r/20171206095010.24170-2-ard.biesheuvel@linaro.org


Signed-off-by: default avatarIngo Molnar <mingo@kernel.org>
parent 328b4ed9

drivers/firmware/efi/efi.c

+1 −2
Original line number Diff line number Diff line
@@ -143,8 +143,7 @@ static ssize_t systab_show(struct kobject *kobj, 
	return str - buf;

}



static struct kobj_attribute efi_attr_systab =

			__ATTR(systab, 0400, systab_show, NULL);

static struct kobj_attribute efi_attr_systab = __ATTR_RO_MODE(systab, 0400);



#define EFI_FIELD(var) efi.var

drivers/firmware/efi/esrt.c

+6 −9
Original line number Diff line number Diff line
@@ -106,7 +106,7 @@ static const struct sysfs_ops esre_attr_ops = { 
};



/* Generic ESRT Entry ("ESRE") support. */

static ssize_t esre_fw_class_show(struct esre_entry *entry, char *buf)

static ssize_t fw_class_show(struct esre_entry *entry, char *buf)

{

	char *str = buf;
@@ -117,18 +117,16 @@ static ssize_t esre_fw_class_show(struct esre_entry *entry, char *buf) 
	return str - buf;

}



static struct esre_attribute esre_fw_class = __ATTR(fw_class, 0400,

	esre_fw_class_show, NULL);

static struct esre_attribute esre_fw_class = __ATTR_RO_MODE(fw_class, 0400);



#define esre_attr_decl(name, size, fmt) \

static ssize_t esre_##name##_show(struct esre_entry *entry, char *buf) \

static ssize_t name##_show(struct esre_entry *entry, char *buf) \

{ \

	return sprintf(buf, fmt "\n", \

		       le##size##_to_cpu(entry->esre.esre1->name)); \

} \

\

static struct esre_attribute esre_##name = __ATTR(name, 0400, \

	esre_##name##_show, NULL)

static struct esre_attribute esre_##name = __ATTR_RO_MODE(name, 0400)



esre_attr_decl(fw_type, 32, "%u");

esre_attr_decl(fw_version, 32, "%u");
@@ -193,14 +191,13 @@ static int esre_create_sysfs_entry(void *esre, int entry_num) 


/* support for displaying ESRT fields at the top level */

#define esrt_attr_decl(name, size, fmt) \

static ssize_t esrt_##name##_show(struct kobject *kobj, \

static ssize_t name##_show(struct kobject *kobj, \

				  struct kobj_attribute *attr, char *buf)\

{ \

	return sprintf(buf, fmt "\n", le##size##_to_cpu(esrt->name)); \

} \

\

static struct kobj_attribute esrt_##name = __ATTR(name, 0400, \

	esrt_##name##_show, NULL)

static struct kobj_attribute esrt_##name = __ATTR_RO_MODE(name, 0400)



esrt_attr_decl(fw_resource_count, 32, "%u");

esrt_attr_decl(fw_resource_count_max, 32, "%u");

drivers/firmware/efi/runtime-map.c

+5 −5
Original line number Diff line number Diff line
@@ -63,11 +63,11 @@ static ssize_t map_attr_show(struct kobject *kobj, struct attribute *attr, 
	return map_attr->show(entry, buf);

}



static struct map_attribute map_type_attr = __ATTR_RO(type);

static struct map_attribute map_phys_addr_attr   = __ATTR_RO(phys_addr);

static struct map_attribute map_virt_addr_attr  = __ATTR_RO(virt_addr);

static struct map_attribute map_num_pages_attr  = __ATTR_RO(num_pages);

static struct map_attribute map_attribute_attr  = __ATTR_RO(attribute);

static struct map_attribute map_type_attr = __ATTR_RO_MODE(type, 0400);

static struct map_attribute map_phys_addr_attr = __ATTR_RO_MODE(phys_addr, 0400);

static struct map_attribute map_virt_addr_attr = __ATTR_RO_MODE(virt_addr, 0400);

static struct map_attribute map_num_pages_attr = __ATTR_RO_MODE(num_pages, 0400);

static struct map_attribute map_attribute_attr = __ATTR_RO_MODE(attribute, 0400);



/*

 * These are default attributes that are added for every memmap entry.

include/linux/sysfs.h

+6 −0
Original line number Diff line number Diff line
@@ -117,6 +117,12 @@ struct attribute_group { 
	.show	= _name##_show,						\

}



#define __ATTR_RO_MODE(_name, _mode) {					\

	.attr	= { .name = __stringify(_name),				\

		    .mode = VERIFY_OCTAL_PERMISSIONS(_mode) },		\

	.show	= _name##_show,						\

}



#define __ATTR_WO(_name) {						\

	.attr	= { .name = __stringify(_name), .mode = S_IWUSR },	\

	.store	= _name##_store,					\