projects / platform / kernel / linux-rpi.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 46fabfd) | patch
powerpc/security: Fix debugfs data leak on 32-bit
authorGeert Uytterhoeven <geert+renesas@glider.be>
Mon, 21 Oct 2019 14:23:09 +0000 (16:23 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Sun, 26 Jan 2020 09:00:59 +0000 (10:00 +0100)
commitd5c4594b2043c4eefaae3dbf6f5deb198e33b89f
treed128d36ecfa2839d73e2fb49acd1663c8bbd09betree | snapshot
parent46fabfd623a88fc1f4695cff420a7855e4078010commit | diff
powerpc/security: Fix debugfs data leak on 32-bit

commit 3b05a1e517e1a8cfda4866ec31d28b2bc4fee4c4 upstream.

"powerpc_security_features" is "unsigned long", i.e. 32-bit or 64-bit,
depending on the platform (PPC_FSL_BOOK3E or PPC_BOOK3S_64).  Hence
casting its address to "u64 *", and calling debugfs_create_x64() is
wrong, and leaks 32-bit of nearby data to userspace on 32-bit platforms.

While all currently defined SEC_FTR_* security feature flags fit in
32-bit, they all have "ULL" suffixes to make them 64-bit constants.
Hence fix the leak by changing the type of "powerpc_security_features"
(and the parameter types of its accessors) to "u64".  This also allows
to drop the cast.

Fixes: 398af571128fe75f ("powerpc/security: Show powerpc_security_features in debugfs")
Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20191021142309.28105-1-geert+renesas@glider.be
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
arch/powerpc/include/asm/security_features.h diff | blob | history
arch/powerpc/kernel/security.c diff | blob | history
Domain: System / Kernel;