powerpc/rtas: mandate RTAS syscall filtering

CONFIG_PPC_RTAS_FILTER has been optional but default-enabled since its
introduction. It's been enabled in enterprise distro kernels for a
while without causing ABI breakage that wasn't easily fixed, and it
prevents harmful abuses of the rtas syscall.

Let's make it unconditional.

Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com>
Reviewed-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20221118150751.469393-10-nathanl@linux.ibm.com

diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig
index e21d6de797d6e6fb328689a5f648edb1435d8e8c..65952f62ea4bed54261990d5eca0bd469e5b77a1 100644 (file)
--- a/arch/powerpc/Kconfig
+++ b/arch/powerpc/Kconfig
@@ -1044,19 +1044,6 @@ config PPC_SECVAR_SYSFS
          read/write operations on these variables. Say Y if you have
          secure boot enabled and want to expose variables to userspace.
 
-config PPC_RTAS_FILTER
-       bool "Enable filtering of RTAS syscalls"
-       default y
-       depends on PPC_RTAS
-       help
-         The RTAS syscall API has security issues that could be used to
-         compromise system integrity. This option enforces restrictions on the
-         RTAS calls and arguments passed by userspace programs to mitigate
-         these issues.
-
-         Say Y unless you know what you are doing and the filter is causing
-         problems for you.
-
 endmenu
 
 config ISA_DMA_API

diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
index 10c19228aaa37903205c847426eba876ddb77146..deded51a79784ba17e40f569ef2640d9331f51ad 100644 (file)
--- a/arch/powerpc/kernel/rtas.c
+++ b/arch/powerpc/kernel/rtas.c
@@ -1050,8 +1050,6 @@ noinstr struct pseries_errorlog *get_pseries_errorlog(struct rtas_error_log *log
        return NULL;
 }
 
-#ifdef CONFIG_PPC_RTAS_FILTER
-
 /*
  * The sys_rtas syscall, as originally designed, allows root to pass
  * arbitrary physical addresses to RTAS calls. A number of RTAS calls
@@ -1200,20 +1198,6 @@ static void __init rtas_syscall_filter_init(void)
                rtas_filters[i].token = rtas_token(rtas_filters[i].name);
 }
 
-#else
-
-static bool block_rtas_call(int token, int nargs,
-                           struct rtas_args *args)
-{
-       return false;
-}
-
-static void __init rtas_syscall_filter_init(void)
-{
-}
-
-#endif /* CONFIG_PPC_RTAS_FILTER */
-
 /* We assume to be passed big endian arguments */
 SYSCALL_DEFINE1(rtas, struct rtas_args __user *, uargs)
 {