powerpc/rtas: mandate RTAS syscall filtering (98c738c8) · Commits · EulixOS / Software / Kernel

arch/powerpc/Kconfig

+0 −13

Original line number	Diff line number	Diff line
		@@ -1044,19 +1044,6 @@ config PPC_SECVAR_SYSFS
		read/write operations on these variables. Say Y if you have
		secure boot enabled and want to expose variables to userspace.

		config PPC_RTAS_FILTER
		bool "Enable filtering of RTAS syscalls"
		default y
		depends on PPC_RTAS
		help
		The RTAS syscall API has security issues that could be used to
		compromise system integrity. This option enforces restrictions on the
		RTAS calls and arguments passed by userspace programs to mitigate
		these issues.

		Say Y unless you know what you are doing and the filter is causing
		problems for you.

		endmenu

		config ISA_DMA_API

+0 −16

Original line number	Diff line number	Diff line
		@@ -1050,8 +1050,6 @@ noinstr struct pseries_errorlog get_pseries_errorlog(struct rtas_error_log log
		return NULL;
		}

		#ifdef CONFIG_PPC_RTAS_FILTER

		/*
		* The sys_rtas syscall, as originally designed, allows root to pass
		* arbitrary physical addresses to RTAS calls. A number of RTAS calls
		@@ -1200,20 +1198,6 @@ static void __init rtas_syscall_filter_init(void)
		rtas_filters[i].token = rtas_token(rtas_filters[i].name);
		}

		#else

		static bool block_rtas_call(int token, int nargs,
		struct rtas_args *args)
		{
		return false;
		}

		static void __init rtas_syscall_filter_init(void)
		{
		}

		#endif /* CONFIG_PPC_RTAS_FILTER */

		/* We assume to be passed big endian arguments */
		SYSCALL_DEFINE1(rtas, struct rtas_args __user *, uargs)
		{