[PATCH v2 2/2] powerpc/rtas: block error injection when locked down

Nathan Lynch nathanl at linux.ibm.com
Wed Sep 28 16:23:08 UTC 2022


Andrew Donnellan <ajd at linux.ibm.com> writes:

> On Mon, 2022-09-26 at 08:16 -0500, Nathan Lynch wrote:
>> The error injection facility on pseries VMs allows corruption of
>> arbitrary guest memory, potentially enabling a sufficiently
>> privileged
>> user to disable lockdown or perform other modifications of the
>> running
>> kernel via the rtas syscall.
>> 
>> Block the PAPR error injection facility from being opened or called
>> when locked down.
>> 
>> Signed-off-by: Nathan Lynch <nathanl at linux.ibm.com>
>
> Is there any circumstance (short of arbitrary code execution etc) where
> the rtas_call() check will actually trigger rather than the sys_rtas()
> check? (Not that it matters, defence in depth is good.)

Fair question! There are no in-kernel users of rtas_call() that pass the
error injection tokens as far as I could tell. Nor am I aware of any
out-of-tree users, for that matter. But rtas_call() is the likely most
appropriate place to have the lockdown gate should that situation change
(as it might, see https://github.com/ibm-power-utilities/librtas/issues/29).



More information about the Linux-security-module-archive mailing list