Jordan Niethe <jniet...@gmail.com> writes:
> Currently the opal log is globally readable. It is kernel policy to limit
> the visibility of physical addresses / kernel pointers to root.
> Given this and the fact the opal log may contain this information it would
> be better to limit the readability to root.
Yikes, thanks for fixing that.
I'll add a Fixes: tag and Cc stable.
I also see symbol_map is 0444, I think that should be fixed too.
cheers
> diff --git a/arch/powerpc/platforms/powernv/opal-msglog.c
> b/arch/powerpc/platforms/powernv/opal-msglog.c
> index acd3206dfae3..06628c71cef6 100644
> --- a/arch/powerpc/platforms/powernv/opal-msglog.c
> +++ b/arch/powerpc/platforms/powernv/opal-msglog.c
> @@ -98,7 +98,7 @@ static ssize_t opal_msglog_read(struct file *file, struct
> kobject *kobj,
> }
>
> static struct bin_attribute opal_msglog_attr = {
> - .attr = {.name = "msglog", .mode = 0444},
> + .attr = {.name = "msglog", .mode = 0400},
> .read = opal_msglog_read
> };
>
> --
> 2.20.1
