Jordan Niethe <jniet...@gmail.com> writes: > Currently the opal log is globally readable. It is kernel policy to limit > the visibility of physical addresses / kernel pointers to root. > Given this and the fact the opal log may contain this information it would > be better to limit the readability to root.
Yikes, thanks for fixing that. I'll add a Fixes: tag and Cc stable. I also see symbol_map is 0444, I think that should be fixed too. cheers > diff --git a/arch/powerpc/platforms/powernv/opal-msglog.c > b/arch/powerpc/platforms/powernv/opal-msglog.c > index acd3206dfae3..06628c71cef6 100644 > --- a/arch/powerpc/platforms/powernv/opal-msglog.c > +++ b/arch/powerpc/platforms/powernv/opal-msglog.c > @@ -98,7 +98,7 @@ static ssize_t opal_msglog_read(struct file *file, struct > kobject *kobj, > } > > static struct bin_attribute opal_msglog_attr = { > - .attr = {.name = "msglog", .mode = 0444}, > + .attr = {.name = "msglog", .mode = 0400}, > .read = opal_msglog_read > }; > > -- > 2.20.1