From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:33068 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751963AbdHDTqA (ORCPT ); Fri, 4 Aug 2017 15:46:00 -0400 Subject: Patch "/proc/iomem: only expose physical resource addresses to privileged users" has been added to the 4.4-stable tree To: torvalds@linux-foundation.org, gregkh@linuxfoundation.org, sumit.semwal@linaro.org Cc: , From: Date: Fri, 04 Aug 2017 12:45:58 -0700 Message-ID: <1501875958151217@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled /proc/iomem: only expose physical resource addresses to privileged users to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: proc-iomem-only-expose-physical-resource-addresses-to-privileged-users.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From 51d7b120418e99d6b3bf8df9eb3cc31e8171dee4 Mon Sep 17 00:00:00 2001 From: Linus Torvalds Date: Thu, 14 Apr 2016 12:05:37 -0700 Subject: /proc/iomem: only expose physical resource addresses to privileged users From: Linus Torvalds commit 51d7b120418e99d6b3bf8df9eb3cc31e8171dee4 upstream. In commit c4004b02f8e5b ("x86: remove the kernel code/data/bss resources from /proc/iomem") I was hoping to remove the phyiscal kernel address data from /proc/iomem entirely, but that had to be reverted because some system programs actually use it. This limits all the detailed resource information to properly credentialed users instead. [sumits: this is used in Ubuntu as a fix for CVE-2015-8944] Signed-off-by: Linus Torvalds Signed-off-by: Sumit Semwal Signed-off-by: Greg Kroah-Hartman --- kernel/resource.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) --- a/kernel/resource.c +++ b/kernel/resource.c @@ -105,16 +105,25 @@ static int r_show(struct seq_file *m, vo { struct resource *root = m->private; struct resource *r = v, *p; + unsigned long long start, end; int width = root->end < 0x10000 ? 4 : 8; int depth; for (depth = 0, p = r; depth < MAX_IORES_LEVEL; depth++, p = p->parent) if (p->parent == root) break; + + if (file_ns_capable(m->file, &init_user_ns, CAP_SYS_ADMIN)) { + start = r->start; + end = r->end; + } else { + start = end = 0; + } + seq_printf(m, "%*s%0*llx-%0*llx : %s\n", depth * 2, "", - width, (unsigned long long) r->start, - width, (unsigned long long) r->end, + width, start, + width, end, r->name ? r->name : ""); return 0; } Patches currently in stable-queue which might be from torvalds@linux-foundation.org are queue-4.4/sched-cgroup-move-sched_online_group-back-into-css_online-to-fix-crash.patch queue-4.4/proc-iomem-only-expose-physical-resource-addresses-to-privileged-users.patch queue-4.4/drm-vmwgfx-fix-gcc-7.1.1-warning.patch queue-4.4/isdn-i4l-fix-buffer-overflow.patch queue-4.4/make-file-credentials-available-to-the-seqfile-interfaces.patch