From: D Scott Phillips <scott@os.amperecomputing.com>
To: Guenter Roeck <linux@roeck-us.net>, linux-hwmon@vger.kernel.org
Cc: Jean Delvare <jdelvare@suse.com>,
linux-kernel@vger.kernel.org, patches@amperecomputing.com,
Darren Hart <darren@os.amperecomputing.com>,
Ilkka Koskinen <ilkka@os.amperecomputing.com>
Subject: Re: [PATCH] hwmon: (xgene) restrict power measurements to admin by default
Date: Fri, 03 Jun 2022 09:11:01 -0700 [thread overview]
Message-ID: <86leud917u.fsf@scott-ph-mail.amperecomputing.com> (raw)
In-Reply-To: <ccaf859b-55bb-ab06-dbe3-9c8350ec5ac6@roeck-us.net>
Guenter Roeck <linux@roeck-us.net> writes:
> On 6/3/22 08:21, D Scott Phillips wrote:
>> Access to power information can be used to infer the instructions being run
>> and possibly even data being processed on a cpu[1]. Restrict access to
>> power information to administrator users by default. (Cf. a similar
>> powercap change[2].)
>>
>> [1]: Lipp, Moritz, et al. "PLATYPUS: software-based power side-channel
>> attacks on x86." 2021 IEEE Symposium on Security and Privacy (SP).
>> IEEE, 2021.
>> [2]: commit 949dd0104c49 ("powercap: restrict energy meter to root access")
>>
>> Fixes: ed42cfa881e1 ("hwmon: Add xgene hwmon driver")
>> Signed-off-by: D Scott Phillips <scott@os.amperecomputing.com>
>> Cc: stable@vger.kernel.org
>> ---
>> drivers/hwmon/xgene-hwmon.c | 4 ++--
>> 1 file changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/drivers/hwmon/xgene-hwmon.c b/drivers/hwmon/xgene-hwmon.c
>> index 5cde837bfd09..6ad1daf2d354 100644
>> --- a/drivers/hwmon/xgene-hwmon.c
>> +++ b/drivers/hwmon/xgene-hwmon.c
>> @@ -397,9 +397,9 @@ static DEVICE_ATTR_RO(temp1_label);
>> static DEVICE_ATTR_RO(temp1_input);
>> static DEVICE_ATTR_RO(temp1_critical_alarm);
>> static DEVICE_ATTR_RO(power1_label);
>> -static DEVICE_ATTR_RO(power1_input);
>> +static DEVICE_ATTR_ADMIN_RO(power1_input);
>> static DEVICE_ATTR_RO(power2_label);
>> -static DEVICE_ATTR_RO(power2_input);
>> +static DEVICE_ATTR_ADMIN_RO(power2_input);
>>
>> static struct attribute *xgene_hwmon_attrs[] = {
>> &dev_attr_temp1_label.attr,
>
>
> NACK. The hwmon ABI expects world read access. Either find a workaround
> by making the measurements less accurate, or drop the driver. Also see
> commit 9049572fb145 ("hwmon: Remove amd_energy driver"), "Attribute access"
> in Documentation/hwmon/sysfs-interface.rst, and [1].
Ah, I see, thanks for pointing that out, I had missed that. I'm not
confident that the randomization approach can provide robustness against
this attack, so I'll follow up with a patch to drop the driver. Cheers,
Scott
prev parent reply other threads:[~2022-06-03 16:11 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-03 15:21 [PATCH] hwmon: (xgene) restrict power measurements to admin by default D Scott Phillips
2022-06-03 15:37 ` Guenter Roeck
2022-06-03 16:11 ` D Scott Phillips [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=86leud917u.fsf@scott-ph-mail.amperecomputing.com \
--to=scott@os.amperecomputing.com \
--cc=darren@os.amperecomputing.com \
--cc=ilkka@os.amperecomputing.com \
--cc=jdelvare@suse.com \
--cc=linux-hwmon@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=patches@amperecomputing.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox