libnvdimm, namespace: make 'resource' attribute only readable by root

djbw · gregkh · commit 54a8d930b93f · 2017-11-30T08:37:23.000Z
commit c1fb3542074fd0c4d901d778bd52455111e4eb6f upstream. For the same reason that /proc/iomem returns 0's for non-root readers and acpi tables are root-only, make the 'resource' attribute for namespace devices only readable by root. Otherwise we disclose physical address information. Fixes: bf9bccc ("libnvdimm: pmem label sets and namespace instantiation") Reported-by: Dave Hansen <dave.hansen@linux.intel.com> Signed-off-by: Dan Williams <dan.j.williams@intel.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
diff --git a/drivers/nvdimm/namespace_devs.c b/drivers/nvdimm/namespace_devs.c
@@ -1305,7 +1305,7 @@ static umode_t namespace_visible(struct kobject *kobj,
 	if (a == &dev_attr_resource.attr) {
 		if (is_namespace_blk(dev))
 			return 0;
-		return a->mode;
+		return 0400;
 	}
 
 	if (is_namespace_pmem(dev) || is_namespace_blk(dev)) {

Original file line number	Diff line number	Diff line change
`@@ -1305,7 +1305,7 @@ static umode_t namespace_visible(struct kobject *kobj,`
`1305`	`1305`	`if (a == &dev_attr_resource.attr) {`
`1306`	`1306`	`if (is_namespace_blk(dev))`
`1307`	`1307`	`return 0;`
`1308`		`- return a->mode;`
	`1308`	`+ return 0400;`
`1309`	`1309`	`}`
`1310`	`1310`
`1311`	`1311`	`if (is_namespace_pmem(dev) \|\| is_namespace_blk(dev)) {`