[SRU X/B/F/G/U] LP: #1908710

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[SRU X/B/F/G/U] LP: #1908710

Thadeu Lima de Souza Cascardo-3
When sending the fix for CVE-2020-27777, the following regression was
introduced. It should only affect IBM POWER LPARs, though, and a feature that
allows testing for failures, named error injection. So, marked as Low.

[Impact]
errinjct open fails on IBM POWER LPAR. That prevents error injection
tests to be performed.

[Test case]
Run errinjct open on an LPAR.
Success case:
$ sudo errinjct open
RTAS error injection facility open, token = 1
Failure case:
$ sudo errinjct open
errinjct: Could not open RTAS error injection facility

errinjct: librtas: open: Unexpected I/O error

[Fix]
Typo in RTAS filters.

[Regression potential]
errinjct could still be broken, or other RTAS operations could break,
which could even prevent booting on any IBM POWER systems.



--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[SRU X/B/F/G/U] powerpc/rtas: Fix typo of ibm, open-errinjct in RTAS filter

Thadeu Lima de Souza Cascardo-3
From: Tyrel Datwyler <[hidden email]>

BugLink: https://bugs.launchpad.net/bugs/1908710

Commit bd59380c5ba4 ("powerpc/rtas: Restrict RTAS requests from userspace")
introduced the following error when invoking the errinjct userspace
tool:

  [root@ltcalpine2-lp5 librtas]# errinjct open
  [327884.071171] sys_rtas: RTAS call blocked - exploit attempt?
  [327884.071186] sys_rtas: token=0x26, nargs=0 (called by errinjct)
  errinjct: Could not open RTAS error injection facility
  errinjct: librtas: open: Unexpected I/O error

The entry for ibm,open-errinjct in rtas_filter array has a typo where
the "j" is omitted in the rtas call name. After fixing this typo the
errinjct tool functions again as expected.

  [root@ltcalpine2-lp5 linux]# errinjct open
  RTAS error injection facility open, token = 1

Fixes: bd59380c5ba4 ("powerpc/rtas: Restrict RTAS requests from userspace")
Cc: [hidden email]
Signed-off-by: Tyrel Datwyler <[hidden email]>
Signed-off-by: Michael Ellerman <[hidden email]>
Link: https://lore.kernel.org/r/20201208195434.8289-1-tyreld@...
(cherry picked from commit f10881a46f8914428110d110140a455c66bdf27b)
Signed-off-by: Thadeu Lima de Souza Cascardo <[hidden email]>
---
 arch/powerpc/kernel/rtas.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
index f833aebfed36..e0cb52c47b40 100644
--- a/arch/powerpc/kernel/rtas.c
+++ b/arch/powerpc/kernel/rtas.c
@@ -1094,7 +1094,7 @@ static struct rtas_filter rtas_filters[] __ro_after_init = {
  { "ibm,display-message", -1, 0, -1, -1, -1 },
  { "ibm,errinjct", -1, 2, -1, -1, -1, 1024 },
  { "ibm,close-errinjct", -1, -1, -1, -1, -1 },
- { "ibm,open-errinct", -1, -1, -1, -1, -1 },
+ { "ibm,open-errinjct", -1, -1, -1, -1, -1 },
  { "ibm,get-config-addr-info2", -1, -1, -1, -1, -1 },
  { "ibm,get-dynamic-sensor-state", -1, 1, -1, -1, -1 },
  { "ibm,get-indices", -1, 2, 3, -1, -1 },
--
2.27.0


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK / APPLIED[Unstable]: [SRU X/B/F/G/U] LP: #1908710

Seth Forshee
In reply to this post by Thadeu Lima de Souza Cascardo-3
On Fri, Dec 18, 2020 at 09:55:57AM -0300, Thadeu Lima de Souza Cascardo wrote:

> When sending the fix for CVE-2020-27777, the following regression was
> introduced. It should only affect IBM POWER LPARs, though, and a feature that
> allows testing for failures, named error injection. So, marked as Low.
>
> [Impact]
> errinjct open fails on IBM POWER LPAR. That prevents error injection
> tests to be performed.
>
> [Test case]
> Run errinjct open on an LPAR.
> Success case:
> $ sudo errinjct open
> RTAS error injection facility open, token = 1
> Failure case:
> $ sudo errinjct open
> errinjct: Could not open RTAS error injection facility
>
> errinjct: librtas: open: Unexpected I/O error
>
> [Fix]
> Typo in RTAS filters.
>
> [Regression potential]
> errinjct could still be broken, or other RTAS operations could break,
> which could even prevent booting on any IBM POWER systems.

Acked-by: Seth Forshee <[hidden email]>

Applied to unstable/master, thanks!

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [SRU X/B/F/G/U] LP: #1908710

Stefan Bader-2
In reply to this post by Thadeu Lima de Souza Cascardo-3
On 18.12.20 13:55, Thadeu Lima de Souza Cascardo wrote:

> When sending the fix for CVE-2020-27777, the following regression was
> introduced. It should only affect IBM POWER LPARs, though, and a feature that
> allows testing for failures, named error injection. So, marked as Low.
>
> [Impact]
> errinjct open fails on IBM POWER LPAR. That prevents error injection
> tests to be performed.
>
> [Test case]
> Run errinjct open on an LPAR.
> Success case:
> $ sudo errinjct open
> RTAS error injection facility open, token = 1
> Failure case:
> $ sudo errinjct open
> errinjct: Could not open RTAS error injection facility
>
> errinjct: librtas: open: Unexpected I/O error
>
> [Fix]
> Typo in RTAS filters.
>
> [Regression potential]
> errinjct could still be broken, or other RTAS operations could break,
> which could even prevent booting on any IBM POWER systems.
>
>
>
Acked-by: Stefan Bader <[hidden email]>


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

APPLIED: [SRU X/B/F/G/U] LP: #1908710

Kelsey Skunberg
In reply to this post by Thadeu Lima de Souza Cascardo-3
This was already in B/F/G from an upstream patch set, though applied to
xenial/master-next. thank you!

-Kelsey

On 2020-12-18 09:55:57 , Thadeu Lima de Souza Cascardo wrote:

> When sending the fix for CVE-2020-27777, the following regression was
> introduced. It should only affect IBM POWER LPARs, though, and a feature that
> allows testing for failures, named error injection. So, marked as Low.
>
> [Impact]
> errinjct open fails on IBM POWER LPAR. That prevents error injection
> tests to be performed.
>
> [Test case]
> Run errinjct open on an LPAR.
> Success case:
> $ sudo errinjct open
> RTAS error injection facility open, token = 1
> Failure case:
> $ sudo errinjct open
> errinjct: Could not open RTAS error injection facility
>
> errinjct: librtas: open: Unexpected I/O error
>
> [Fix]
> Typo in RTAS filters.
>
> [Regression potential]
> errinjct could still be broken, or other RTAS operations could break,
> which could even prevent booting on any IBM POWER systems.
>
>
>
> --
> kernel-team mailing list
> [hidden email]
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team