[SRU X/B/F/G/U] LP: #1908710

When sending the fix for CVE-2020-27777, the following regression was
introduced. It should only affect IBM POWER LPARs, though, and a feature that
allows testing for failures, named error injection. So, marked as Low.

[Impact]
errinjct open fails on IBM POWER LPAR. That prevents error injection
tests to be performed.

[Test case]
Run errinjct open on an LPAR.
Success case:
$ sudo errinjct open
RTAS error injection facility open, token = 1
Failure case:
$ sudo errinjct open
errinjct: Could not open RTAS error injection facility

errinjct: librtas: open: Unexpected I/O error

[Fix]
Typo in RTAS filters.

[Regression potential]
errinjct could still be broken, or other RTAS operations could break,
which could even prevent booting on any IBM POWER systems.



--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

From: Tyrel Datwyler <[hidden email]>

BugLink: https://bugs.launchpad.net/bugs/1908710

Commit bd59380c5ba4 ("powerpc/rtas: Restrict RTAS requests from userspace")
introduced the following error when invoking the errinjct userspace
tool:

  [root@ltcalpine2-lp5 librtas]# errinjct open
  [327884.071171] sys_rtas: RTAS call blocked - exploit attempt?
  [327884.071186] sys_rtas: token=0x26, nargs=0 (called by errinjct)
  errinjct: Could not open RTAS error injection facility
  errinjct: librtas: open: Unexpected I/O error

The entry for ibm,open-errinjct in rtas_filter array has a typo where
the "j" is omitted in the rtas call name. After fixing this typo the
errinjct tool functions again as expected.

  [root@ltcalpine2-lp5 linux]# errinjct open
  RTAS error injection facility open, token = 1

Fixes: bd59380c5ba4 ("powerpc/rtas: Restrict RTAS requests from userspace")
Cc: [hidden email]
Signed-off-by: Tyrel Datwyler <[hidden email]>
Signed-off-by: Michael Ellerman <[hidden email]>
Link: https://lore.kernel.org/r/20201208195434.8289-1-tyreld@...
(cherry picked from commit f10881a46f8914428110d110140a455c66bdf27b)
Signed-off-by: Thadeu Lima de Souza Cascardo <[hidden email]>
---
 arch/powerpc/kernel/rtas.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/powerpc/kernel/rtas.c b/arch/powerpc/kernel/rtas.c
index f833aebfed36..e0cb52c47b40 100644
--- a/arch/powerpc/kernel/rtas.c
+++ b/arch/powerpc/kernel/rtas.c
@@ -1094,7 +1094,7 @@ static struct rtas_filter rtas_filters[] __ro_after_init = {
  { "ibm,display-message", -1, 0, -1, -1, -1 },
  { "ibm,errinjct", -1, 2, -1, -1, -1, 1024 },
  { "ibm,close-errinjct", -1, -1, -1, -1, -1 },
- { "ibm,open-errinct", -1, -1, -1, -1, -1 },
+ { "ibm,open-errinjct", -1, -1, -1, -1, -1 },
  { "ibm,get-config-addr-info2", -1, -1, -1, -1, -1 },
  { "ibm,get-dynamic-sensor-state", -1, 1, -1, -1, -1 },
  { "ibm,get-indices", -1, 2, 3, -1, -1 },
--
2.27.0


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

On Fri, Dec 18, 2020 at 09:55:57AM -0300, Thadeu Lima de Souza Cascardo wrote:
Acked-by: Seth Forshee <[hidden email]>

Applied to unstable/master, thanks!

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

On 18.12.20 13:55, Thadeu Lima de Souza Cascardo wrote:

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team

This was already in B/F/G from an upstream patch set, though applied to
xenial/master-next. thank you!

-Kelsey

On 2020-12-18 09:55:57 , Thadeu Lima de Souza Cascardo wrote:
--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team