releases/4.14.206/powercap-restrict-energy-meter-to-root-access.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 949dd0104c496fa7c14991a23c03c62e44637e71 Mon Sep 17 00:00:00 2001
 From: Len Brown <len.brown@intel.com>
 Date: Tue, 10 Nov 2020 13:00:00 -0800
 Subject: powercap: restrict energy meter to root access

 From: Len Brown <len.brown@intel.com>

 commit 949dd0104c496fa7c14991a23c03c62e44637e71 upstream.

 Remove non-privileged user access to power data contained in
 /sys/class/powercap/intel-rapl*/*/energy_uj

 Non-privileged users currently have read access to power data and can
 use this data to form a security attack. Some privileged
 drivers/applications need read access to this data, but don't expose it
 to non-privileged users.

 For example, thermald uses this data to ensure that power management
 works correctly. Thus removing non-privileged access is preferred over
 completely disabling this power reporting capability with
 CONFIG_INTEL_RAPL=n.

 Fixes: 95677a9a3847 ("PowerCap: Fix mode for energy counter")
 Signed-off-by: Len Brown <len.brown@intel.com>
 Cc: stable@vger.kernel.org
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

 ---
  drivers/powercap/powercap_sys.c |    4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

 --- a/drivers/powercap/powercap_sys.c
 +++ b/drivers/powercap/powercap_sys.c
 @@ -379,9 +379,9 @@ static void create_power_zone_common_att
  					&dev_attr_max_energy_range_uj.attr;
  	if (power_zone->ops->get_energy_uj) {
  		if (power_zone->ops->reset_energy_uj)
 -			dev_attr_energy_uj.attr.mode = S_IWUSR | S_IRUGO;
 +			dev_attr_energy_uj.attr.mode = S_IWUSR | S_IRUSR;
  		else
 -			dev_attr_energy_uj.attr.mode = S_IRUGO;
 +			dev_attr_energy_uj.attr.mode = S_IRUSR;
  		power_zone->zone_dev_attrs[count++] =
  					&dev_attr_energy_uj.attr;
  	}
	From 949dd0104c496fa7c14991a23c03c62e44637e71 Mon Sep 17 00:00:00 2001
	From: Len Brown <len.brown@intel.com>
	Date: Tue, 10 Nov 2020 13:00:00 -0800
	Subject: powercap: restrict energy meter to root access

	From: Len Brown <len.brown@intel.com>

	commit 949dd0104c496fa7c14991a23c03c62e44637e71 upstream.

	Remove non-privileged user access to power data contained in
	/sys/class/powercap/intel-rapl//energy_uj

	Non-privileged users currently have read access to power data and can
	use this data to form a security attack. Some privileged
	drivers/applications need read access to this data, but don't expose it
	to non-privileged users.

	For example, thermald uses this data to ensure that power management
	works correctly. Thus removing non-privileged access is preferred over
	completely disabling this power reporting capability with
	CONFIG_INTEL_RAPL=n.

	Fixes: 95677a9a3847 ("PowerCap: Fix mode for energy counter")
	Signed-off-by: Len Brown <len.brown@intel.com>
	Cc: stable@vger.kernel.org
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

	---
	drivers/powercap/powercap_sys.c \| 4 ++--
	1 file changed, 2 insertions(+), 2 deletions(-)

	--- a/drivers/powercap/powercap_sys.c
	+++ b/drivers/powercap/powercap_sys.c
	@@ -379,9 +379,9 @@ static void create_power_zone_common_att
	&dev_attr_max_energy_range_uj.attr;
	if (power_zone->ops->get_energy_uj) {
	if (power_zone->ops->reset_energy_uj)
	- dev_attr_energy_uj.attr.mode = S_IWUSR \| S_IRUGO;
	+ dev_attr_energy_uj.attr.mode = S_IWUSR \| S_IRUSR;
	else
	- dev_attr_energy_uj.attr.mode = S_IRUGO;
	+ dev_attr_energy_uj.attr.mode = S_IRUSR;
	power_zone->zone_dev_attrs[count++] =
	&dev_attr_energy_uj.attr;
	}