summaryrefslogtreecommitdiffstats
path: root/drivers/powercap
diff options
context:
space:
mode:
authorLen Brown <len.brown@intel.com>2020-11-10 13:00:00 -0800
committerLen Brown <len.brown@intel.com>2020-11-10 11:40:57 -0500
commit949dd0104c496fa7c14991a23c03c62e44637e71 (patch)
treea90cbfb8ceb195e7160105a272122f97bab99980 /drivers/powercap
parent3d7772ea5602b88c7c7f0a50d512171a2eed6659 (diff)
downloadlinux-949dd0104c496fa7c14991a23c03c62e44637e71.tar.gz
linux-949dd0104c496fa7c14991a23c03c62e44637e71.tar.bz2
linux-949dd0104c496fa7c14991a23c03c62e44637e71.zip
powercap: restrict energy meter to root access
Remove non-privileged user access to power data contained in /sys/class/powercap/intel-rapl*/*/energy_uj Non-privileged users currently have read access to power data and can use this data to form a security attack. Some privileged drivers/applications need read access to this data, but don't expose it to non-privileged users. For example, thermald uses this data to ensure that power management works correctly. Thus removing non-privileged access is preferred over completely disabling this power reporting capability with CONFIG_INTEL_RAPL=n. Fixes: 95677a9a3847 ("PowerCap: Fix mode for energy counter") Signed-off-by: Len Brown <len.brown@intel.com> Cc: stable@vger.kernel.org
Diffstat (limited to 'drivers/powercap')
-rw-r--r--drivers/powercap/powercap_sys.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/drivers/powercap/powercap_sys.c b/drivers/powercap/powercap_sys.c
index f808c5fa9838..3f0b8e2ef3d4 100644
--- a/drivers/powercap/powercap_sys.c
+++ b/drivers/powercap/powercap_sys.c
@@ -367,9 +367,9 @@ static void create_power_zone_common_attributes(
&dev_attr_max_energy_range_uj.attr;
if (power_zone->ops->get_energy_uj) {
if (power_zone->ops->reset_energy_uj)
- dev_attr_energy_uj.attr.mode = S_IWUSR | S_IRUGO;
+ dev_attr_energy_uj.attr.mode = S_IWUSR | S_IRUSR;
else
- dev_attr_energy_uj.attr.mode = S_IRUGO;
+ dev_attr_energy_uj.attr.mode = S_IRUSR;
power_zone->zone_dev_attrs[count++] =
&dev_attr_energy_uj.attr;
}