diff options
author | Nathan Lynch <nathanl@linux.ibm.com> | 2022-11-18 09:07:47 -0600 |
---|---|---|
committer | Michael Ellerman <mpe@ellerman.id.au> | 2022-12-07 22:40:43 +1100 |
commit | 98c738c8cee6e5a58d4060862e2f8cf3cdc8a328 (patch) | |
tree | 7b6c856d0a329652e80fda63b3a2048453541093 /arch/powerpc/Kconfig | |
parent | f975b6559bac510f1b1b39637997bb240f0a9969 (diff) |
powerpc/rtas: mandate RTAS syscall filtering
CONFIG_PPC_RTAS_FILTER has been optional but default-enabled since its
introduction. It's been enabled in enterprise distro kernels for a
while without causing ABI breakage that wasn't easily fixed, and it
prevents harmful abuses of the rtas syscall.
Let's make it unconditional.
Signed-off-by: Nathan Lynch <nathanl@linux.ibm.com>
Reviewed-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20221118150751.469393-10-nathanl@linux.ibm.com
Diffstat (limited to 'arch/powerpc/Kconfig')
-rw-r--r-- | arch/powerpc/Kconfig | 13 |
1 files changed, 0 insertions, 13 deletions
diff --git a/arch/powerpc/Kconfig b/arch/powerpc/Kconfig index e21d6de797d6..65952f62ea4b 100644 --- a/arch/powerpc/Kconfig +++ b/arch/powerpc/Kconfig @@ -1044,19 +1044,6 @@ config PPC_SECVAR_SYSFS read/write operations on these variables. Say Y if you have secure boot enabled and want to expose variables to userspace. -config PPC_RTAS_FILTER - bool "Enable filtering of RTAS syscalls" - default y - depends on PPC_RTAS - help - The RTAS syscall API has security issues that could be used to - compromise system integrity. This option enforces restrictions on the - RTAS calls and arguments passed by userspace programs to mitigate - these issues. - - Say Y unless you know what you are doing and the filter is causing - problems for you. - endmenu config ISA_DMA_API |