On Mon, Sep 26, 2022 at 9:18 AM Nathan Lynch <nath...@linux.ibm.com> wrote: > > The error injection facility on pseries VMs allows corruption of > arbitrary guest memory, potentially enabling a sufficiently privileged > user to disable lockdown or perform other modifications of the running > kernel via the rtas syscall. > > Block the PAPR error injection facility from being opened or called > when locked down. > > Signed-off-by: Nathan Lynch <nath...@linux.ibm.com> > --- > arch/powerpc/kernel/rtas.c | 25 ++++++++++++++++++++++++- > include/linux/security.h | 1 + > security/security.c | 1 + > 3 files changed, 26 insertions(+), 1 deletion(-)
The lockdown changes are trivial, but they look fine to me. Acked-by: Paul Moore <p...@paul-moore.com> (LSM) -- paul-moore.com
