Andrew Donnellan <a...@linux.ibm.com> writes: > On Mon, 2022-09-26 at 08:16 -0500, Nathan Lynch wrote: >> The error injection facility on pseries VMs allows corruption of >> arbitrary guest memory, potentially enabling a sufficiently >> privileged >> user to disable lockdown or perform other modifications of the >> running >> kernel via the rtas syscall. >> >> Block the PAPR error injection facility from being opened or called >> when locked down. >> >> Signed-off-by: Nathan Lynch <nath...@linux.ibm.com> > > Is there any circumstance (short of arbitrary code execution etc) where > the rtas_call() check will actually trigger rather than the sys_rtas() > check? (Not that it matters, defence in depth is good.)
Fair question! There are no in-kernel users of rtas_call() that pass the error injection tokens as far as I could tell. Nor am I aware of any out-of-tree users, for that matter. But rtas_call() is the likely most appropriate place to have the lockdown gate should that situation change (as it might, see https://github.com/ibm-power-utilities/librtas/issues/29).
