powercap: restrict energy meter to root access

Remove non-privileged user access to power data contained in
/sys/class/powercap/intel-rapl*/*/energy_uj

Non-privileged users currently have read access to power data and can
use this data to form a security attack. Some privileged
drivers/applications need read access to this data, but don't expose it
to non-privileged users.

For example, thermald uses this data to ensure that power management
works correctly. Thus removing non-privileged access is preferred over
completely disabling this power reporting capability with
CONFIG_INTEL_RAPL=n.

Fixes: 09f951c56e73 ("PowerCap: Fix mode for energy counter")
Signed-off-by: Len Brown <len.brown@intel.com>
Cc: stable@vger.kernel.org

diff --git a/drivers/powercap/powercap_sys.c b/drivers/powercap/powercap_sys.c
index f808c5fa9838ce3b7cd8272b27c1aa38841c9f90..3f0b8e2ef3d46b88f2dddda3ef5a9b912483ec59 100644 (file)
--- a/drivers/powercap/powercap_sys.c
+++ b/drivers/powercap/powercap_sys.c
@@ -367,9 +367,9 @@ static void create_power_zone_common_attributes(
                                        &dev_attr_max_energy_range_uj.attr;
        if (power_zone->ops->get_energy_uj) {
                if (power_zone->ops->reset_energy_uj)
-                       dev_attr_energy_uj.attr.mode = S_IWUSR | S_IRUGO;
+                       dev_attr_energy_uj.attr.mode = S_IWUSR | S_IRUSR;
                else
-                       dev_attr_energy_uj.attr.mode = S_IRUGO;
+                       dev_attr_energy_uj.attr.mode = S_IRUSR;
                power_zone->zone_dev_attrs[count++] =
                                        &dev_attr_energy_uj.attr;
        }