Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp4045216ybg;
        Fri, 25 Oct 2019 12:31:45 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyrADESmti5l1STtvAOVNnE6gM+HNNxq66XXL+veIjfeAPaRgcR1bdMCo6butZ0rNp/MTjl
X-Received: by 2002:a05:6402:21c7:: with SMTP id bi7mr5842804edb.205.1572031905168;
        Fri, 25 Oct 2019 12:31:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1572031905; cv=none;
        d=google.com; s=arc-20160816;
        b=EsrD1g/tSeIf5I0RLpYNBSQYpC5fiacNEvjXncEOnZPI5QaMCNi0XLbG+BShfTxEog
         s9kl+G9ffDFFQNzht7cWWEI4uEtdLC65atodi5hwsUETPj1o16WOqweWiP2TD2fA54jZ
         4fS9t2AHL8N44OpmFMGbHruFbCk2f43XuvVakdt0SJAPFPxL/jyWLCkMEGvbI0hGJfPq
         H3pVt7LgPogGZCjdsdtuwLSVpHpNt9lbYaqpiMkRMJn3dw/+aW0r4GiEDsdf3TC3t3F9
         fpGqJDbvmCLWHsEYGemKywHZ0XAV6d+DXWxiyJzQ9vtscs1UmoL3ItJgGX6nIegMfubd
         nFhg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from;
        bh=YJGI6GZUuCDJwkl4qJPZn5kUgNeuheDS5qGLlpIkC+Q=;
        b=kMFyFF+yytI9GzR63pGntC6RNXzUtCRpcAWUmdCppnzdjpZIWt50y6iDzH8R5FYeMb
         Cdd5ia/5PnXiIATlAifnKn6GHWU4DIYNPO4ZoJcd71WF+2V3X4Y42vMJdYoc9/66tdib
         1CYUHonRo390CpUJwaY5oJHmhgxPgNTMVkNGW8lCPY1PwLIOd4Bsa6vDE7XRU4feoqhC
         3vZH1ExydhmiiLFuU2fNPHEqLSR88jEtk2oj2DDSJgngBiw6ufaop/4mYJLlEBEWjcXn
         Wie5vd2VLefSCRFgMT5pN+WgMtrVT+OFCx946avim/I463Xql01B9o4oJW7R/r/ugDa3
         Wx4Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g31si2255602edg.206.2019.10.25.12.31.21;
        Fri, 25 Oct 2019 12:31:45 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2438052AbfJYIzc (ORCPT <rfc822;arandomawesomegeek@gmail.com>
        + 99 others); Fri, 25 Oct 2019 04:55:32 -0400
Received: from mxhk.zte.com.cn ([63.217.80.70]:61072 "EHLO mxhk.zte.com.cn"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2437607AbfJYIzc (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 25 Oct 2019 04:55:32 -0400
Received: from mse-fl2.zte.com.cn (unknown [10.30.14.239])
        by Forcepoint Email with ESMTPS id 1E91D67EC5D1120E5763;
        Fri, 25 Oct 2019 16:55:28 +0800 (CST)
Received: from notes_smtp.zte.com.cn (notessmtp.zte.com.cn [10.30.1.239])
        by mse-fl2.zte.com.cn with ESMTP id x9P8sScR049383;
        Fri, 25 Oct 2019 16:54:28 +0800 (GMT-8)
        (envelope-from zhang.lin16@zte.com.cn)
Received: from fox-host8.localdomain ([10.74.120.8])
          by szsmtp06.zte.com.cn (Lotus Domino Release 8.5.3FP6)
          with ESMTP id 2019102516550472-127499 ;
          Fri, 25 Oct 2019 16:55:04 +0800 
From:   zhanglin <zhang.lin16@zte.com.cn>
To:     dan.j.williams@intel.com
Cc:     akpm@linux-foundation.org, jgg@ziepe.ca, mingo@kernel.org,
        dave.hansen@linux.intel.com, namit@vmware.com, bp@suse.de,
        christophe.leroy@c-s.fr, rdunlap@infradead.org, osalvador@suse.de,
        richardw.yang@linux.intel.com, linux-kernel@vger.kernel.org,
        xue.zhihong@zte.com.cn, wang.yi59@zte.com.cn,
        jiang.xuexin@zte.com.cn, zhanglin <zhang.lin16@zte.com.cn>
Subject: [PATCH] kernel: Restrict permissions of /proc/iomem.
Date:   Fri, 25 Oct 2019 16:56:41 +0800
Message-Id: <1571993801-12665-1-git-send-email-zhang.lin16@zte.com.cn>
X-Mailer: git-send-email 1.8.3.1
X-MIMETrack: Itemize by SMTP Server on SZSMTP06/server/zte_ltd(Release 8.5.3FP6|November
 21, 2013) at 2019-10-25 16:55:04,
        Serialize by Router on notes_smtp/zte_ltd(Release 9.0.1FP7|August  17, 2016) at
 2019-10-25 16:54:34,
        Serialize complete at 2019-10-25 16:54:34
X-MAIL: mse-fl2.zte.com.cn x9P8sScR049383
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

The permissions of /proc/iomem currently are -r--r--r--. Everyone can
see its content. As iomem contains information about the physical memory
content of the device, restrict the information only to root.

Signed-off-by: zhanglin <zhang.lin16@zte.com.cn>
---
 kernel/resource.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/kernel/resource.c b/kernel/resource.c
index 30e1bc6..844456e 100644
--- a/kernel/resource.c
+++ b/kernel/resource.c
@@ -139,7 +139,8 @@ static int __init ioresources_init(void)
 {
 	proc_create_seq_data("ioports", 0, NULL, &resource_op,
 			&ioport_resource);
-	proc_create_seq_data("iomem", 0, NULL, &resource_op, &iomem_resource);
+	proc_create_seq_data("iomem", S_IRUSR, NULL, &resource_op,
+			&iomem_resource);
 	return 0;
 }
 __initcall(ioresources_init);
-- 
2.15.2