ANDROID: tegra: cl_dvfs arbitrary kernel memory access Remove "/sys/kernel/debug/clock/dfll_cpu/cl_dvfs/registers" node as this allows a root attacker to arbitrarily adjust kernel to their whim beyond what root alone can do. i.e. bypass drm. NB: User builds do not expose debugfs Signed-off-by: Mark Salyzyn <salyzyn@google.com> Bug: 29518457 Change-Id: I6de19064f1748e57c86873e0d8578a627fba0efc

commit: a139acc1c48ec838aab3d592a1c964fe675a0cf4 [log] [tgz]
author: Mark Salyzyn <salyzyn@google.com> Thu Jul 21 09:31:42 2016 -0700
committer: Mark Salyzyn <salyzyn@google.com> Thu Jul 21 09:46:55 2016 -0700
tree: abb5f8cff07fea44725ea32340272e8c329ebe4e
parent: 206880cb7c1bb9e0ade28b9d96adabf1b9e2fe90 [diff]
diff --git a/arch/arm/mach-tegra/tegra_cl_dvfs.c b/arch/arm/mach-tegra/tegra_cl_dvfs.c
index 6dd7712..08c6e99 100644
--- a/arch/arm/mach-tegra/tegra_cl_dvfs.c
+++ b/arch/arm/mach-tegra/tegra_cl_dvfs.c

@@ -3215,6 +3215,7 @@
 	return 0;
 }
 
+#if defined(BUG_29518457)
 static int cl_register_open(struct inode *inode, struct file *file)
 {
 	return single_open(file, cl_register_show, inode->i_private);
@@ -3256,6 +3257,7 @@
 	.llseek		= seq_lseek,
 	.release	= single_release,
 };
+#endif
 
 int __init tegra_cl_dvfs_debug_init(struct clk *dfll_clk)
 {
@@ -3316,9 +3318,11 @@
 		cl_dvfs_dentry, dfll_clk, &cl_profiles_fops))
 		goto err_out;
 
+#if defined(BUG_29518457)
 	if (!debugfs_create_file("registers", S_IRUGO | S_IWUSR,
 		cl_dvfs_dentry, dfll_clk, &cl_register_fops))
 		goto err_out;
+#endif
 
 	return 0;
commit	a139acc1c48ec838aab3d592a1c964fe675a0cf4	[log] [tgz]
author	Mark Salyzyn <salyzyn@google.com>	Thu Jul 21 09:31:42 2016 -0700
committer	Mark Salyzyn <salyzyn@google.com>	Thu Jul 21 09:46:55 2016 -0700
tree	abb5f8cff07fea44725ea32340272e8c329ebe4e
parent	206880cb7c1bb9e0ade28b9d96adabf1b9e2fe90 [diff]