Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp3662670img;
        Mon, 25 Mar 2019 15:11:57 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzJ842vf5dCNHJbebc0cFULrAa4C8hHXX1VeSniMxlBnGgydiH+Ekrt5+p2MLFGfMHTlsVb
X-Received: by 2002:a63:e303:: with SMTP id f3mr25420627pgh.374.1553551917477;
        Mon, 25 Mar 2019 15:11:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1553551917; cv=none;
        d=google.com; s=arc-20160816;
        b=dBC/Xu5wkGyz1AfVwzPcvtnZ1u0029DcvDtRjh+slWRRYrYaeQx4f765g3HhhqXRXM
         gxrzfY0zT+eRCbP323BF81qX3WxOQUsAOE0PSfnph/oLjYjPwSUif4ONMYIXT29Zw2iI
         PM2q5eDlS4ydRPyG3xFVzi9XHpHoEfORAzN3AjtAS9oxLGaZyKS1B7jZvOfg2QmrpQJT
         jGO+rxxE++ZDCD8H6bQb0BFrmmokR6d7vC5kgTEjIbZzqMaOSfPdRxsP7LB1OWI6TKuB
         inNNFnWfnI2RhTdOmRk6Q2/sI1rNikj6X+FVXuaZbfI6NoUuVW2oaeWrwc1cXqYRxj1O
         Ustg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:from:subject:references
         :mime-version:message-id:in-reply-to:date:dkim-signature;
        bh=hmYNaFdsLzMxO/YCEIEvJsYLVrtmlenBIeDGJtGu3OM=;
        b=HSFTngGNolyJlY8q62sigCg1pJEUPR+CKQ1fpAwux8+i3g5Q6o32y9QX8ciqaPmXdL
         0hoXGB9IymPG/D4lhTh5lGiXm53+FwkrHR8HOow+dI3kUf6HJ/FyH4ssQ9lcd5ri/8i4
         eQc9DQyjbQU41w91hcfyx22FlNSpCAFqjB0nohyUnx0qEzl+F4ElB9T/agqquXVSKg3V
         140ZyiR+Q6sXuFjGdzpQXMYAzajUMNkWp5GdoPK4TZ6qfvNXcwiXzM0eBSx5fm83XxX3
         z4Es4iYFZbj06oemT3AzK+VWsgG0kwD+fftALS9Ll91w4k1xNZ7nCwcuXwUNIvcyB/rn
         WJ5Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=WJr9K5Ng;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id r66si14333921pfr.196.2019.03.25.15.11.42;
        Mon, 25 Mar 2019 15:11:57 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=WJr9K5Ng;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731048AbfCYWKi (ORCPT <rfc822;deadfox.tw@gmail.com>
        + 99 others); Mon, 25 Mar 2019 18:10:38 -0400
Received: from mail-pf1-f201.google.com ([209.85.210.201]:53746 "EHLO
        mail-pf1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1731033AbfCYWKh (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 25 Mar 2019 18:10:37 -0400
Received: by mail-pf1-f201.google.com with SMTP id o67so10569400pfa.20
        for <linux-kernel@vger.kernel.org>; Mon, 25 Mar 2019 15:10:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:in-reply-to:message-id:mime-version:references:subject:from:to
         :cc;
        bh=hmYNaFdsLzMxO/YCEIEvJsYLVrtmlenBIeDGJtGu3OM=;
        b=WJr9K5NgaEvPnAiYcVXgNCci/FaQmP1mLDAruGRbuoJYCIIIAIHCe8AoJ7Kr/r7XTQ
         GQw08DDyEUVpKvHTAEIb+sEPYXaATnoEYcMU6RUM1j1Tho9BRATvED8dklQVfey1WoCS
         5Zw2P9yQRsZ3CfcPkjLEJGSVsIfKaucUb4rie3Em8mgNadzfJUISMHz/jGWDE1Fa8RBq
         AE2BTFqdLHnL2BpGCs/nUCP1iEIBaaePrRAiduat/JTEYNX3z9pzJ+ITXdHdNLZkF0N4
         S8pT0CxX6x4PrXc7LM2QN3tHBFsDnMAzcAJRZmMLq007lOBsanWryVyF2DgZD6WVGgwW
         Iyhg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:in-reply-to:message-id:mime-version
         :references:subject:from:to:cc;
        bh=hmYNaFdsLzMxO/YCEIEvJsYLVrtmlenBIeDGJtGu3OM=;
        b=A0slRVDSmJxXhpvLLPXUziJ/LuYgwo+fQFwl1M8ujEYWt6fU+Yivrwi952uTgzAIR3
         a7FgyBnLOCK8f+cxWSVIyp+ke6dS7VFvq0pXnVNExNQjiLmn1RD7SH1A853k4UstEg1x
         zgu5q1sYWLv6y8QqOm4PeN6k24WIDE+eyU95y93jkS/QIIXTd3OSUifBhEO1wTaBiD0X
         rXtAbYvYwOPIwRmzujOLCe9FW57DHpxxibnbVckOZCGUC0HmD5Sy/b+fcxE1+ZBuXDmd
         X+d89cqg5eLX3C+/yY0HLhOUPKGVAYoBE//e+Fyz9pMwTUTt5KWoykYCr1ReQqlOEJeS
         9iVA==
X-Gm-Message-State: APjAAAUR+Syqyygv0dLwUtFHff3HnxGOSU6jwmEPaxcNhv/OgX0roV4n
        6HMrn070y0FajMFjExXd95fN6ErvuGLrGNRY27zbog==
X-Received: by 2002:a63:4e10:: with SMTP id c16mr26146963pgb.302.1553551836682;
 Mon, 25 Mar 2019 15:10:36 -0700 (PDT)
Date:   Mon, 25 Mar 2019 15:09:42 -0700
In-Reply-To: <20190325220954.29054-1-matthewgarrett@google.com>
Message-Id: <20190325220954.29054-16-matthewgarrett@google.com>
Mime-Version: 1.0
References: <20190325220954.29054-1-matthewgarrett@google.com>
X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog
Subject: [PATCH 15/27] acpi: Disable ACPI table override if the kernel is
 locked down
From:   Matthew Garrett <matthewgarrett@google.com>
To:     jmorris@namei.org
Cc:     linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, dhowells@redhat.com,
        Linn Crosetto <linn@hpe.com>, linux-acpi@vger.kernel.org,
        Matthew Garrett <matthewgarrett@google.com>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Linn Crosetto <linn@hpe.com>

From the kernel documentation (initrd_table_override.txt):

  If the ACPI_INITRD_TABLE_OVERRIDE compile option is true, it is possible
  to override nearly any ACPI table provided by the BIOS with an
  instrumented, modified one.

When securelevel is set, the kernel should disallow any unauthenticated
changes to kernel space.  ACPI tables contain code invoked by the kernel,
so do not allow ACPI tables to be overridden if the kernel is locked down.

Signed-off-by: Linn Crosetto <linn@hpe.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: linux-acpi@vger.kernel.org
Signed-off-by: Matthew Garrett <matthewgarrett@google.com>
---
 drivers/acpi/tables.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/acpi/tables.c b/drivers/acpi/tables.c
index 48eabb6c2d4f..f3b4117cd8f3 100644
--- a/drivers/acpi/tables.c
+++ b/drivers/acpi/tables.c
@@ -531,6 +531,11 @@ void __init acpi_table_upgrade(void)
 	if (table_nr == 0)
 		return;
 
+	if (kernel_is_locked_down("ACPI table override")) {
+		pr_notice("kernel is locked down, ignoring table override\n");
+		return;
+	}
+
 	acpi_tables_addr =
 		memblock_find_in_range(0, ACPI_TABLE_UPGRADE_MAX_PHYS,
 				       all_tables_size, PAGE_SIZE);
-- 
2.21.0.392.gf8f6787159e-goog