Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp3662710img; Mon, 25 Mar 2019 15:12:00 -0700 (PDT) X-Google-Smtp-Source: APXvYqxZu1PRB0SN0uBZ3PQ1hw+In7gTWyu8OdBIQmaZ06PksdFQvnpC9CCASpBTMuajQM4d0nJa X-Received: by 2002:a62:2bc8:: with SMTP id r191mr26543541pfr.102.1553551920524; Mon, 25 Mar 2019 15:12:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553551920; cv=none; d=google.com; s=arc-20160816; b=wnTP54HQCv31mOhtd8YwvlFQIbbb7aUL1VjBx1CilNg6lhQQR0OY5r54w2IoWoMjiA pjZrAz68r+RdT+mlLqDo1eql7xLe2yuPCPDX/1TgFnOFkugcm7+c4By9BlBHzNMGb1TH 03W1R7XjYz7Zfu+4pM73ULRPOHmQylOvq7raI8uBCB/ywyaX9DLf4clz9XYnbZjXKHkl 2qyg38eKkmbKpfAP3ROp1d7sq+c0Gnvdyde0xiVasYPiLhQT3I+mEEM0m7vRzYTqZ3pW a08FryobC2dWOlFE0FWtSYIrfBS3LGDHXjHbAWGG5Je52F8wHY7wt74BUUWVdm1JO280 ymhw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=MX7HAsZv9v1mlAMwYMmTO69QilKEqMKiTqEWCeCZ+Co=; b=iYz0/t7U01M54NrXz0gNESXh2nBquZtY4CS34fM3OqsqnbfUMYrpIalp6lyR8qCrac bDoA2dF2WeqtCF/HpDbVnq9zTTptIlkbpQ/nz30ykJZy7lqqsKOLAJoAFsTvexeJucv4 yR31OSAlIk2Pc6XZZR99H8j7E6N8M6cLeMubjXrwEigscOj7PHgUJ4SZCoi0+mS29TQA /UPFMjInuiqXXjG3mUu4exBDegiamwdHv/DmgyBFMPBuPvup6kxrVee4pjZ/6De5a6pI FW7vmuKo3zdgNcUEsJcvanffOwRF1L94+Ub/hVqIHfR1fYo4CSu3oQtchXCknr0GiReF l0nA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Ue7pG1g3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id s79si14384693pgs.245.2019.03.25.15.11.46; Mon, 25 Mar 2019 15:12:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=Ue7pG1g3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731068AbfCYWKm (ORCPT + 99 others); Mon, 25 Mar 2019 18:10:42 -0400 Received: from mail-vk1-f201.google.com ([209.85.221.201]:56889 "EHLO mail-vk1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729106AbfCYWKl (ORCPT ); Mon, 25 Mar 2019 18:10:41 -0400 Received: by mail-vk1-f201.google.com with SMTP id r189so4703241vkr.23 for ; Mon, 25 Mar 2019 15:10:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=MX7HAsZv9v1mlAMwYMmTO69QilKEqMKiTqEWCeCZ+Co=; b=Ue7pG1g3SnEJ+37/Ryx2zTFU/Dp2cL3S75Vu4QwG5wOhef2kL5bd9FMy/sL+mwIDw0 1Ux0Ivh5ASpU828UAZXsmqgTym9C7SIFi2OYWSDvs+AcNTiL356uen+xZn4erhWd1jwi I340B5q0wq7+3jVgryCNL54Vz/zR+uUXVDNdl0AIYsYEdetZfkMgVr7uKxOJ/DQ3/XMG r6h/JJ9aF8A5uQm/HGiutfZbUH/OBKEGFXshyG+SZbo6rI23+mc7qlfyISvkmO8LXH0N tDA+gBMmuxDd98VTXSb6qicVFeFwlnBzVi0GAqYunCoRzdguUB2POrPEVDiN8TCRn1TS Da8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=MX7HAsZv9v1mlAMwYMmTO69QilKEqMKiTqEWCeCZ+Co=; b=nl/fqo5BWCdPECQ1f6cmzRI0Kg76wJTegnz5W6GkU80owd06vujeLrUyoVQO0ABi7e 6XNyCQeii1OfY07IFDDmjPHDHlbSM6s3andW3tVpq0TGXIBNzFBeSQ9Yi4IRKfZsKluq dqUlO4gfeJsiR1xRt3nUX9r+YWz3sHAmSeDVxBf1D3fD/aadBFircU/tZS4RXQsQj02k Kb9X49Pl/+l3Lelx+XSjyNqiIKuuK3oJkuzeMKsBi76qmkeBkrRTBMwsq0hRTg3RMBBk VJrkHPZGQAz8kLLdsYUv23566FodNJse1cDa0QNkoZy7TCNp5IHViN3S1VYuHqWpdSUn zWfw== X-Gm-Message-State: APjAAAVVdlBmQ4tmMJo/qup++4gtRq5y4SAbx2btOO+YYG0IGrlyAzRS dfHREK5gu9GLIBwRE8F2HFA9gGvL4zBteGLhpk9TvQ== X-Received: by 2002:a67:dd8d:: with SMTP id i13mr16469935vsk.64.1553551840407; Mon, 25 Mar 2019 15:10:40 -0700 (PDT) Date: Mon, 25 Mar 2019 15:09:43 -0700 In-Reply-To: <20190325220954.29054-1-matthewgarrett@google.com> Message-Id: <20190325220954.29054-17-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190325220954.29054-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog Subject: [PATCH 16/27] acpi: Disable APEI error injection if the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, Linn Crosetto , linux-acpi@vger.kernel.org, Matthew Garrett Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Linn Crosetto ACPI provides an error injection mechanism, EINJ, for debugging and testing the ACPI Platform Error Interface (APEI) and other RAS features. If supported by the firmware, ACPI specification 5.0 and later provide for a way to specify a physical memory address to which to inject the error. Injecting errors through EINJ can produce errors which to the platform are indistinguishable from real hardware errors. This can have undesirable side-effects, such as causing the platform to mark hardware as needing replacement. While it does not provide a method to load unauthenticated privileged code, the effect of these errors may persist across reboots and affect trust in the underlying hardware, so disable error injection through EINJ if the kernel is locked down. Signed-off-by: Linn Crosetto Signed-off-by: David Howells cc: linux-acpi@vger.kernel.org Signed-off-by: Matthew Garrett --- drivers/acpi/apei/einj.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/acpi/apei/einj.c b/drivers/acpi/apei/einj.c index fcccbfdbdd1a..9fe6bbab2e7d 100644 --- a/drivers/acpi/apei/einj.c +++ b/drivers/acpi/apei/einj.c @@ -518,6 +518,9 @@ static int einj_error_inject(u32 type, u32 flags, u64 param1, u64 param2, int rc; u64 base_addr, size; + if (kernel_is_locked_down("ACPI error injection")) + return -EPERM; + /* If user manually set "flags", make sure it is legal */ if (flags && (flags & ~(SETWA_FLAGS_APICID|SETWA_FLAGS_MEM|SETWA_FLAGS_PCIE_SBDF))) -- 2.21.0.392.gf8f6787159e-goog