Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp4545573img;
        Tue, 26 Mar 2019 11:31:06 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyNY+e8e/Yxgu2yFa7MhPJdXpq1reGrdjPtfy1SiGMgUPUXUXQcujImWgTO16aGBlaaH7+m
X-Received: by 2002:a17:902:8c8b:: with SMTP id t11mr32086563plo.148.1553625066778;
        Tue, 26 Mar 2019 11:31:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1553625066; cv=none;
        d=google.com; s=arc-20160816;
        b=e7KQbljhfOTh9s1X7NVapBtZGM+zhGR8ZFfH6L6mGPityvhvXj1AZamBUseYUlPrEX
         KqrwHdQrtEmgp51ndFW+dIeSojaYGvoEARVULWTkdHwHw2dQ6FobfV2F1ULGXjYRyUD4
         sBcoi4SBW32DD7nonEXF4EsJ4ovKmEC+rRWJwz/qanpRw9ncHEEO+m1Yc/YeynBZj7j/
         +72CEmiNIkfcw/pM0kMUvopgl4ApRCi5me8f9Zcx95TxU7UzCWjaBOoZSPdI3LdGFQIC
         1TxV4o1Do9bg3UJQw3A/FS4QZ9aRDoBbkwR7Jd0ho3w4c7vFxJnaXpZkowsVWFW+ho/S
         tLOg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:from:subject:references
         :mime-version:message-id:in-reply-to:date:dkim-signature;
        bh=3FVj0Vux23rW7dwNJJDnKT59ZHynyqjKA3q4fn8QSso=;
        b=voZu+NWmTXT7TJVtWYHm/lEvxxvfN2NkWgBDXBYAt6xxVWBA27s7d0i5ezs0G/K2Cl
         nmht6XQ/nqwB8sqxp5YPe+Ii3/15YFvRXzr9PFXhRR1Nb/+FwXduGyq7hj6U5qsV/K3x
         uBh+qjNN5dolXJRQVzwOhRwSt3Uo6s2rsYOdhAkCDy8bkGLJAhbUkLGhSp8vSxFEqJpp
         8q/T2cna9RrCfh+LmVADOuDtypwxxoVoQMMOl6C53gFcZtkBokS+mCsdfmmub62NNpL3
         WaQk4HKqJIuN4ZWykcrjz/mKzXsjvzCtNqhNEOO7u0mQ3OY8CTVgnf/M21egRg3xoJ1D
         HnJg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=AxYQmILS;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 73si16459881pgb.250.2019.03.26.11.30.51;
        Tue, 26 Mar 2019 11:31:06 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=AxYQmILS;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1732807AbfCZS3k (ORCPT <rfc822;plaguedbypenguins@gmail.com>
        + 99 others); Tue, 26 Mar 2019 14:29:40 -0400
Received: from mail-pf1-f202.google.com ([209.85.210.202]:54871 "EHLO
        mail-pf1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1732762AbfCZS2d (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 26 Mar 2019 14:28:33 -0400
Received: by mail-pf1-f202.google.com with SMTP id h69so12440126pfd.21
        for <linux-kernel@vger.kernel.org>; Tue, 26 Mar 2019 11:28:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:in-reply-to:message-id:mime-version:references:subject:from:to
         :cc;
        bh=3FVj0Vux23rW7dwNJJDnKT59ZHynyqjKA3q4fn8QSso=;
        b=AxYQmILSdFg0+F/o39f/WfXSvOMkaN5wYJO4P7AP0HLuNoMiYIIvFwFvfk0hUBiR13
         4UAMjUq31t9bSPe0MnXikCSkC2eyMupf0ei8U0Ch/JsGWJCIxjQKrkYNixwHJNhsKf+8
         ewiscQ7iVR6PbhjFJ6irRmuxUVbZLX5V1eFKDgOc+diXskj2lcYCgwC0GRCcxdXfP6YA
         uW7rY+3bIfIzXqyMc9UiOcDQaANdLrPOlfGEVIiD5evpn8H4GKKNhOV6Dgx16grRJ0Oi
         rDHP+gZaykXlVyw38TJLvk19ALMIfOGPG8dCFPBpoaR2er4L7WOE5TXOO0+zJmre7Hh8
         8mgQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:in-reply-to:message-id:mime-version
         :references:subject:from:to:cc;
        bh=3FVj0Vux23rW7dwNJJDnKT59ZHynyqjKA3q4fn8QSso=;
        b=agUe5s3AKdizV0ALkeq41X8u0EyYBdxm9D9biQdwVJj1q6CGewhJ/feoJV7yc5uz2w
         HOqGW3N0tgy34BIAZxX8JpO26Gu9R1W1/p+nj10AMbKIXOp0zpWVDn0OqIUHiJY5zVnZ
         sTh9bATV4CG/V3tjl06k+HxVFeBCjmYi3kD61kNgBe/X2cbtLbVQh4rx67PnLYPDRX4Q
         F+9erTO6JVbGlL4PczHqeuOgGtYASotNJt7wcLPIos4DufggIaFFQJDVixRN7hRS+6O+
         OOFKIlu9I2+nGbDQLWfUIbbQkb0RH2zy8K/gskhhANyqH4bTkgT+OkCADjtPhSXmm0f7
         3oKA==
X-Gm-Message-State: APjAAAV2weh4/5H8Mrj+veR7ousA37mJRkrzzyV87BiB+x8Y7Nq8vXxq
        qjFCOpGXJF9Gbox47j1VbkT7xXuGuRHDWByfBAhPSg==
X-Received: by 2002:a65:5343:: with SMTP id w3mr13108859pgr.232.1553624912801;
 Tue, 26 Mar 2019 11:28:32 -0700 (PDT)
Date:   Tue, 26 Mar 2019 11:27:31 -0700
In-Reply-To: <20190326182742.16950-1-matthewgarrett@google.com>
Message-Id: <20190326182742.16950-16-matthewgarrett@google.com>
Mime-Version: 1.0
References: <20190326182742.16950-1-matthewgarrett@google.com>
X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog
Subject: [PATCH V31 15/25] acpi: Disable ACPI table override if the kernel is
 locked down
From:   Matthew Garrett <matthewgarrett@google.com>
To:     jmorris@namei.org
Cc:     linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, dhowells@redhat.com,
        linux-api@vger.kernel.org, luto@kernel.org,
        Linn Crosetto <linn@hpe.com>,
        Matthew Garrett <mjg59@google.com>, linux-acpi@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Linn Crosetto <linn@hpe.com>

From the kernel documentation (initrd_table_override.txt):

  If the ACPI_INITRD_TABLE_OVERRIDE compile option is true, it is possible
  to override nearly any ACPI table provided by the BIOS with an
  instrumented, modified one.

When lockdown is enabled, the kernel should disallow any unauthenticated
changes to kernel space.  ACPI tables contain code invoked by the kernel,
so do not allow ACPI tables to be overridden if the kernel is locked down.

Signed-off-by: Linn Crosetto <linn@hpe.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
cc: linux-acpi@vger.kernel.org
---
 drivers/acpi/tables.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/acpi/tables.c b/drivers/acpi/tables.c
index 48eabb6c2d4f..0dc561210c86 100644
--- a/drivers/acpi/tables.c
+++ b/drivers/acpi/tables.c
@@ -531,6 +531,11 @@ void __init acpi_table_upgrade(void)
 	if (table_nr == 0)
 		return;
 
+	if (kernel_is_locked_down("ACPI table override", LOCKDOWN_INTEGRITY)) {
+		pr_notice("kernel is locked down, ignoring table override\n");
+		return;
+	}
+
 	acpi_tables_addr =
 		memblock_find_in_range(0, ACPI_TABLE_UPGRADE_MAX_PHYS,
 				       all_tables_size, PAGE_SIZE);
-- 
2.21.0.392.gf8f6787159e-goog