Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp684142yba;
        Wed, 3 Apr 2019 17:34:51 -0700 (PDT)
X-Google-Smtp-Source: APXvYqx02kBFj1XQM7XZmA4BMh5HgAKcBpAs2bJVWbF/hf3AaPfLWap/7ZAiw/EsOfA70PRzzxH3
X-Received: by 2002:a17:902:2a2a:: with SMTP id i39mr2998002plb.211.1554338091316;
        Wed, 03 Apr 2019 17:34:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1554338091; cv=none;
        d=google.com; s=arc-20160816;
        b=XC0PE4YP8MKKmHudMLxiSZC2wjl4oVbVxGHrtszG4z/3uGxHoNojDwZA6rLxcon19d
         4PWboR90xE8I9WolMZT0zbUKZKUqGZzTTQ2L/A4lq4Dh6upvnHVdsZALbLyYkt/EsW6W
         Wfy3g1aORBGNDQqp2dBfnskawa+6j8fo0s1OyExaCFfxqALJ+M58fFTix70VZMcx9pup
         RDWxws+mNXLn7czW4aRyGQfW6IqvTdOI8/6sH+meRWXM7E8NDsoFVGVrLyWnSoiRNbJf
         5fxJdMzEPbEaptvbs1XewdAiEFICGdOl+MtfxJ3CUpUSbRObOJNWfnMl0UeNTh3awRiH
         BAYg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:from:subject:references
         :mime-version:message-id:in-reply-to:date:dkim-signature;
        bh=3FVj0Vux23rW7dwNJJDnKT59ZHynyqjKA3q4fn8QSso=;
        b=GnkpoeiH09FQzLtIRW7bVGTYcmq1aLvbgpD+k1RIIpeAvTiVQMx+HU0MLXEjuyg0sw
         kA5Amzm0uPYBG+IhnRlHBH/e9u5tv/H8JXmd9RTqAvphvj1V6eWKsnvlYyBkLVLO+uKG
         3XzNDMv3e70pddNLogwUVWpYU9bgfJaz4EVc31XfRZ19otdWF7ZKn8cy4olc4mwAGCG5
         rWcV+X0beK4vm4Wfc65OENwVIT3iBYtbhMN1Ja9nUNJVWBL6u5tkLEZIr8eaGU96fGRR
         ozZloX+Rvq+kbMK7QqRdGt/FbSvcLLXmi8Licdx/2nrvqjpE9lb5XYBOFFtoyIfXk3Xt
         UozA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=kd5rMP1Q;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id g12si5303785plp.340.2019.04.03.17.34.36;
        Wed, 03 Apr 2019 17:34:51 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=kd5rMP1Q;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727190AbfDDAdf (ORCPT <rfc822;charleyewang@gmail.com>
        + 99 others); Wed, 3 Apr 2019 20:33:35 -0400
Received: from mail-yw1-f74.google.com ([209.85.161.74]:54149 "EHLO
        mail-yw1-f74.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727071AbfDDAdd (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 3 Apr 2019 20:33:33 -0400
Received: by mail-yw1-f74.google.com with SMTP id 68so723996ywb.20
        for <linux-kernel@vger.kernel.org>; Wed, 03 Apr 2019 17:33:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:in-reply-to:message-id:mime-version:references:subject:from:to
         :cc;
        bh=3FVj0Vux23rW7dwNJJDnKT59ZHynyqjKA3q4fn8QSso=;
        b=kd5rMP1Qtyn082YVhSc0Jd3M947vR51IQTEVj2AYZe7cP2NTWS4KxRVONQxH1eCAHY
         uvwAEXznChwulgOwt2Boe2ySEQwdCbPfh7kQoYHty5eAl3+zzx7niYRClw2AtT2KwaJb
         RuL2vZbSfNY58VDgVp1bDUeyn7GIHu0NUo/P4ytyqVubpRSETOMI0RRAe9HOmTbZmI5H
         7o5SSn0FVGFdJsLWtzQwd7sQ7dq5p2N0JmoExed3CG/CxjtgBgcvgRxnnhqCxmxa78X4
         G6ejZSklQZTk5KWaEsE7h/NVEBp/kgyj6aCo94XIBgZC03f4VTnaUttGivPPzWWz+eLm
         1I+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:in-reply-to:message-id:mime-version
         :references:subject:from:to:cc;
        bh=3FVj0Vux23rW7dwNJJDnKT59ZHynyqjKA3q4fn8QSso=;
        b=Er+fVQf71o/LDPjneiXEE5je5cVvESLlxeY0JFazJYYBYc6LUi0hi3Xpkr+ir7kwVF
         II1eZ5jN/1zoMpgiQSVEPtDYC11JQR19lDP5n1PTGuTf1JXfkXMS6xsTR7nfLZzcYkES
         oFyNL2ooO2R2jYM5tjKIo5MTEg2pxriI/CSchRVM6rOsneVcoa1dl3Tr6qBvmKdVsHmA
         UUDCjnCVN2Xm/0MA7jbwIRa1sGFBlIJ77Vy3kolKzEYxNCpQAGX141SDfwVQY0EJW2yu
         zNnaQAAnl1rH1SHezf6K1JdSf8V8YZ0C0B5lz8jYwBhSeRTnwd4FFB/NPyU9zWE/K3dB
         UJRw==
X-Gm-Message-State: APjAAAUKpkXdHBv15OD0SFzHGq+14/Gt+MJ0GTwPfwtC3pdA9mRaUrUZ
        2+OyTVm/DB05qO3tTyaES5PdUwQNAJh0h3kGBMdDtQ==
X-Received: by 2002:a25:3d85:: with SMTP id k127mr784700yba.101.1554338012791;
 Wed, 03 Apr 2019 17:33:32 -0700 (PDT)
Date:   Wed,  3 Apr 2019 17:32:37 -0700
In-Reply-To: <20190404003249.14356-1-matthewgarrett@google.com>
Message-Id: <20190404003249.14356-16-matthewgarrett@google.com>
Mime-Version: 1.0
References: <20190404003249.14356-1-matthewgarrett@google.com>
X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog
Subject: [PATCH V32 15/27] acpi: Disable ACPI table override if the kernel is
 locked down
From:   Matthew Garrett <matthewgarrett@google.com>
To:     jmorris@namei.org
Cc:     linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, dhowells@redhat.com,
        linux-api@vger.kernel.org, luto@kernel.org,
        Linn Crosetto <linn@hpe.com>,
        Matthew Garrett <mjg59@google.com>, linux-acpi@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Linn Crosetto <linn@hpe.com>

From the kernel documentation (initrd_table_override.txt):

  If the ACPI_INITRD_TABLE_OVERRIDE compile option is true, it is possible
  to override nearly any ACPI table provided by the BIOS with an
  instrumented, modified one.

When lockdown is enabled, the kernel should disallow any unauthenticated
changes to kernel space.  ACPI tables contain code invoked by the kernel,
so do not allow ACPI tables to be overridden if the kernel is locked down.

Signed-off-by: Linn Crosetto <linn@hpe.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
cc: linux-acpi@vger.kernel.org
---
 drivers/acpi/tables.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/acpi/tables.c b/drivers/acpi/tables.c
index 48eabb6c2d4f..0dc561210c86 100644
--- a/drivers/acpi/tables.c
+++ b/drivers/acpi/tables.c
@@ -531,6 +531,11 @@ void __init acpi_table_upgrade(void)
 	if (table_nr == 0)
 		return;
 
+	if (kernel_is_locked_down("ACPI table override", LOCKDOWN_INTEGRITY)) {
+		pr_notice("kernel is locked down, ignoring table override\n");
+		return;
+	}
+
 	acpi_tables_addr =
 		memblock_find_in_range(0, ACPI_TABLE_UPGRADE_MAX_PHYS,
 				       all_tables_size, PAGE_SIZE);
-- 
2.21.0.392.gf8f6787159e-goog