Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp84679ybi; Thu, 20 Jun 2019 18:22:41 -0700 (PDT) X-Google-Smtp-Source: APXvYqzR0xzmGUGjpu0mSNXeW+KJezt4TZU+b5oWNphto6/ISbdlEkyEBgsQj8wsdITDKifZdLDI X-Received: by 2002:a17:902:ba82:: with SMTP id k2mr122355449pls.323.1561080161499; Thu, 20 Jun 2019 18:22:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561080161; cv=none; d=google.com; s=arc-20160816; b=Qrq8VjxKbPUBDbNI1aju/XSVHYRejlYvlq9QdSOALTqABrfdK0+mdayQ8xPH5oPipH XokGN0AyafvTUX0psbBvM9m4pEHfbneBv31YElxK09H7Xfg+bGZ8DMHjvhoR7s31ILI5 NbKXdhNxggjL0AlG88lOYVBndXLmJp+ynSEfRMIzSlEFWstVLDOUHcbWsVh2JbAUfHDy CzjzeJsHa6K6OqYjaGwMrd8ZfKJP9QIfhDGZgyYVeVthYMMDb9igeg6e0Jyoc/hY44Is R9jdFHl1LMJJ+6BZHalRtiPQjn2eKJI3Mw/rdS6PFYoVjYlcy3gNYYb4hXcurU5HdNtt 6qLw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=iJrEpiYEEq/u9uVQ7rtK8OnmsmoBNHfJU3q0QdD2/5Y=; b=UmTJdJsbegTA8PfmJRTHU55AXWJpYziB1Q3U8KKUgiFDG+DeqwdeR9svz9X24oBdZ0 6sxb69O9zpDImc/2VeCipTaHTwLosByh4hTEeh/RGGlBsKt7t4EqZgyBowSFs+WjCi5+ UaWuGgexpwBqS9dR+S4y5Ch6fY0h5Ih7wqtUy5kaJW6Ngt4NkyYfG+JFI6O1R7CvvXe8 0mrhVo2syVnDgsuo/Ci1ka/F+5Ny1gwnIVQMxCBzVjLlM5/ERgk910nE8JnJKjUk3O+M UFixqwwd1Hux4Da3KfbyS3qH8WKcq9OeGNQj+eLYcVwYxz3zpt7/i/u6avCL4MlVvyxn wm1g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=F9ZPwUtU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 74si1004679pgc.595.2019.06.20.18.22.26; Thu, 20 Jun 2019 18:22:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=F9ZPwUtU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726747AbfFUBUh (ORCPT + 99 others); Thu, 20 Jun 2019 21:20:37 -0400 Received: from mail-pl1-f202.google.com ([209.85.214.202]:48803 "EHLO mail-pl1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726699AbfFUBU2 (ORCPT ); Thu, 20 Jun 2019 21:20:28 -0400 Received: by mail-pl1-f202.google.com with SMTP id i33so2654284pld.15 for ; Thu, 20 Jun 2019 18:20:28 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=iJrEpiYEEq/u9uVQ7rtK8OnmsmoBNHfJU3q0QdD2/5Y=; b=F9ZPwUtUQbrjYEXZQyys0W0e+13BLgRaMQSW6Q81kqXAQet8b/73xFPivmrD1M/C2I 9M1sv4e8uEkc/EvXNP5EiV4mjSNxEK0hC4EXMQ6YfQRkihmViiE508BR39E3lV8smyu8 AvFNJ/jgB3m0BM53WQxjvDN5I0mkE2Daka0tGee+3XchZBmYPEDZ7vTc8z7pvxFIAskv Pv6AehRkSqxKGjcOr5kPpDp635xUFWQOKqbJgtWNl2xALyeXTEgmtwewwTJJN5CttJ24 qmCHjQIU8yJjzuyjGRCzVL+wbvFIblHROGH9FBKyv4j09Gi9B+F7ZD4gqHXvm3zU68BL hkQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=iJrEpiYEEq/u9uVQ7rtK8OnmsmoBNHfJU3q0QdD2/5Y=; b=Y41Z+1z/iUNcmFDvglJfdan8eBc9q+nY0SJAGXtNqJgZF4WurjOyAiQMHQyt97krz/ vFp6hgnuU52CeBgOuS4DlZ5rEqzOzdxlNkPaaiOnMPTWxi+C+Yquj60uCaqzuNp2zh5e geRGJWOhePoZn5TXe1PUQAC1u16V67ZixZL0+vof4dHAvdG8IjXPIUyFx4ctvViW43Uy BW+vpgTWLqmo4wz3Fht3uR3XcyDZe0mppx9YrkmrFBsQ3uprCvjqXSKw/YZGdGR5yc5Z /AezHJrW+xzFMotCmWmltS6mICZd/q8Iq7ZY0IHxSNkWM6Gnd85Y5On+f5OBnEoyC/ZC F0nQ== X-Gm-Message-State: APjAAAU9syCH/R8rhI+/t2wjcmqCocmAzD8eUW+NPTsmjTSb2aDcCnaa 3+D3qPSIWKb+H8T50bB4LeqgqmF7KCjbuJWsSN+uVA== X-Received: by 2002:a63:5207:: with SMTP id g7mr10342146pgb.284.1561080027898; Thu, 20 Jun 2019 18:20:27 -0700 (PDT) Date: Thu, 20 Jun 2019 18:19:27 -0700 In-Reply-To: <20190621011941.186255-1-matthewgarrett@google.com> Message-Id: <20190621011941.186255-17-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190621011941.186255-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH V33 16/30] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, Josh Boyer , David Howells , Matthew Garrett , Dave Young , linux-acpi@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Josh Boyer This option allows userspace to pass the RSDP address to the kernel, which makes it possible for a user to modify the workings of hardware . Reject the option when the kernel is locked down. Signed-off-by: Josh Boyer Signed-off-by: David Howells Signed-off-by: Matthew Garrett cc: Dave Young cc: linux-acpi@vger.kernel.org --- drivers/acpi/osl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c index f29e427d0d1d..1f8f394fce34 100644 --- a/drivers/acpi/osl.c +++ b/drivers/acpi/osl.c @@ -40,6 +40,7 @@ #include #include #include +#include #include #include @@ -194,7 +195,7 @@ acpi_physical_address __init acpi_os_get_root_pointer(void) acpi_physical_address pa; #ifdef CONFIG_KEXEC - if (acpi_rsdp) + if (acpi_rsdp && !security_is_locked_down(LOCKDOWN_ACPI_TABLES)) return acpi_rsdp; #endif pa = acpi_arch_get_root_pointer(); -- 2.22.0.410.gd8fdbe21b5-goog