Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp84790ybi;
        Thu, 20 Jun 2019 18:22:49 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyINZseKP9J+6PwQuG0HzA0l8biea5h8Q7h30SoNTPSRK2WlKmklSCMCzuNqkW5nR7ZU/a4
X-Received: by 2002:a63:a61:: with SMTP id z33mr15568957pgk.154.1561080169748;
        Thu, 20 Jun 2019 18:22:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1561080169; cv=none;
        d=google.com; s=arc-20160816;
        b=GomGgalB+78CbjesRI2oQv0+YjscpJtZ09dnUp6GeMLB2r5LCp3nhV64fJDFsXEgk+
         UfshF/Sk1QL0Jh8HDMd7LmhuY4/Cjj06zKSb8AFH74j3BNY2BGfd9W+2UefkgU+T2AVI
         4vKEnzewa04rDth4R4Vmq9m8yRa10MLF3xK3tmv2HKB+6eVFt7RZ3HSsq+6rSZTvvRR9
         tBx5LQ9P/uGia/Vx83mUO8zxGyMo+d8DLZulPltP0IDHiHuudxwmWb9h26+nQjX/ynnS
         efL0hezgB3aYwnLJ9V75FttFvhGnwGe9vjPwA1ieSMkkmVwbG6K4zFpdruGLEQ+1crjR
         3vgw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:from:subject:references
         :mime-version:message-id:in-reply-to:date:dkim-signature;
        bh=MFrhOOVeW4IxvuHo8Dzy6dq7eeQGF3tpEcYBlR0WBso=;
        b=ZjsYif9mp5y5hYdhIUwHsQV3GxFhilikYlDh8BP9EBoJsaWpvEsx3sOjLJhDV6IxaZ
         KpCnotmSILhTEmwD5oiqhSvRQfp8sg2uxcUYl6lE083iqUgWIESvneBXQmEhfOb9uRC7
         DtrECmLYw00N5UiA/KYOF3BGuh/1JzCkeNFZtzIXMyZOKtCHTm3QW9T5e/UW/sS/B/oi
         MzHKGXdYA3EpFiXaSjR+pHdVUozd7D4nbqG0pd53tKZxb0PlLt0FCKJtnlb3iCAMbg4s
         ieeDivWXmbmG1LL12vvMa5T4roO1zP7UAXiAu+q9sQBLUE4lQ+eTDB5OZ1Vpx2Tg9PQ7
         r2sA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=TcZabgis;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a17si1091539pfa.108.2019.06.20.18.22.34;
        Thu, 20 Jun 2019 18:22:49 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=TcZabgis;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726738AbfFUBVx (ORCPT <rfc822;mohamedabbas.us@gmail.com>
        + 99 others); Thu, 20 Jun 2019 21:21:53 -0400
Received: from mail-pg1-f202.google.com ([209.85.215.202]:36183 "EHLO
        mail-pg1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726715AbfFUBUb (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 20 Jun 2019 21:20:31 -0400
Received: by mail-pg1-f202.google.com with SMTP id s4so2992656pgr.3
        for <linux-kernel@vger.kernel.org>; Thu, 20 Jun 2019 18:20:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:in-reply-to:message-id:mime-version:references:subject:from:to
         :cc;
        bh=MFrhOOVeW4IxvuHo8Dzy6dq7eeQGF3tpEcYBlR0WBso=;
        b=TcZabgisBkyxXJLrHlJokm7pF3TBlp704rcyxWqQr7UBjl5F7Ssjc96k7OlHa57HX4
         3xR1+ubHcpOaZiH1aTCE78J/YCxbY6z4BwqD44zr9aEv32L/y7usgub1W7sKV2xDI3ui
         tF6cAzVnYWH7eBYL/UDuUTdSJHS9OCxCP6uQ+DH/jPiEGGXMqGomAGLzMHwBmJGKO/Xi
         AZybp8B/Ge2tdSkOVjvjBa4Zoteog0hysbk6bv3DsMj+DyQe2nRuLsoe34IQ3l3jBxvY
         vTJuWKTdI92NMOeDD33HDAxRxSAyxBwigO9hlP8a6pjmvcu3N8UTxybhZunMy4TXM8Pb
         mrFQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:in-reply-to:message-id:mime-version
         :references:subject:from:to:cc;
        bh=MFrhOOVeW4IxvuHo8Dzy6dq7eeQGF3tpEcYBlR0WBso=;
        b=CVlya+0jFpRPWBewUObciisEB1ModJeQxu5MtVycESgKcSj0hFZxLcEyo8Cvfq6G+w
         wDTIQ9D+6rDImDJ4CFOaI8JREyZoPmrg9CM3kzQA8INVi359gYJ27BdGlckqrPK4r7vS
         22D7eqYU2yVfbS1qjU2tqHwGvLiShBNMIQt55zX/uAo2HRtIuuXRDETRhG0tmjOZ7Bqm
         PYnOL4DgX5vMH6HP791HdL7hz85TTENfruIVdx2h9G/O9cj7uEjEvFoMVOTW5zcDrX37
         N+3Q3DvvCN37AVLyLR9pOQEJwEvi8y9ulWxyFFkWDpwmP0b5V6YQgBhg26M5SVtfLjXw
         N9qg==
X-Gm-Message-State: APjAAAWjkdHbYllTKsnKbXye3ugoUxu22+/8eNjeF/xj7kcuqJke3YVt
        NuD6JIT4p3wCF/XBbQ/JP4oZ4D6Veu7256ZLZykILQ==
X-Received: by 2002:a65:448b:: with SMTP id l11mr15174758pgq.74.1561080030187;
 Thu, 20 Jun 2019 18:20:30 -0700 (PDT)
Date:   Thu, 20 Jun 2019 18:19:28 -0700
In-Reply-To: <20190621011941.186255-1-matthewgarrett@google.com>
Message-Id: <20190621011941.186255-18-matthewgarrett@google.com>
Mime-Version: 1.0
References: <20190621011941.186255-1-matthewgarrett@google.com>
X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog
Subject: [PATCH V33 17/30] acpi: Disable ACPI table override if the kernel is
 locked down
From:   Matthew Garrett <matthewgarrett@google.com>
To:     jmorris@namei.org
Cc:     linux-security@vger.kernel.org, linux-kernel@vger.kernel.org,
        linux-api@vger.kernel.org, Linn Crosetto <linn@hpe.com>,
        David Howells <dhowells@redhat.com>,
        Matthew Garrett <mjg59@google.com>, linux-acpi@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Linn Crosetto <linn@hpe.com>

From the kernel documentation (initrd_table_override.txt):

  If the ACPI_INITRD_TABLE_OVERRIDE compile option is true, it is possible
  to override nearly any ACPI table provided by the BIOS with an
  instrumented, modified one.

When lockdown is enabled, the kernel should disallow any unauthenticated
changes to kernel space.  ACPI tables contain code invoked by the kernel,
so do not allow ACPI tables to be overridden if the kernel is locked down.

Signed-off-by: Linn Crosetto <linn@hpe.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
cc: linux-acpi@vger.kernel.org
---
 drivers/acpi/tables.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/acpi/tables.c b/drivers/acpi/tables.c
index 8fccbe49612a..f8e7d70f07ee 100644
--- a/drivers/acpi/tables.c
+++ b/drivers/acpi/tables.c
@@ -34,6 +34,7 @@
 #include <linux/memblock.h>
 #include <linux/earlycpio.h>
 #include <linux/initrd.h>
+#include <linux/security.h>
 #include "internal.h"
 
 #ifdef CONFIG_ACPI_CUSTOM_DSDT
@@ -539,6 +540,11 @@ void __init acpi_table_upgrade(void)
 	if (table_nr == 0)
 		return;
 
+	if (security_is_locked_down(LOCKDOWN_ACPI_TABLES)) {
+		pr_notice("kernel is locked down, ignoring table override\n");
+		return;
+	}
+
 	acpi_tables_addr =
 		memblock_find_in_range(0, ACPI_TABLE_UPGRADE_MAX_PHYS,
 				       all_tables_size, PAGE_SIZE);
-- 
2.22.0.410.gd8fdbe21b5-goog