Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp1074337ybl; Wed, 14 Aug 2019 10:16:42 -0700 (PDT) X-Google-Smtp-Source: APXvYqzPf+MaBxDknrWSAfzEia6qZztd85J4bYghyew7/oomEGV95hBbhnd0SjUvtNFC9NLBP8g9 X-Received: by 2002:a63:1908:: with SMTP id z8mr174254pgl.433.1565803002596; Wed, 14 Aug 2019 10:16:42 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565803002; cv=none; d=google.com; s=arc-20160816; b=cOo+eeyR8VqWpEiMalJAsBSrSslu4oQ+ubTJHkoMyPoXFzOLSx5ieA/ofSDPOqXL7Q EmwrgIKTtvRDIXVhEEBFsW3IJLCSj9smFbRz8MdBiesDZ+6NmJOgNE1w47wpm5zDFVLj ByV3YKTcEbaNyMJqQPV7k6tlJcxgRFEXELm2J8wON42oBZmLqDz0p8strMIOLQV9vaQS T06d/dXz45fT7x/Zyr6VUUTAv53442xgMsCDM8Tzw6RYZmQGDD/Z7eQvVcA1CKq33eaB B0594bwXcpScwOf9G7pa3RAsNkHepEL7Tpmu647XUk3mGuzts0cTlvxiqaAS1wrkujps I+Vw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=01Ayf9LgEcMv7V+WI2AsTnek5WUaEhOAgw1TLPT5Lg8=; b=KmNHOPXoqemhBhu6EEbUpPaQnlthv1KWIl30VfT5XUzKszW6SEUheAkC2SWrzPS572 O44l2vtHLy1Ka45yWA/gZzh8kWTmFIju4lqKy6V8Kl1LUXf2EBAIAZwCnS5ygJ2oacSD MlShxRAjBBTGm5LA+tt+e+tvMN2v+DCTmtrnyxIZjQz5dJ4/4IKKiTiewwy00Yb0kprJ ICXYMVYyZbbCXzJBpZUooyP7X6hBEWj4gV9F+UbiPs3HcpnyZVa00Z9EfQtqPrJPtIBF qCntG+gQGeo8mRWEcG79glXcSlds5PTCrHnUgpgTj+gOjQFzMaYxY6rTYvwc/djVf4AT NiXw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=cUY4bV8z; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 1si253693ply.122.2019.08.14.10.16.26; Wed, 14 Aug 2019 10:16:42 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=cUY4bV8z; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730641AbfHNRPt (ORCPT + 99 others); Wed, 14 Aug 2019 13:15:49 -0400 Received: from mail-ot1-f68.google.com ([209.85.210.68]:41223 "EHLO mail-ot1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730952AbfHNRPH (ORCPT ); Wed, 14 Aug 2019 13:15:07 -0400 Received: by mail-ot1-f68.google.com with SMTP id o101so31215705ota.8 for ; Wed, 14 Aug 2019 10:15:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=01Ayf9LgEcMv7V+WI2AsTnek5WUaEhOAgw1TLPT5Lg8=; b=cUY4bV8z98fFrOSFWWEdErQVDghtf844gc08EquK79TWPwgrs8cts9QORhUbmj84w6 f6m4/lvh33jikA+ZGM+tRxQ7toWhgXNf/hwvBLPgnKwiBbxG/hNFcYj9+6y8trNIYobL ilhTnpmaW/fEejmEK013Y8FFlYqMK/zF/v1CwFP79IdFl+ufYbogIYsXzDf8W3I4UxKF r8v0YXlyRRhd1ggXnCn4S6QZLyTNrwzaOdCaJg1+ES5vnUy0kZjxLEi49f9BB2aexwxP eHVzRfwa+CreiMnCsgeyIj4Uq36gE0EIt5XlCqU8y22UxzWojnwOuHQRKsdXe9SxFPNa DIWw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=01Ayf9LgEcMv7V+WI2AsTnek5WUaEhOAgw1TLPT5Lg8=; b=r1OkDezx5Mlmz/w03JhAFnv0bS1bEaaP4p25aEDtb52uEAdsK6OVLHTDvVzoO6iM+J u6946ByeKLe5Si4YTuNrstKqmnGhSeCnhyaScDUP540ZlJNDJRJLU7QfyR4XuzGsQe5U imlOR4aFo+lCgFhj+tChjm7tpbWPOyZJv/6yppk+Dr/UoDVH4AlM/HuK+hH33W0dY5qa 3E4gmWRX1Xp+DXV4vlmrYnfLAmDjqqwjEV42S8yzzlQvzvu9l3Mw3RG0rkp9MyCpbxgX I7d2CiCIGAQUoE/RaqAuDWQ1rBrxeJOR/4C4EvBgtcHUwj6IVXLHEdupYjwfRZ4okDzc G0Rw== X-Gm-Message-State: APjAAAWSRHR5hOyo5VgaSruUnA9w4qSp5ZoxlAPKO74+nBABomN99yGS VYv6Fg8bMfjTNi9h14MN6rvZjNbbkDlyKgeVdP1IFA== X-Received: by 2002:a6b:8f47:: with SMTP id r68mr1046835iod.204.1565802905873; Wed, 14 Aug 2019 10:15:05 -0700 (PDT) MIME-Version: 1.0 References: <20190808000721.124691-1-matthewgarrett@google.com> <20190808000721.124691-16-matthewgarrett@google.com> <20190814072602.GA27836@zn.tnic> In-Reply-To: <20190814072602.GA27836@zn.tnic> From: Matthew Garrett Date: Wed, 14 Aug 2019 10:14:54 -0700 Message-ID: Subject: Re: [PATCH V38 15/29] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down To: Borislav Petkov Cc: James Morris , LSM List , Linux Kernel Mailing List , Linux API , Josh Boyer , David Howells , Kees Cook , Dave Young , linux-acpi@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Aug 14, 2019 at 12:25 AM Borislav Petkov wrote: > #if defined(CONFIG_RANDOMIZE_BASE) && defined(CONFIG_MEMORY_HOTREMOVE) > > false and thus not available to early code anymore. We explicitly don't want to pay attention to the acpi_rsdp kernel parameter in early boot except for the case of finding the SRAT table, and we only need that if CONFIG_RANDOMIZE_BASE and CONFIG_MEMORY_HOTREMOVE are set. However, we *do* want to tell the actual kernel where the RSDP is if we found it via some other means, so we can't just clear the boot parameters value. The kernel proper will parse the command line again and will then (if lockdown isn't enabled) override the actual value we passed up in boot params. So I think this is ok? (Sorry for not Cc:ing x86, clear oversight on my part)