From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Howells Subject: [PATCH 17/24] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down Date: Wed, 05 Apr 2017 21:16:57 +0100 Message-ID: <149142341772.5101.12366553346604485034.stgit@warthog.procyon.org.uk> References: <149142326734.5101.4596394505987813763.stgit@warthog.procyon.org.uk> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <149142326734.5101.4596394505987813763.stgit@warthog.procyon.org.uk> Sender: owner-linux-security-module@vger.kernel.org To: linux-kernel@vger.kernel.org Cc: gnomes@lxorguk.ukuu.org.uk, linux-efi@vger.kernel.org, Josh Boyer , gregkh@linuxfoundation.org, dhowells@redhat.com, linux-acpi@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, matthew.garrett@nebula.com List-Id: linux-acpi@vger.kernel.org From: Josh Boyer This option allows userspace to pass the RSDP address to the kernel, which makes it possible for a user to circumvent any restrictions imposed on loading modules. Ignore the option when the kernel is locked down. Signed-off-by: Josh Boyer Signed-off-by: David Howells cc: linux-acpi@vger.kernel.org --- drivers/acpi/osl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c index db78d353bab1..d4d4ba348451 100644 --- a/drivers/acpi/osl.c +++ b/drivers/acpi/osl.c @@ -192,7 +192,7 @@ acpi_physical_address __init acpi_os_get_root_pointer(void) acpi_physical_address pa = 0; #ifdef CONFIG_KEXEC - if (acpi_rsdp) + if (acpi_rsdp && !kernel_is_locked_down()) return acpi_rsdp; #endif From mboxrd@z Thu Jan 1 00:00:00 1970 From: dhowells@redhat.com (David Howells) Date: Wed, 05 Apr 2017 21:16:57 +0100 Subject: [PATCH 17/24] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down In-Reply-To: <149142326734.5101.4596394505987813763.stgit@warthog.procyon.org.uk> References: <149142326734.5101.4596394505987813763.stgit@warthog.procyon.org.uk> Message-ID: <149142341772.5101.12366553346604485034.stgit@warthog.procyon.org.uk> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org From: Josh Boyer This option allows userspace to pass the RSDP address to the kernel, which makes it possible for a user to circumvent any restrictions imposed on loading modules. Ignore the option when the kernel is locked down. Signed-off-by: Josh Boyer Signed-off-by: David Howells cc: linux-acpi at vger.kernel.org --- drivers/acpi/osl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c index db78d353bab1..d4d4ba348451 100644 --- a/drivers/acpi/osl.c +++ b/drivers/acpi/osl.c @@ -192,7 +192,7 @@ acpi_physical_address __init acpi_os_get_root_pointer(void) acpi_physical_address pa = 0; #ifdef CONFIG_KEXEC - if (acpi_rsdp) + if (acpi_rsdp && !kernel_is_locked_down()) return acpi_rsdp; #endif -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html