From mboxrd@z Thu Jan 1 00:00:00 1970 From: dhowells@redhat.com (David Howells) Date: Thu, 9 Nov 2017 17:32:37 +0000 Subject: [PATCH 16/30] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down In-Reply-To: <151024863544.28329.2436580122759221600.stgit@warthog.procyon.org.uk> References: <151024863544.28329.2436580122759221600.stgit@warthog.procyon.org.uk> Message-ID: <151024875727.28329.10602033342875428842.stgit@warthog.procyon.org.uk> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org From: Josh Boyer This option allows userspace to pass the RSDP address to the kernel, which makes it possible for a user to modify the workings of hardware . Reject the option when the kernel is locked down. Signed-off-by: Josh Boyer Signed-off-by: David Howells Reviewed-by: "Lee, Chun-Yi" cc: Dave Young cc: linux-acpi at vger.kernel.org --- drivers/acpi/osl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c index db78d353bab1..36c6527c1b0a 100644 --- a/drivers/acpi/osl.c +++ b/drivers/acpi/osl.c @@ -192,7 +192,7 @@ acpi_physical_address __init acpi_os_get_root_pointer(void) acpi_physical_address pa = 0; #ifdef CONFIG_KEXEC - if (acpi_rsdp) + if (acpi_rsdp && !kernel_is_locked_down("ACPI RSDP specification")) return acpi_rsdp; #endif -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html