41 lines
1.4 KiB
Diff
41 lines
1.4 KiB
Diff
From: Linn Crosetto <linn@hpe.com>
|
|
Date: Wed, 8 Nov 2017 15:11:34 +0000
|
|
Subject: [17/29] acpi: Disable ACPI table override if the kernel is locked
|
|
down
|
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=5976d26de05569951641ebeb95f7240993b66063
|
|
|
|
From the kernel documentation (initrd_table_override.txt):
|
|
|
|
If the ACPI_INITRD_TABLE_OVERRIDE compile option is true, it is possible
|
|
to override nearly any ACPI table provided by the BIOS with an
|
|
instrumented, modified one.
|
|
|
|
When securelevel is set, the kernel should disallow any unauthenticated
|
|
changes to kernel space. ACPI tables contain code invoked by the kernel,
|
|
so do not allow ACPI tables to be overridden if the kernel is locked down.
|
|
|
|
Signed-off-by: Linn Crosetto <linn@hpe.com>
|
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
Reviewed-by: "Lee, Chun-Yi" <jlee@suse.com>
|
|
cc: linux-acpi@vger.kernel.org
|
|
---
|
|
drivers/acpi/tables.c | 5 +++++
|
|
1 file changed, 5 insertions(+)
|
|
|
|
diff --git a/drivers/acpi/tables.c b/drivers/acpi/tables.c
|
|
index 80ce2a7d224b..5cc13c42daf9 100644
|
|
--- a/drivers/acpi/tables.c
|
|
+++ b/drivers/acpi/tables.c
|
|
@@ -526,6 +526,11 @@ void __init acpi_table_upgrade(void)
|
|
if (table_nr == 0)
|
|
return;
|
|
|
|
+ if (kernel_is_locked_down("ACPI table override")) {
|
|
+ pr_notice("kernel is locked down, ignoring table override\n");
|
|
+ return;
|
|
+ }
|
|
+
|
|
acpi_tables_addr =
|
|
memblock_find_in_range(0, ACPI_TABLE_UPGRADE_MAX_PHYS,
|
|
all_tables_size, PAGE_SIZE);
|