summaryrefslogtreecommitdiff
path: root/drivers/acpi
diff options
context:
space:
mode:
authorMatthew Garrett <mjg59@srcf.ucam.org>2019-08-19 17:17:50 -0700
committerJames Morris <jmorris@namei.org>2019-08-19 21:54:16 -0700
commitf474e1486b78ac15322f8a1cda48a32a1deff9d3 (patch)
treefe775561f6ce6e2a47ec9b837d398e5ab987efdd /drivers/acpi
parent95f5e95f41dff31b2a4566c5a8975c08a49ae4e3 (diff)
ACPI: Limit access to custom_method when the kernel is locked down
custom_method effectively allows arbitrary access to system memory, making it possible for an attacker to circumvent restrictions on module loading. Disable it if the kernel is locked down. Signed-off-by: Matthew Garrett <mjg59@google.com> Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Kees Cook <keescook@chromium.org> cc: linux-acpi@vger.kernel.org Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'drivers/acpi')
-rw-r--r--drivers/acpi/custom_method.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
index b2ef4c2ec955..7031307becd7 100644
--- a/drivers/acpi/custom_method.c
+++ b/drivers/acpi/custom_method.c
@@ -9,6 +9,7 @@
#include <linux/uaccess.h>
#include <linux/debugfs.h>
#include <linux/acpi.h>
+#include <linux/security.h>
#include "internal.h"
@@ -29,6 +30,11 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
struct acpi_table_header table;
acpi_status status;
+ int ret;
+
+ ret = security_locked_down(LOCKDOWN_ACPI_TABLES);
+ if (ret)
+ return ret;
if (!(*ppos)) {
/* parse the table header to get the table length */