diff options
| author | Matthew Garrett <mjg59@srcf.ucam.org> | 2019-08-19 20:17:50 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2019-08-20 00:54:16 -0400 |
| commit | f474e1486b78ac15322f8a1cda48a32a1deff9d3 (patch) | |
| tree | fe775561f6ce6e2a47ec9b837d398e5ab987efdd | |
| parent | 95f5e95f41dff31b2a4566c5a8975c08a49ae4e3 (diff) | |
ACPI: Limit access to custom_method when the kernel is locked down
custom_method effectively allows arbitrary access to system memory, making
it possible for an attacker to circumvent restrictions on module loading.
Disable it if the kernel is locked down.
Signed-off-by: Matthew Garrett <mjg59@google.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
cc: linux-acpi@vger.kernel.org
Signed-off-by: James Morris <jmorris@namei.org>
| -rw-r--r-- | drivers/acpi/custom_method.c | 6 | ||||
| -rw-r--r-- | include/linux/security.h | 1 | ||||
| -rw-r--r-- | security/lockdown/lockdown.c | 1 |
3 files changed, 8 insertions, 0 deletions
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c index b2ef4c2ec955..7031307becd7 100644 --- a/drivers/acpi/custom_method.c +++ b/drivers/acpi/custom_method.c | |||
| @@ -9,6 +9,7 @@ | |||
| 9 | #include <linux/uaccess.h> | 9 | #include <linux/uaccess.h> |
| 10 | #include <linux/debugfs.h> | 10 | #include <linux/debugfs.h> |
| 11 | #include <linux/acpi.h> | 11 | #include <linux/acpi.h> |
| 12 | #include <linux/security.h> | ||
| 12 | 13 | ||
| 13 | #include "internal.h" | 14 | #include "internal.h" |
| 14 | 15 | ||
| @@ -29,6 +30,11 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf, | |||
| 29 | 30 | ||
| 30 | struct acpi_table_header table; | 31 | struct acpi_table_header table; |
| 31 | acpi_status status; | 32 | acpi_status status; |
| 33 | int ret; | ||
| 34 | |||
| 35 | ret = security_locked_down(LOCKDOWN_ACPI_TABLES); | ||
| 36 | if (ret) | ||
| 37 | return ret; | ||
| 32 | 38 | ||
| 33 | if (!(*ppos)) { | 39 | if (!(*ppos)) { |
| 34 | /* parse the table header to get the table length */ | 40 | /* parse the table header to get the table length */ |
diff --git a/include/linux/security.h b/include/linux/security.h index 010637a79eac..390e39395112 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -110,6 +110,7 @@ enum lockdown_reason { | |||
| 110 | LOCKDOWN_PCI_ACCESS, | 110 | LOCKDOWN_PCI_ACCESS, |
| 111 | LOCKDOWN_IOPORT, | 111 | LOCKDOWN_IOPORT, |
| 112 | LOCKDOWN_MSR, | 112 | LOCKDOWN_MSR, |
| 113 | LOCKDOWN_ACPI_TABLES, | ||
| 113 | LOCKDOWN_INTEGRITY_MAX, | 114 | LOCKDOWN_INTEGRITY_MAX, |
| 114 | LOCKDOWN_CONFIDENTIALITY_MAX, | 115 | LOCKDOWN_CONFIDENTIALITY_MAX, |
| 115 | }; | 116 | }; |
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index b1c1c72440d5..6d44db0ddffa 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c | |||
| @@ -25,6 +25,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = { | |||
| 25 | [LOCKDOWN_PCI_ACCESS] = "direct PCI access", | 25 | [LOCKDOWN_PCI_ACCESS] = "direct PCI access", |
| 26 | [LOCKDOWN_IOPORT] = "raw io port access", | 26 | [LOCKDOWN_IOPORT] = "raw io port access", |
| 27 | [LOCKDOWN_MSR] = "raw MSR access", | 27 | [LOCKDOWN_MSR] = "raw MSR access", |
| 28 | [LOCKDOWN_ACPI_TABLES] = "modifying ACPI tables", | ||
| 28 | [LOCKDOWN_INTEGRITY_MAX] = "integrity", | 29 | [LOCKDOWN_INTEGRITY_MAX] = "integrity", |
| 29 | [LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality", | 30 | [LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality", |
| 30 | }; | 31 | }; |