ACPI: Split out custom_method functionality into an own driver

With /sys/kernel/debug/acpi/custom_method root can write
to arbitrary memory and increase his priveleges, even if
these are restricted.

-> Make this an own debug .config option and warn about the
security issue in the config description.

-> Still keep acpi/debugfs.c which now only creates an empty
   /sys/kernel/debug/acpi directory. There might be other
   users of it later.

Signed-off-by: Thomas Renninger <trenn@suse.de>
Acked-by: Rafael J. Wysocki <rjw@sisk.pl>
Acked-by: rui.zhang@intel.com
Signed-off-by: Len Brown <len.brown@intel.com>

1 files changed, 15 insertions, 0 deletions

diff --git a/drivers/acpi/Kconfig b/drivers/acpi/Kconfig
index 3a17ca5fff6f..d918e130bef3 100644
--- a/drivers/acpi/Kconfig
+++ b/drivers/acpi/Kconfig
@@ -380,6 +380,21 @@ config ACPI_HED
           which is used to report some hardware errors notified via
           SCI, mainly the corrected errors.
 
+config ACPI_CUSTOM_METHOD
+        tristate "Allow ACPI methods to be inserted/replaced at run time"
+        depends on DEBUG_FS
+        default n
+        help
+          This debug facility allows ACPI AML methods to me inserted and/or
+          replaced without rebooting the system. For details refer to:
+          Documentation/acpi/method-customizing.txt.
+
+          NOTE: This option is security sensitive, because it allows arbitrary
+          kernel memory to be written to by root (uid=0) users, allowing them
+          to bypass certain security measures (e.g. if root is not allowed to
+          load additional kernel modules after boot, this feature may be used
+          to override that restriction).
+
 source "drivers/acpi/apei/Kconfig"
 
 endif   # ACPI