ACPI: Split out custom_method functionality into an own driver

With /sys/kernel/debug/acpi/custom_method root can write
to arbitrary memory and increase his priveleges, even if
these are restricted.

-> Make this an own debug .config option and warn about the
security issue in the config description.

-> Still keep acpi/debugfs.c which now only creates an empty
   /sys/kernel/debug/acpi directory. There might be other
   users of it later.

Signed-off-by: Thomas Renninger <trenn@suse.de>
Acked-by: Rafael J. Wysocki <rjw@sisk.pl>
Acked-by: rui.zhang@intel.com
Signed-off-by: Len Brown <len.brown@intel.com>

1 files changed, 1 insertions, 79 deletions

diff --git a/drivers/acpi/debugfs.c b/drivers/acpi/debugfs.c
index e7abc6e3bba0..182a9fc36355 100644
--- a/drivers/acpi/debugfs.c
+++ b/drivers/acpi/debugfs.c
@@ -3,9 +3,6 @@
  */
 
 #include <linux/init.h>
-#include <linux/module.h>
-#include <linux/kernel.h>
-#include <linux/uaccess.h>
 #include <linux/debugfs.h>
 #include <acpi/acpi_drivers.h>
 
@@ -13,84 +10,9 @@
 ACPI_MODULE_NAME("debugfs");
 
 struct dentry *acpi_debugfs_dir;
-static struct dentry *cm_dentry;
-
-/* /sys/kernel/debug/acpi/custom_method */
-
-static ssize_t cm_write(struct file *file, const char __user * user_buf,
-                        size_t count, loff_t *ppos)
-{
-        static char *buf;
-        static u32 max_size;
-        static u32 uncopied_bytes;
-
-        struct acpi_table_header table;
-        acpi_status status;
-
-        if (!(*ppos)) {
-                /* parse the table header to get the table length */
-                if (count <= sizeof(struct acpi_table_header))
-                        return -EINVAL;
-                if (copy_from_user(&table, user_buf,
-                                   sizeof(struct acpi_table_header)))
-                        return -EFAULT;
-                uncopied_bytes = max_size = table.length;
-                buf = kzalloc(max_size, GFP_KERNEL);
-                if (!buf)
-                        return -ENOMEM;
-        }
-
-        if (buf == NULL)
-                return -EINVAL;
-
-        if ((*ppos > max_size) ||
-            (*ppos + count > max_size) ||
-            (*ppos + count < count) ||
-            (count > uncopied_bytes))
-                return -EINVAL;
-
-        if (copy_from_user(buf + (*ppos), user_buf, count)) {
-                kfree(buf);
-                buf = NULL;
-                return -EFAULT;
-        }
-
-        uncopied_bytes -= count;
-        *ppos += count;
-
-        if (!uncopied_bytes) {
-                status = acpi_install_method(buf);
-                kfree(buf);
-                buf = NULL;
-                if (ACPI_FAILURE(status))
-                        return -EINVAL;
-                add_taint(TAINT_OVERRIDDEN_ACPI_TABLE);
-        }
-
-        return count;
-}
-
-static const struct file_operations cm_fops = {
-        .write = cm_write,
-        .llseek = default_llseek,
-};
-
-static int __init acpi_custom_method_init(void)
-{
-        if (!acpi_debugfs_dir)
-                return -ENOENT;
-
-        cm_dentry = debugfs_create_file("custom_method", S_IWUSR,
-                                        acpi_debugfs_dir, NULL, &cm_fops);
-        if (!cm_dentry)
-                return -ENODEV;
-
-        return 0;
-}
+EXPORT_SYMBOL_GPL(acpi_debugfs_dir);
 
 void __init acpi_debugfs_init(void)
 {
         acpi_debugfs_dir = debugfs_create_dir("acpi", NULL);
-
-        acpi_custom_method_init();
 }