From: Josh Boyer <jwboyer@redhat.com>
Date: Mon, 25 Jun 2012 23:57:30 +0000 (-0400)
Subject: acpi: Ignore acpi_rsdp kernel parameter when securelevel is set
X-Git-Tag: archive/raspbian/4.9.82-1+deb9u3+rpi1_jessie~8^2~44
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=e1d4e673e64afe39bf93b29b8dad9043a6e43b67;p=linux-4.9.git

acpi: Ignore acpi_rsdp kernel parameter when securelevel is set

This option allows userspace to pass the RSDP address to the kernel, which
makes it possible for a user to execute arbitrary code in the kernel.
Disable this when securelevel is set.

Signed-off-by: Josh Boyer <jwboyer@redhat.com>

Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name acpi-ignore-acpi_rsdp-kernel-parameter-when-securele.patch
---

diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
index 416953a42510..f94d372c67ce 100644
--- a/drivers/acpi/osl.c
+++ b/drivers/acpi/osl.c
@@ -40,6 +40,7 @@
 #include <linux/list.h>
 #include <linux/jiffies.h>
 #include <linux/semaphore.h>
+#include <linux/security.h>
 
 #include <asm/io.h>
 #include <asm/uaccess.h>
@@ -191,7 +192,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
 acpi_physical_address __init acpi_os_get_root_pointer(void)
 {
 #ifdef CONFIG_KEXEC
-	if (acpi_rsdp)
+	if (acpi_rsdp && (get_securelevel() <= 0))
 		return acpi_rsdp;
 #endif