From patchwork Mon Mar 25 22:09:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Garrett X-Patchwork-Id: 10870213 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 1246A186D for ; Mon, 25 Mar 2019 22:12:00 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 02AFD28C1D for ; Mon, 25 Mar 2019 22:12:00 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id EB43029092; Mon, 25 Mar 2019 22:11:59 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-14.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RCVD_IN_DNSWL_HI,USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9248029053 for ; Mon, 25 Mar 2019 22:11:59 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731056AbfCYWKm (ORCPT ); Mon, 25 Mar 2019 18:10:42 -0400 Received: from mail-ua1-f74.google.com ([209.85.222.74]:39391 "EHLO mail-ua1-f74.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731055AbfCYWKl (ORCPT ); Mon, 25 Mar 2019 18:10:41 -0400 Received: by mail-ua1-f74.google.com with SMTP id l26so1335395uar.6 for ; Mon, 25 Mar 2019 15:10:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=MX7HAsZv9v1mlAMwYMmTO69QilKEqMKiTqEWCeCZ+Co=; b=Ue7pG1g3SnEJ+37/Ryx2zTFU/Dp2cL3S75Vu4QwG5wOhef2kL5bd9FMy/sL+mwIDw0 1Ux0Ivh5ASpU828UAZXsmqgTym9C7SIFi2OYWSDvs+AcNTiL356uen+xZn4erhWd1jwi I340B5q0wq7+3jVgryCNL54Vz/zR+uUXVDNdl0AIYsYEdetZfkMgVr7uKxOJ/DQ3/XMG r6h/JJ9aF8A5uQm/HGiutfZbUH/OBKEGFXshyG+SZbo6rI23+mc7qlfyISvkmO8LXH0N tDA+gBMmuxDd98VTXSb6qicVFeFwlnBzVi0GAqYunCoRzdguUB2POrPEVDiN8TCRn1TS Da8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=MX7HAsZv9v1mlAMwYMmTO69QilKEqMKiTqEWCeCZ+Co=; b=dvrKe8LPywAGK/yvSJyn1wGmn1su1mis6tA23Nri74DuAyWYUC5M8dkXNO3f0fghg7 y6M+dlWZ5l7uAbOGEEt/GEU0cUfPfkqC5owh8yLGk/Jo6B27PVURvQKllf5TAZkGzZQi 6GVcIxXFeYIC2ajUjKGSIxXgcJqvH4gimHkBLPDFGuZgEEIeWzSDlm5xdDHdrH1es7mD 5gRhaA1K3vRD3CBmne2//mgqjMcK9e3Wy5DIlYtuayP+QogDQV+SuG/tWZCPMYTPfQuj 7mrLPngziwPsPQLmi2R6NtLCvzzovYNUyMy/TQ2LMTByvhhhIYcCyf4YjkQ5IB/poWd2 2Daw== X-Gm-Message-State: APjAAAWjxeKPro9O1/zSoAsK8gx+Nw6lwMhxUWD/0FbeWkntmnX9dBWW hJLGBKi+gTNNEKyaksEsbEnG+8+NPrRIbDPw+cFXWA== X-Google-Smtp-Source: APXvYqwIoZTGgFdO8Jf8mlA2MQNxtulFbG3DvCIo9GIeTiFXPfVK2S45XvPskEPu/e//UIjkQTwof+/+BZH2UOUJlvr0sQ== X-Received: by 2002:a67:dd8d:: with SMTP id i13mr16469935vsk.64.1553551840407; Mon, 25 Mar 2019 15:10:40 -0700 (PDT) Date: Mon, 25 Mar 2019 15:09:43 -0700 In-Reply-To: <20190325220954.29054-1-matthewgarrett@google.com> Message-Id: <20190325220954.29054-17-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190325220954.29054-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog Subject: [PATCH 16/27] acpi: Disable APEI error injection if the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, Linn Crosetto , linux-acpi@vger.kernel.org, Matthew Garrett Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP From: Linn Crosetto ACPI provides an error injection mechanism, EINJ, for debugging and testing the ACPI Platform Error Interface (APEI) and other RAS features. If supported by the firmware, ACPI specification 5.0 and later provide for a way to specify a physical memory address to which to inject the error. Injecting errors through EINJ can produce errors which to the platform are indistinguishable from real hardware errors. This can have undesirable side-effects, such as causing the platform to mark hardware as needing replacement. While it does not provide a method to load unauthenticated privileged code, the effect of these errors may persist across reboots and affect trust in the underlying hardware, so disable error injection through EINJ if the kernel is locked down. Signed-off-by: Linn Crosetto Signed-off-by: David Howells cc: linux-acpi@vger.kernel.org Signed-off-by: Matthew Garrett --- drivers/acpi/apei/einj.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/acpi/apei/einj.c b/drivers/acpi/apei/einj.c index fcccbfdbdd1a..9fe6bbab2e7d 100644 --- a/drivers/acpi/apei/einj.c +++ b/drivers/acpi/apei/einj.c @@ -518,6 +518,9 @@ static int einj_error_inject(u32 type, u32 flags, u64 param1, u64 param2, int rc; u64 base_addr, size; + if (kernel_is_locked_down("ACPI error injection")) + return -EPERM; + /* If user manually set "flags", make sure it is legal */ if (flags && (flags & ~(SETWA_FLAGS_APICID|SETWA_FLAGS_MEM|SETWA_FLAGS_PCIE_SBDF)))