On Mon, Sep 9, 2013 at 11:49 AM, Matthew Garrett
<matthew.garrett@xxxxxxxxxx> wrote:
> From: Josh Boyer <jwboyer@xxxxxxxxxx>
>
> This option allows userspace to pass the RSDP address to the kernel, which
> makes it possible for a user to execute arbitrary code in the kernel.
> Disable this when securelevel is set.
>
> Signed-off-by: Josh Boyer <jwboyer@xxxxxxxxxx>
Dredging up an old thread in the hopes that Matthew runs sed and resubmits...
Also, FWIW, I didn't write this. It was derived from previous
versions of something I did write, but there's really no evidence of
anything I wrote left, so it should probably be From: you.
> ---
> drivers/acpi/osl.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
> index e5f416c..f6d8977 100644
> --- a/drivers/acpi/osl.c
> +++ b/drivers/acpi/osl.c
> @@ -45,6 +45,7 @@
> #include <linux/list.h>
> #include <linux/jiffies.h>
> #include <linux/semaphore.h>
> +#include <linux/security.h>
>
> #include <asm/io.h>
> #include <asm/uaccess.h>
> @@ -249,7 +250,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
> acpi_physical_address __init acpi_os_get_root_pointer(void)
> {
> #ifdef CONFIG_KEXEC
> - if (acpi_rsdp)
> + if (acpi_rsdp && (get_securelevel <= 0))
This is missing some ( ). That means you're comparing the
get_securelevel function pointer to 0. Pretty sure bad things will
happen.
josh
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
