leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
41fa1ee9c6
linux/arch/x86/kernel
History
Josh Boyer 41fa1ee9c6 acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down 
This option allows userspace to pass the RSDP address to the kernel, which
makes it possible for a user to modify the workings of hardware. Reject
the option when the kernel is locked down. This requires some reworking
of the existing RSDP command line logic, since the early boot code also
makes use of a command-line passed RSDP when locating the SRAT table
before the lockdown code has been initialised. This is achieved by
separating the command line RSDP path in the early boot code from the
generic RSDP path, and then copying the command line RSDP into boot
params in the kernel proper if lockdown is not enabled. If lockdown is
enabled and an RSDP is provided on the command line, this will only be
used when parsing SRAT (which shouldn't permit kernel code execution)
and will be ignored in the rest of the kernel.

(Modified by Matthew Garrett in order to handle the early boot RSDP
environment)

Signed-off-by: Josh Boyer <jwboyer@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
cc: Dave Young <dyoung@redhat.com>
cc: linux-acpi@vger.kernel.org
Signed-off-by: James Morris <jmorris@namei.org>
2019-08-19 21:54:16 -07:00
..
acpi acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down 2019-08-19 21:54:16 -07:00
apic Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-06-29 19:42:30 +08:00
cpu Merge branch 'x86-urgent-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-06-29 19:42:30 +08:00
fpu x86/fpu: Don't use current->mm to check for a kthread 2019-06-13 20:57:49 +02:00
kprobes treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
.gitignore
alternative.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
amd_gart_64.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 213 2019-05-30 11:29:54 -07:00
amd_nb.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 477 2019-06-19 17:09:51 +02:00
apb_timer.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
aperture_64.c x86/gart: Exclude GART aperture from kcore 2019-03-23 12:11:49 +01:00
apm_32.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 118 2019-05-24 17:39:02 +02:00
asm-offsets_32.c
asm-offsets_64.c x86/irq/64: Split the IRQ stack into its own pages 2019-04-17 15:37:02 +02:00
asm-offsets.c x86/kernel: Fix more -Wmissing-prototypes warnings 2018-12-08 12:24:35 +01:00
audit_64.c
bootflag.c
check.c x86/headers: Fix -Wmissing-prototypes warning 2018-11-23 07:59:59 +01:00
cpuid.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 142 2019-05-30 11:25:17 -07:00
crash_dump_32.c
crash_dump_64.c x86: Fix various typos in comments 2018-12-03 10:49:13 +01:00
crash.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
devicetree.c x86/headers: Fix -Wmissing-prototypes warning 2018-11-23 07:59:59 +01:00
doublefault.c
dumpstack_32.c x86/irq/32: Rename hard/softirq_stack to hard/softirq_stack_ptr 2019-04-17 15:24:18 +02:00
dumpstack_64.c x86/irq/64: Rename irq_stack_ptr to hardirq_stack_ptr 2019-04-17 15:27:10 +02:00
dumpstack.c x86/process: Don't mix user/kernel regs in 64bit __show_regs() 2018-09-06 14:33:12 +02:00
e820.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
early_printk.c efi/x86: Convert x86 EFI earlyprintk into generic earlycon implementation 2019-02-04 08:27:30 +01:00
early-quirks.c x86/gpu: add ElkhartLake to gen11 early quirks 2019-04-01 10:29:32 -07:00
ebda.c
eisa.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 243 2019-06-19 17:09:07 +02:00
espfix_64.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 288 2019-06-05 17:36:37 +02:00
ftrace_32.S ftrace/x86: Remove mcount support 2019-05-10 12:33:09 -04:00
ftrace_64.S ftrace/x86: Remove mcount support 2019-05-10 12:33:09 -04:00
ftrace.c ftrace/x86: Anotate text_mutex split between ftrace_arch_code_modify_post_process() and ftrace_arch_code_modify_prepare() 2019-07-02 15:41:35 -04:00
head32.c x86/boot: Mostly revert commit ae7e1238e6 ("Add ACPI RSDP address to setup_header") 2018-11-20 09:43:10 +01:00
head64.c x86/boot/64: Add missing fixup_pointer() for next_early_pgt access 2019-06-26 07:25:09 +02:00
head_32.S
head_64.S x86/irq/64: Split the IRQ stack into its own pages 2019-04-17 15:37:02 +02:00
hpet.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
hw_breakpoint.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
i8237.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
i8253.c
i8259.c
idt.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 243 2019-06-19 17:09:07 +02:00
ima_arch.c kexec_file: split KEXEC_VERIFY_SIG into KEXEC_SIG and KEXEC_SIG_FORCE 2019-08-19 21:54:15 -07:00
io_delay.c
ioport.c x86: Lock down IO port access when the kernel is locked down 2019-08-19 21:54:16 -07:00
irq_32.c x86/irq/32: Handle irq stack allocation failure proper 2019-04-17 15:31:42 +02:00
irq_64.c x86/irq/64: Remove stack overflow debug code 2019-04-17 15:41:48 +02:00
irq_work.c
irq.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
irqflags.S
irqinit.c x86/irq/32: Handle irq stack allocation failure proper 2019-04-17 15:31:42 +02:00
itmt.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
jailhouse.c x86/headers: Fix -Wmissing-prototypes warning 2018-11-23 07:59:59 +01:00
jump_label.c x86/jump-label: Remove support for custom text poker 2019-04-30 12:37:55 +02:00
kdebugfs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428 2019-06-05 17:37:16 +02:00
kexec-bzimage64.c lockdown: Copy secure_boot flag in boot params across kexec reboot 2019-08-19 21:54:15 -07:00
kgdb.c x86/kgdb: Return 0 from kgdb_arch_set_breakpoint() 2019-06-12 18:52:44 +02:00
ksysfs.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 428 2019-06-05 17:37:16 +02:00
kvm.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 19 2019-05-21 11:28:46 +02:00
kvmclock.c x86: kvmguest: use TSC clocksource if invariant TSC is exposed 2019-02-20 22:48:52 +01:00
ldt.c x86: Convert some slow-path static_cpu_has() callers to boot_cpu_has() 2019-04-08 12:13:34 +02:00
livepatch.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
machine_kexec_32.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 230 2019-06-19 17:09:06 +02:00
machine_kexec_64.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 230 2019-06-19 17:09:06 +02:00
Makefile treewide: prefix header search paths with $(srctree)/ 2019-05-18 11:49:57 +09:00
mmconf-fam10h_64.c
module.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
mpparse.c x86/mm: Don't leak kernel addresses 2019-03-19 12:10:56 +01:00
msr.c x86/msr: Restrict MSR access when the kernel is locked down 2019-08-19 21:54:16 -07:00
nmi_selftest.c
nmi.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
paravirt_patch_32.c x86/paravirt: Remove unused _paravirt_ident_32 2018-10-30 09:55:31 +01:00
paravirt_patch_64.c x86/paravirt: Remove unused _paravirt_ident_32 2018-10-30 09:55:31 +01:00
paravirt-spinlocks.c x86/paravirt: Use a single ops structure 2018-09-03 16:50:35 +02:00
paravirt.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 102 2019-05-24 17:39:00 +02:00
pci-calgary_64.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
pci-dma.c x86/dma: Remove the x86_dma_fallback_dev hack 2019-04-08 17:52:46 +02:00
pci-iommu_table.c
pci-swiotlb.c dma-direct: merge swiotlb_dma_ops into the dma_direct code 2018-12-13 21:06:17 +01:00
pcspeaker.c
perf_regs.c perf/x86/regs: Check reserved bits 2019-06-24 19:19:24 +02:00
platform-quirks.c
pmem.c
probe_roms.c
process_32.c Merge branch 'x86-fpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-05-07 10:24:10 -07:00
process_64.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
process.c Merge branch 'x86-fpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-05-07 10:24:10 -07:00
process.h x86/speculation: Change misspelled STIPB to STIBP 2018-12-06 11:49:15 +01:00
ptrace.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
pvclock.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 102 2019-05-24 17:39:00 +02:00
quirks.c x86/headers: Fix -Wmissing-prototypes warning 2018-11-23 07:59:59 +01:00
reboot_fixups_32.c
reboot.c Merge branch 'x86-asm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-05-06 15:32:35 -07:00
relocate_kernel_32.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 230 2019-06-19 17:09:06 +02:00
relocate_kernel_64.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 230 2019-06-19 17:09:06 +02:00
resource.c
rtc.c
setup_percpu.c x86/irq/64: Split the IRQ stack into its own pages 2019-04-17 15:37:02 +02:00
setup.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
signal_compat.c
signal.c Merge branch 'x86-fpu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-05-07 10:24:10 -07:00
smp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 82 2019-05-24 17:37:52 +02:00
smpboot.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 82 2019-05-24 17:37:52 +02:00
stacktrace.c x86/stacktrace: Use common infrastructure 2019-04-29 12:37:57 +02:00
step.c
sys_x86_64.c x86/compat: Adjust in_compat_syscall() to generic code under !COMPAT 2018-11-01 12:59:25 +01:00
sysfb_efi.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sysfb_simplefb.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
sysfb.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
tboot.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 335 2019-06-05 17:37:06 +02:00
tce_64.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
time.c Merge branch 'x86-vdso-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-10-23 19:07:25 +01:00
tls.c
tls.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 193 2019-05-30 11:29:21 -07:00
topology.c x86/topology: Make DEBUG_HOTPLUG_CPU0 pr_info() more descriptive 2019-04-19 19:42:57 +02:00
trace_clock.c
tracepoint.c x86/kernel: Fix more -Wmissing-prototypes warnings 2018-12-08 12:24:35 +01:00
traps.c x86/speculation/mds: Revert CPU buffer clear on double fault exit 2019-05-16 09:05:11 +02:00
tsc_msr.c x86/cpu: Sanitize FAM6_ATOM naming 2018-10-02 10:14:32 +02:00
tsc_sync.c
tsc.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
umip.c signal/x86: Use force_sig_fault where appropriate 2018-09-21 15:30:54 +02:00
unwind_frame.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
unwind_guess.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
unwind_orc.c x86/unwind/orc: Fall back to using frame pointers for generated code 2019-06-28 00:11:21 +02:00
uprobes.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 156 2019-05-30 11:26:35 -07:00
verify_cpu.S treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 230 2019-06-19 17:09:06 +02:00
vm86_32.c x86: Convert some slow-path static_cpu_has() callers to boot_cpu_has() 2019-04-08 12:13:34 +02:00
vmlinux.lds.S Merge branch 'x86-mm-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-05-06 16:13:31 -07:00
vsmp_64.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 346 2019-06-05 17:37:08 +02:00
x86_init.c acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down 2019-08-19 21:54:16 -07:00