• Josh Boyer's avatar
    acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down · 41fa1ee9
    Josh Boyer authored
    This option allows userspace to pass the RSDP address to the kernel, which
    makes it possible for a user to modify the workings of hardware. Reject
    the option when the kernel is locked down. This requires some reworking
    of the existing RSDP command line logic, since the early boot code also
    makes use of a command-line passed RSDP when locating the SRAT table
    before the lockdown code has been initialised. This is achieved by
    separating the command line RSDP path in the early boot code from the
    generic RSDP path, and then copying the command line RSDP into boot
    params in the kernel proper if lockdown is not enabled. If lockdown is
    enabled and an RSDP is provided on the command line, this will only be
    used when parsing SRAT (which shouldn't permit kernel code execution)
    and will be ignored in the rest of the kernel.
    
    (Modified by Matthew Garrett in order to handle the early boot RSDP
    environment)
    Signed-off-by: default avatarJosh Boyer <jwboyer@redhat.com>
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    Signed-off-by: default avatarMatthew Garrett <mjg59@google.com>
    Reviewed-by: default avatarKees Cook <keescook@chromium.org>
    cc: Dave Young <dyoung@redhat.com>
    cc: linux-acpi@vger.kernel.org
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    41fa1ee9
x86_init.c 3.99 KB