ACPI: Limit access to custom_method

BugLink: http://bugs.launchpad.net/bugs/1566221 custom_method effectively allows arbitrary access to system memory, making it possible for an attacker to circumvent restrictions on module loading. Disable it if any such restrictions have been enabled. Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>

ACPI: Limit access to custom_method
BugLink: http://bugs.launchpad.net/bugs/1566221 custom_method effectively allows arbitrary access to system memory, making it possible for an attacker to circumvent restrictions on module loading. Disable it if any such restrictions have been enabled. Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
1c591a7e · Matthew Garrett · Tim Gardner · cc223b88 · 1c591a7e
Commit 1c591a7e authored Mar 09, 2012 by Matthew Garrett Committed by Tim Gardner Apr 06, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 0 deletions

drivers/acpi/custom_method.c drivers/acpi/custom_method.c +3 -0

No files found.
--- a/drivers/acpi/custom_method.c
+++ b/drivers/acpi/custom_method.c
@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
 	struct acpi_table_header table;
 	acpi_status status;

+	if (secure_modules())
+		return -EPERM;
+
 	if (!(*ppos)) {
 		/* parse the table header to get the table length */
 		if (count <= sizeof(struct acpi_table_header))