www.infradead.org Git - users/jedix/linux-maple.git/commit

author	Linn Crosetto <linn@hpe.com>
	Wed, 16 Nov 2016 20:33:52 +0000 (12:33 -0800)
committer	Chuck Anderson <chuck.anderson@oracle.com>
	Wed, 16 Nov 2016 20:33:52 +0000 (12:33 -0800)
commit	b22c43e5b3c6ee6b703a06373da46bc24b97f323
tree	cc3b2d8d37596555cd695421e407be994dc9392e	tree
parent	471285f999579c6fe1949b4108c6f9c95244bc35	commit \| diff

acpi: Disable ACPI table override if securelevel is set

From the kernel documentation (initrd_table_override.txt):

  If the ACPI_INITRD_TABLE_OVERRIDE compile option is true, it is possible
  to override nearly any ACPI table provided by the BIOS with an
  instrumented, modified one.

When securelevel is set, the kernel should disallow any unauthenticated
changes to kernel space. ACPI tables contain code invoked by the kernel, so
do not allow ACPI tables to be overridden if securelevel is set.

Signed-off-by: Linn Crosetto <linn@hpe.com>
Orabug: 25058372
CVE: CVE-2016-3699
Signed-off-by: Chuck Anderson <chuck.anderson@oracle.com>
Reviewed-by: Guru Anbalagane <guru.anbalagane@oracle.com>

arch/x86/kernel/setup.c		diff \| blob \| history
drivers/acpi/osl.c		diff \| blob \| history