acpi: Ignore acpi_rsdp kernel parameter when securelevel is set

Orabug: 21539498

From: Josh Boyer <jwboyer@redhat.com>

This option allows userspace to pass the RSDP address to the kernel, which
makes it possible for a user to execute arbitrary code in the kernel.
Disable this when securelevel is set.

Signed-off-by: Josh Boyer <jwboyer@redhat.com>
Signed-off-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>

diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
index 7ccba395c9ddbeb7a6725b336d69d01abd4b82b1..5a2e173cf31583857db755998635b9ed0171d402 100644 (file)
--- a/drivers/acpi/osl.c
+++ b/drivers/acpi/osl.c
@@ -44,6 +44,7 @@
 #include <linux/list.h>
 #include <linux/jiffies.h>
 #include <linux/semaphore.h>
+#include <linux/security.h>
 
 #include <asm/io.h>
 #include <asm/uaccess.h>
@@ -252,7 +253,7 @@ early_param("acpi_rsdp", setup_acpi_rsdp);
 acpi_physical_address __init acpi_os_get_root_pointer(void)
 {
 #ifdef CONFIG_KEXEC
-       if (acpi_rsdp)
+       if (acpi_rsdp && (get_securelevel() <= 0))
                return acpi_rsdp;
 #endif