Re: [PATCH 17/24] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down

2017-04-07 Thread Dave Young
On 04/07/17 at 08:05am, David Howells wrote:
> Dave Young  wrote:
> 
> > > > This option allows userspace to pass the RSDP address to the kernel, 
> > > > which
> > > > makes it possible for a user to circumvent any restrictions imposed on
> > > > loading modules.  Ignore the option when the kernel is locked down.
> > > 
> > > I'm not really sure here.
> > > 
> > > What exactly is the mechanism?
> > 
> > Actually this acpi_rsdp param is created for EFI kexec reboot in old
> > days when we had not supported persistent efi vm space across kexec
> > reboot. At that time kexec reboot runs as noefi mode, it can not find
> > the acpi root table thus kernel will hang early.
> > 
> > Now kexec can support EFI boot so this param is not necessary for most
> > user unless they still use efi=old_map.
> 
> Is this patch now unnecessary?

I think it is still necessary because the acpi_rsdp kernel param is still
a valid paramater and one can still pass a pointer to be recognized as acpi
root pointer.

Maybe "imposed on loading modules" is not clear which can be dropped.

Thanks
Dave


Re: [PATCH 17/24] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down

2017-04-07 Thread David Howells
Dave Young  wrote:

> > > This option allows userspace to pass the RSDP address to the kernel, which
> > > makes it possible for a user to circumvent any restrictions imposed on
> > > loading modules.  Ignore the option when the kernel is locked down.
> > 
> > I'm not really sure here.
> > 
> > What exactly is the mechanism?
> 
> Actually this acpi_rsdp param is created for EFI kexec reboot in old
> days when we had not supported persistent efi vm space across kexec
> reboot. At that time kexec reboot runs as noefi mode, it can not find
> the acpi root table thus kernel will hang early.
> 
> Now kexec can support EFI boot so this param is not necessary for most
> user unless they still use efi=old_map.

Is this patch now unnecessary?

David


Re: [PATCH 17/24] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down

2017-04-06 Thread Dave Young
On 04/06/17 at 09:43pm, Rafael J. Wysocki wrote:
> On Wed, Apr 5, 2017 at 10:16 PM, David Howells  wrote:
> > From: Josh Boyer 
> >
> > This option allows userspace to pass the RSDP address to the kernel, which
> > makes it possible for a user to circumvent any restrictions imposed on
> > loading modules.  Ignore the option when the kernel is locked down.
> 
> I'm not really sure here.
> 
> What exactly is the mechanism?

Actually this acpi_rsdp param is created for EFI kexec reboot in old
days when we had not supported persistent efi vm space across kexec
reboot. At that time kexec reboot runs as noefi mode, it can not find
the acpi root table thus kernel will hang early.

Now kexec can support EFI boot so this param is not necessary for most
user unless they still use efi=old_map.

> 
> Thanks,
> Rafael
> --
> To unsubscribe from this list: send the line "unsubscribe linux-efi" in
> the body of a message to majord...@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html


Re: [PATCH 17/24] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down

2017-04-06 Thread Rafael J. Wysocki
On Wed, Apr 5, 2017 at 10:16 PM, David Howells  wrote:
> From: Josh Boyer 
>
> This option allows userspace to pass the RSDP address to the kernel, which
> makes it possible for a user to circumvent any restrictions imposed on
> loading modules.  Ignore the option when the kernel is locked down.

I'm not really sure here.

What exactly is the mechanism?

Thanks,
Rafael


[PATCH 17/24] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down

2017-04-05 Thread David Howells
From: Josh Boyer 

This option allows userspace to pass the RSDP address to the kernel, which
makes it possible for a user to circumvent any restrictions imposed on
loading modules.  Ignore the option when the kernel is locked down.

Signed-off-by: Josh Boyer 
Signed-off-by: David Howells 
cc: linux-a...@vger.kernel.org
---

 drivers/acpi/osl.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
index db78d353bab1..d4d4ba348451 100644
--- a/drivers/acpi/osl.c
+++ b/drivers/acpi/osl.c
@@ -192,7 +192,7 @@ acpi_physical_address __init acpi_os_get_root_pointer(void)
acpi_physical_address pa = 0;
 
 #ifdef CONFIG_KEXEC
-   if (acpi_rsdp)
+   if (acpi_rsdp && !kernel_is_locked_down())
return acpi_rsdp;
 #endif
 



[PATCH 17/24] acpi: Ignore acpi_rsdp kernel param when the kernel has been locked down

2017-04-05 Thread David Howells
From: Josh Boyer 

This option allows userspace to pass the RSDP address to the kernel, which
makes it possible for a user to circumvent any restrictions imposed on
loading modules.  Ignore the option when the kernel is locked down.

Signed-off-by: Josh Boyer 
Signed-off-by: David Howells 
---

 drivers/acpi/osl.c |2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/acpi/osl.c b/drivers/acpi/osl.c
index db78d353bab1..d4d4ba348451 100644
--- a/drivers/acpi/osl.c
+++ b/drivers/acpi/osl.c
@@ -192,7 +192,7 @@ acpi_physical_address __init acpi_os_get_root_pointer(void)
acpi_physical_address pa = 0;
 
 #ifdef CONFIG_KEXEC
-   if (acpi_rsdp)
+   if (acpi_rsdp && !kernel_is_locked_down())
return acpi_rsdp;
 #endif