ACPI fixes for 5.8-rc3

Prevent bypassing kernel lockdown via the ACPI tables loading interface (Jason A. Donenfeld) and fix the handling of an ACPI sysfs attribute (Nathan Chancellor). -----BEGIN PGP SIGNATURE----- iQJGBAABCAAwFiEE4fcc61cGeeHD/fCwgsRv/nhiVHEFAl72FPISHHJqd0Byand5 c29ja2kubmV0AAoJEILEb/54YlRxnjUP/0Zx6soywoxlEdRChXoyJslbRO8prhEW ML5nk1F15UyKEbQNLntif4v4WroLuA5nO44xrIXfBgCx7DvJim09pv4vYFnfWdLe 62sGHK7tX+ezS8RNDvuMoaLB5f41mRGM2ALI6OfBT50m8S9R6aEsFeYTGBXoeuTO iEtTD8CRU6O04o091qrXPXTTdEfcvTMbw75brfdzvcT2UG1TmbwBxyi2dIhripPR K6GCxP9npdoF8/jmqsYygRItKtZ/l5hnzTlS76ZU7TVBmAPajSqwjM9cpQO/rJZw PINEyBDelH7nTqCoShcpEa9fIFF39GCjCkF3fDRIhleAqflbxlValwLdMphEbacc txUHfarAw4CrH6fm1T4H+lAmIECwfWkWcmEyVbQUH4HKa9aHSYe9PlHnorNLmC7k hsU1v4P2Yyvp6Fyb1K/+DZLUQQ/MRbQCdmdGw4ed5nEckoMR961yjKk9Aa7Ny82p SZvznRcMegJqvkG1Bmk87+xxCKbyJbXUqaKXJb62L2E5Tw1VPkgroZ1J+w/GnMgB El3Rp0fa7ZIwiTZf71Emf2V44mfU9Uebamp/QD8IXx8UmF1k+WLDdAwpCFnfj1Xn bvEZ+tHXuFe5YmWbDho8TWi4uOKGZ85pUGMxQNc+HDRwVtav4PRB0Ku/JPvI8Awy /8eHHaaenlji =w+l+ -----END PGP SIGNATURE----- Merge tag 'acpi-5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm Pull ACPI fixes from Rafael Wysocki: "Prevent bypassing kernel lockdown via the ACPI tables loading interface (Jason A. Donenfeld) and fix the handling of an ACPI sysfs attribute (Nathan Chancellor)" * tag 'acpi-5.8-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael/linux-pm: ACPI: sysfs: Fix pm_profile_attr type ACPI: configfs: Disallow loading ACPI tables when locked down
2024-11-14 15:54:15 +08:00 · 2020-06-26 12:33:48 -07:00 · 2020-06-26 12:33:48 -07:00 · 1590a2e1c6
commit 1590a2e1c6
parent ed3e00e7d6 0f29c20bf4
2 changed files with 7 additions and 3 deletions
--- a/drivers/acpi/acpi_configfs.c
+++ b/drivers/acpi/acpi_configfs.c
@ -11,6 +11,7 @@
 #include <linux/module.h>
 #include <linux/configfs.h>
 #include <linux/acpi.h>
+#include <linux/security.h>

 #include "acpica/accommon.h"
 #include "acpica/actables.h"
@ -28,7 +29,10 @@ static ssize_t acpi_table_aml_write(struct config_item *cfg,
 {
 	const struct acpi_table_header *header = data;
 	struct acpi_table *table;
-	int ret;
+	int ret = security_locked_down(LOCKDOWN_ACPI_TABLES);
+
+	if (ret)
+		return ret;

 	table = container_of(cfg, struct acpi_table, cfg);

--- a/drivers/acpi/sysfs.c
+++ b/drivers/acpi/sysfs.c
@ -938,13 +938,13 @@ static void __exit interrupt_stats_exit(void)
 }

 static ssize_t
-acpi_show_profile(struct device *dev, struct device_attribute *attr,
+acpi_show_profile(struct kobject *kobj, struct kobj_attribute *attr,
 		  char *buf)
 {
 	return sprintf(buf, "%d\n", acpi_gbl_FADT.preferred_profile);
 }

-static const struct device_attribute pm_profile_attr =
+static const struct kobj_attribute pm_profile_attr =
 	__ATTR(pm_profile, S_IRUGO, acpi_show_profile, NULL);

 static ssize_t hotplug_enabled_show(struct kobject *kobj,