6a9155
From: Matthew Garrett <matthew.garrett@nebula.com>
6a9155
Date: Fri, 9 Mar 2012 08:39:37 -0500
6a9155
Subject: [PATCH] ACPI: Limit access to custom_method
6a9155
6a9155
custom_method effectively allows arbitrary access to system memory, making
6a9155
it possible for an attacker to circumvent restrictions on module loading.
6a9155
Disable it if any such restrictions have been enabled.
6a9155
6a9155
Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com>
6a9155
---
6a9155
 drivers/acpi/custom_method.c | 3 +++
6a9155
 1 file changed, 3 insertions(+)
6a9155
6a9155
diff --git a/drivers/acpi/custom_method.c b/drivers/acpi/custom_method.c
6a9155
index c68e72414a67..4277938af700 100644
6a9155
--- a/drivers/acpi/custom_method.c
6a9155
+++ b/drivers/acpi/custom_method.c
6a9155
@@ -29,6 +29,9 @@ static ssize_t cm_write(struct file *file, const char __user * user_buf,
6a9155
 	struct acpi_table_header table;
6a9155
 	acpi_status status;
6a9155
 
6a9155
+	if (secure_modules())
6a9155
+		return -EPERM;
6a9155
+
6a9155
 	if (!(*ppos)) {
6a9155
 		/* parse the table header to get the table length */
6a9155
 		if (count <= sizeof(struct acpi_table_header))