[PATCH 4/4][E] UBUNTU: SAUCE: acpi: disallow loading configfs acpi tables when locked down

[Seth Forshee]

From: "Jason A. Donenfeld" <Jason at zx2c4.com>

BugLink: https://bugs.launchpad.net/bugs/1884159

Like other vectors already patched, this one here allows the root user
to load ACPI tables, which enables arbitrary physical address writes,
which in turn makes it possible to disable lockdown. This patch prevents
this by checking the lockdown status before allowing a new ACPI table to be
installed. The link in the trailer shows a PoC of how this might be
used.

Signed-off-by: Jason A. Donenfeld <Jason at zx2c4.com>
Cc: stable at vger.kernel.org
Link: https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh
Link: https://lore.kernel.org/lkml/20200615104332.901519-1-Jason@zx2c4.com/
[ saf: Backport to older lockdown implementation ]
Signed-off-by: Seth Forshee <seth.forshee at canonical.com>
---
 drivers/acpi/acpi_configfs.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/acpi/acpi_configfs.c b/drivers/acpi/acpi_configfs.c
index 57d9d574d4dd..f57b3270cdf3 100644
--- a/drivers/acpi/acpi_configfs.c
+++ b/drivers/acpi/acpi_configfs.c
@@ -28,8 +28,12 @@ static ssize_t acpi_table_aml_write(struct config_item *cfg,
 {
 	const struct acpi_table_header *header = data;
 	struct acpi_table *table;
+	bool locked_down = kernel_is_locked_down("modifying ACPI tables");
 	int ret;
 
+	if (locked_down)
+		return -EPERM;
+
 	table = container_of(cfg, struct acpi_table, cfg);
 
 	if (table->header) {
-- 
2.27.0