| Message ID | 151024877315.28329.472560163492858160.stgit@warthog.procyon.org.uk (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
Hi experts, On Thu, Nov 09, 2017 at 05:32:53PM +0000, David Howells wrote: > From: Linn Crosetto <linn@hpe.com> > > ACPI provides an error injection mechanism, EINJ, for debugging and testing > the ACPI Platform Error Interface (APEI) and other RAS features. If > supported by the firmware, ACPI specification 5.0 and later provide for a > way to specify a physical memory address to which to inject the error. > > Injecting errors through EINJ can produce errors which to the platform are > indistinguishable from real hardware errors. This can have undesirable > side-effects, such as causing the platform to mark hardware as needing > replacement. > > While it does not provide a method to load unauthenticated privileged code, > the effect of these errors may persist across reboots and affect trust in > the underlying hardware, so disable error injection through EINJ if > the kernel is locked down. > > Signed-off-by: Linn Crosetto <linn@hpe.com> > Signed-off-by: David Howells <dhowells@redhat.com> > Reviewed-by: "Lee, Chun-Yi" <jlee@suse.com> > cc: linux-acpi@vger.kernel.org I was looking at the lockdown pathes in v5.4-rc kernel and found that the "acpi: Disable APEI error injection if the kernel is locked down" did not merged with lockdown patch set. This patch be sent with Matthew's pull request lockdown patches for 5.2: http://kernsec.org/pipermail/linux-security-module-archive/2019-March/012033.html But it didn't show in Morris's git: https://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git/log/?h=next-lockdown Maybe I missed some detail of this patch. Could anyone point out the concern of this patch please? > --- > > drivers/acpi/apei/einj.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/drivers/acpi/apei/einj.c b/drivers/acpi/apei/einj.c > index b38737c83a24..6d71e1e97b20 100644 > --- a/drivers/acpi/apei/einj.c > +++ b/drivers/acpi/apei/einj.c > @@ -518,6 +518,9 @@ static int einj_error_inject(u32 type, u32 flags, u64 param1, u64 param2, > int rc; > u64 base_addr, size; > > + if (kernel_is_locked_down("ACPI error injection")) > + return -EPERM; > + > /* If user manually set "flags", make sure it is legal */ > if (flags && (flags & > ~(SETWA_FLAGS_APICID|SETWA_FLAGS_MEM|SETWA_FLAGS_PCIE_SBDF))) > > -- > To unsubscribe from this list: send the line "unsubscribe linux-efi" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html Thanks Joey Lee
Hi all, On Thu, Nov 07, 2019 at 04:21:31PM +0800, joeyli wrote: > Hi experts, > > On Thu, Nov 09, 2017 at 05:32:53PM +0000, David Howells wrote: > > From: Linn Crosetto <linn@hpe.com> > > > > ACPI provides an error injection mechanism, EINJ, for debugging and testing > > the ACPI Platform Error Interface (APEI) and other RAS features. If > > supported by the firmware, ACPI specification 5.0 and later provide for a > > way to specify a physical memory address to which to inject the error. > > > > Injecting errors through EINJ can produce errors which to the platform are > > indistinguishable from real hardware errors. This can have undesirable > > side-effects, such as causing the platform to mark hardware as needing > > replacement. > > > > While it does not provide a method to load unauthenticated privileged code, > > the effect of these errors may persist across reboots and affect trust in > > the underlying hardware, so disable error injection through EINJ if > > the kernel is locked down. > > > > Signed-off-by: Linn Crosetto <linn@hpe.com> > > Signed-off-by: David Howells <dhowells@redhat.com> > > Reviewed-by: "Lee, Chun-Yi" <jlee@suse.com> > > cc: linux-acpi@vger.kernel.org > > I was looking at the lockdown pathes in v5.4-rc kernel and found that the > "acpi: Disable APEI error injection if the kernel is locked down" did not > merged with lockdown patch set. This patch be sent with Matthew's pull > request lockdown patches for 5.2: > http://kernsec.org/pipermail/linux-security-module-archive/2019-March/012033.html > > But it didn't show in Morris's git: > https://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git/log/?h=next-lockdown > > Maybe I missed some detail of this patch. Could anyone point out the > concern of this patch please? > After a couple of years, we still didn't have this patch in mainline. Does that mean the "APEI error injection" doesn't need to be locked down? Actually this patch is against a CVE-2016-3695: https://nvd.nist.gov/vuln/detail/CVE-2016-3695 It's before lockdown patchset be merged to kernel mainline. So this CVE happened in downstream destro. Just search CVE-2016-3695 then we can see many distros has this. If mainline kernel doesn't have this patch, then I believe that the CVE-2016-3695 is also in current mainline kernel. Then why this patch not be acceptted? Thanks! Joey Lee > > --- > > > > drivers/acpi/apei/einj.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/drivers/acpi/apei/einj.c b/drivers/acpi/apei/einj.c > > index b38737c83a24..6d71e1e97b20 100644 > > --- a/drivers/acpi/apei/einj.c > > +++ b/drivers/acpi/apei/einj.c > > @@ -518,6 +518,9 @@ static int einj_error_inject(u32 type, u32 flags, u64 param1, u64 param2, > > int rc; > > u64 base_addr, size; > > > > + if (kernel_is_locked_down("ACPI error injection")) > > + return -EPERM; > > + > > /* If user manually set "flags", make sure it is legal */ > > if (flags && (flags & > > ~(SETWA_FLAGS_APICID|SETWA_FLAGS_MEM|SETWA_FLAGS_PCIE_SBDF))) > > > > -- > > To unsubscribe from this list: send the line "unsubscribe linux-efi" in > > the body of a message to majordomo@vger.kernel.org > > More majordomo info at http://vger.kernel.org/majordomo-info.html > > Thanks > Joey Lee
diff --git a/drivers/acpi/apei/einj.c b/drivers/acpi/apei/einj.c index b38737c83a24..6d71e1e97b20 100644 --- a/drivers/acpi/apei/einj.c +++ b/drivers/acpi/apei/einj.c @@ -518,6 +518,9 @@ static int einj_error_inject(u32 type, u32 flags, u64 param1, u64 param2, int rc; u64 base_addr, size; + if (kernel_is_locked_down("ACPI error injection")) + return -EPERM; + /* If user manually set "flags", make sure it is legal */ if (flags && (flags & ~(SETWA_FLAGS_APICID|SETWA_FLAGS_MEM|SETWA_FLAGS_PCIE_SBDF)))