diff options
author | Jeremy Cline <jcline@redhat.com> | 2019-10-02 16:37:22 -0400 |
---|---|---|
committer | Jeremy Cline <jcline@redhat.com> | 2019-10-02 16:37:22 -0400 |
commit | 46166d542f49af37a1067c693543f6b104913b55 (patch) | |
tree | 15761eb04cc5732cbb1d81e3377e19646a3984d3 | |
parent | 3be9b80e31dadb304fe70053e293d5c882838deb (diff) | |
download | kernel-46166d542f49af37a1067c693543f6b104913b55.tar.gz kernel-46166d542f49af37a1067c693543f6b104913b55.tar.xz kernel-46166d542f49af37a1067c693543f6b104913b55.zip |
Fix up the lockdown sysrq patch
Signed-off-by: Jeremy Cline <jcline@redhat.com>
-rw-r--r-- | efi-lockdown.patch | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/efi-lockdown.patch b/efi-lockdown.patch index 25c143fd3..297cb7015 100644 --- a/efi-lockdown.patch +++ b/efi-lockdown.patch @@ -1871,16 +1871,20 @@ index fa0ce7dd9e24..06c60fed7656 100644 op_p = __sysrq_get_key_op(key); if (op_p) { +- /* +- * Should we check for enabled operations (/proc/sysrq-trigger +- * should not) and is the invoked operation enabled? +- */ +- if (!check_mask || sysrq_on_mask(op_p->enable_mask)) { + /* Ban synthetic events from some sysrq functionality */ + if ((from == SYSRQ_FROM_PROC || from == SYSRQ_FROM_SYNTHETIC) && -+ op_p->enable_mask & SYSRQ_DISABLE_USERSPACE) ++ op_p->enable_mask & SYSRQ_DISABLE_USERSPACE) { + printk("This sysrq operation is disabled from userspace.\n"); - /* - * Should we check for enabled operations (/proc/sysrq-trigger - * should not) and is the invoked operation enabled? - */ -- if (!check_mask || sysrq_on_mask(op_p->enable_mask)) { -+ if (from == SYSRQ_FROM_KERNEL || sysrq_on_mask(op_p->enable_mask)) { ++ } else if (from == SYSRQ_FROM_KERNEL || sysrq_on_mask(op_p->enable_mask)) { ++ /* ++ * Should we check for enabled operations (/proc/sysrq-trigger ++ * should not) and is the invoked operation enabled? ++ */ pr_info("%s\n", op_p->action_msg); console_loglevel = orig_log_level; op_p->handler(key); |