diff options
| author | Justin M. Forbes <jforbes@fedoraproject.org> | 2018-04-06 12:00:21 -0500 |
|---|---|---|
| committer | Justin M. Forbes <jforbes@fedoraproject.org> | 2018-04-06 12:00:21 -0500 |
| commit | 5bf5e37a7486ccdfd14568b43d80c148729a5483 (patch) | |
| tree | 27273118bf39dbabe17100fea4fb2e9614f1736c /efi-lockdown.patch | |
| parent | 9664f61c53daecbcfe15acdae46d0d1c47d63696 (diff) | |
| download | kernel-5bf5e37a7486ccdfd14568b43d80c148729a5483.tar.gz kernel-5bf5e37a7486ccdfd14568b43d80c148729a5483.tar.xz kernel-5bf5e37a7486ccdfd14568b43d80c148729a5483.zip | |
Linux v4.16-9576-g38c23685b273
Diffstat (limited to 'efi-lockdown.patch')
| -rw-r--r-- | efi-lockdown.patch | 45 |
1 files changed, 0 insertions, 45 deletions
diff --git a/efi-lockdown.patch b/efi-lockdown.patch index a567084d7..4f9814181 100644 --- a/efi-lockdown.patch +++ b/efi-lockdown.patch @@ -1522,51 +1522,6 @@ index b38737c83a24..6d71e1e97b20 100644 -- 2.14.3 -From 5b76b160badb6e53f68a65f0374df700894559bb Mon Sep 17 00:00:00 2001 -From: David Howells <dhowells@redhat.com> -Date: Tue, 27 Feb 2018 10:04:53 +0000 -Subject: [PATCH 19/31] scsi: Lock down the eata driver - -When the kernel is running in secure boot mode, we lock down the kernel to -prevent userspace from modifying the running kernel image. Whilst this -includes prohibiting access to things like /dev/mem, it must also prevent -access by means of configuring driver modules in such a way as to cause a -device to access or modify the kernel image. - -The eata driver takes a single string parameter that contains a slew of -settings, including hardware resource configuration. Prohibit use of the -parameter if the kernel is locked down. - -Suggested-by: Alan Cox <gnomes@lxorguk.ukuu.org.uk> -Signed-off-by: David Howells <dhowells@redhat.com> -cc: Dario Ballabio <ballabio_dario@emc.com> -cc: "James E.J. Bottomley" <jejb@linux.vnet.ibm.com> -cc: "Martin K. Petersen" <martin.petersen@oracle.com> -cc: linux-scsi@vger.kernel.org ---- - drivers/scsi/eata.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/drivers/scsi/eata.c b/drivers/scsi/eata.c -index 6501c330d8c8..72fceaa8f3da 100644 ---- a/drivers/scsi/eata.c -+++ b/drivers/scsi/eata.c -@@ -1552,8 +1552,11 @@ static int eata2x_detect(struct scsi_host_template *tpnt) - - tpnt->proc_name = "eata2x"; - -- if (strlen(boot_options)) -+ if (strlen(boot_options)) { -+ if (kernel_is_locked_down("Command line-specified device addresses, irqs and dma channels")) -+ return -EPERM; - option_setup(boot_options); -+ } - - #if defined(MODULE) - /* io_port could have been modified when loading as a module */ --- -2.14.3 - From ebdc673699d9732a1cccfc2f80e84402aa7ec0c9 Mon Sep 17 00:00:00 2001 From: David Howells <dhowells@redhat.com> Date: Tue, 27 Feb 2018 10:04:54 +0000 |