diff options
| author | Justin M. Forbes <jforbes@fedoraproject.org> | 2017-05-09 10:45:07 -0500 |
|---|---|---|
| committer | Justin M. Forbes <jforbes@fedoraproject.org> | 2017-05-09 10:45:07 -0500 |
| commit | bd32781ec227f8f38cc748c7769f9678b51db3a4 (patch) | |
| tree | af43ae5f0f78852e6e13fb20215de311ed8b5ca8 /efi-lockdown.patch | |
| parent | 609ec0dfc995908764448e000173d4dd133160b8 (diff) | |
| download | kernel-bd32781ec227f8f38cc748c7769f9678b51db3a4.tar.gz kernel-bd32781ec227f8f38cc748c7769f9678b51db3a4.tar.xz kernel-bd32781ec227f8f38cc748c7769f9678b51db3a4.zip | |
Linux v4.11-11413-g2868b25
Diffstat (limited to 'efi-lockdown.patch')
| -rw-r--r-- | efi-lockdown.patch | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/efi-lockdown.patch b/efi-lockdown.patch index 036985d2b..e04878458 100644 --- a/efi-lockdown.patch +++ b/efi-lockdown.patch @@ -800,15 +800,15 @@ index 0666287..b10992c 100644 return 0; if (off + count > dev->cfg_size) { @@ -1009,6 +1012,9 @@ static int pci_mmap_resource(struct kobject *kobj, struct bin_attribute *attr, - resource_size_t start, end; - int i; + enum pci_mmap_state mmap_type; + struct resource *res = &pdev->resource[bar]; + if (kernel_is_locked_down()) + return -EPERM; + - for (i = 0; i < PCI_ROM_RESOURCE; i++) - if (res == &pdev->resource[i]) - break; + if (res->flags & IORESOURCE_MEM && iomem_is_exclusive(res->start)) + return -EINVAL; + @@ -1108,6 +1114,9 @@ static ssize_t pci_write_resource_io(struct file *filp, struct kobject *kobj, struct bin_attribute *attr, char *buf, loff_t off, size_t count) @@ -845,13 +845,13 @@ index f82710a..139d6f0 100644 ret = pci_domain_nr(dev->bus); @@ -233,7 +239,7 @@ static int proc_bus_pci_mmap(struct file *file, struct vm_area_struct *vma) struct pci_filp_private *fpriv = file->private_data; - int i, ret, write_combine; + int i, ret, write_combine = 0, res_bit = IORESOURCE_MEM; - if (!capable(CAP_SYS_RAWIO)) + if (!capable(CAP_SYS_RAWIO) || kernel_is_locked_down()) return -EPERM; - /* Make sure the caller is mapping a real resource for this device */ + if (fpriv->mmap_state == pci_mmap_io) { diff --git a/drivers/pci/syscall.c b/drivers/pci/syscall.c index 9bf993e..c095247 100644 --- a/drivers/pci/syscall.c |