diff options
author | Jeremy Cline <jcline@redhat.com> | 2019-10-02 16:37:22 -0400 |
---|---|---|
committer | Jeremy Cline <jcline@redhat.com> | 2019-10-02 16:38:01 -0400 |
commit | c20aea8759bfa1036f414cfbd8a10b6708164b36 (patch) | |
tree | df6c46ad93f68c5ab1c5aee56bd3a28b2197096e /efi-lockdown.patch | |
parent | 9da38b16edac56f2df34fcd45b011ee0cc91a82a (diff) | |
download | kernel-c20aea8759bfa1036f414cfbd8a10b6708164b36.tar.gz kernel-c20aea8759bfa1036f414cfbd8a10b6708164b36.tar.xz kernel-c20aea8759bfa1036f414cfbd8a10b6708164b36.zip |
Fix up the lockdown sysrq patch
Signed-off-by: Jeremy Cline <jcline@redhat.com>
Diffstat (limited to 'efi-lockdown.patch')
-rw-r--r-- | efi-lockdown.patch | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/efi-lockdown.patch b/efi-lockdown.patch index 25c143fd3..297cb7015 100644 --- a/efi-lockdown.patch +++ b/efi-lockdown.patch @@ -1871,16 +1871,20 @@ index fa0ce7dd9e24..06c60fed7656 100644 op_p = __sysrq_get_key_op(key); if (op_p) { +- /* +- * Should we check for enabled operations (/proc/sysrq-trigger +- * should not) and is the invoked operation enabled? +- */ +- if (!check_mask || sysrq_on_mask(op_p->enable_mask)) { + /* Ban synthetic events from some sysrq functionality */ + if ((from == SYSRQ_FROM_PROC || from == SYSRQ_FROM_SYNTHETIC) && -+ op_p->enable_mask & SYSRQ_DISABLE_USERSPACE) ++ op_p->enable_mask & SYSRQ_DISABLE_USERSPACE) { + printk("This sysrq operation is disabled from userspace.\n"); - /* - * Should we check for enabled operations (/proc/sysrq-trigger - * should not) and is the invoked operation enabled? - */ -- if (!check_mask || sysrq_on_mask(op_p->enable_mask)) { -+ if (from == SYSRQ_FROM_KERNEL || sysrq_on_mask(op_p->enable_mask)) { ++ } else if (from == SYSRQ_FROM_KERNEL || sysrq_on_mask(op_p->enable_mask)) { ++ /* ++ * Should we check for enabled operations (/proc/sysrq-trigger ++ * should not) and is the invoked operation enabled? ++ */ pr_info("%s\n", op_p->action_msg); console_loglevel = orig_log_level; op_p->handler(key); |