diff options
author | Jeremy Cline <jcline@redhat.com> | 2019-10-02 16:37:22 -0400 |
---|---|---|
committer | Jeremy Cline <jcline@redhat.com> | 2019-10-02 16:40:12 -0400 |
commit | ac89b4ad914e2aea2d797fa77a72b46bfef2ca4f (patch) | |
tree | 0d5039de94533f81eceef335b257700788c9d098 /efi-lockdown.patch | |
parent | e163d285354547e796f0cc0d906d8ba9c72260dc (diff) | |
download | kernel-ac89b4ad914e2aea2d797fa77a72b46bfef2ca4f.tar.gz kernel-ac89b4ad914e2aea2d797fa77a72b46bfef2ca4f.tar.xz kernel-ac89b4ad914e2aea2d797fa77a72b46bfef2ca4f.zip |
Fix up the lockdown sysrq patch
Signed-off-by: Jeremy Cline <jcline@redhat.com>
Diffstat (limited to 'efi-lockdown.patch')
-rw-r--r-- | efi-lockdown.patch | 18 |
1 files changed, 11 insertions, 7 deletions
diff --git a/efi-lockdown.patch b/efi-lockdown.patch index c213cfce9..75d4b7ed7 100644 --- a/efi-lockdown.patch +++ b/efi-lockdown.patch @@ -1898,16 +1898,20 @@ index 573b2055173c..7cc95a8bdf8d 100644 op_p = __sysrq_get_key_op(key); if (op_p) { +- /* +- * Should we check for enabled operations (/proc/sysrq-trigger +- * should not) and is the invoked operation enabled? +- */ +- if (!check_mask || sysrq_on_mask(op_p->enable_mask)) { + /* Ban synthetic events from some sysrq functionality */ + if ((from == SYSRQ_FROM_PROC || from == SYSRQ_FROM_SYNTHETIC) && -+ op_p->enable_mask & SYSRQ_DISABLE_USERSPACE) ++ op_p->enable_mask & SYSRQ_DISABLE_USERSPACE) { + printk("This sysrq operation is disabled from userspace.\n"); - /* - * Should we check for enabled operations (/proc/sysrq-trigger - * should not) and is the invoked operation enabled? - */ -- if (!check_mask || sysrq_on_mask(op_p->enable_mask)) { -+ if (from == SYSRQ_FROM_KERNEL || sysrq_on_mask(op_p->enable_mask)) { ++ } else if (from == SYSRQ_FROM_KERNEL || sysrq_on_mask(op_p->enable_mask)) { ++ /* ++ * Should we check for enabled operations (/proc/sysrq-trigger ++ * should not) and is the invoked operation enabled? ++ */ pr_info("%s\n", op_p->action_msg); console_loglevel = orig_log_level; op_p->handler(key); |