summaryrefslogtreecommitdiffstats
path: root/efi-lockdown.patch
diff options
context:
space:
mode:
authorJustin M. Forbes <jforbes@fedoraproject.org>2018-04-06 12:00:21 -0500
committerJustin M. Forbes <jforbes@fedoraproject.org>2018-04-06 12:00:21 -0500
commit5bf5e37a7486ccdfd14568b43d80c148729a5483 (patch)
tree27273118bf39dbabe17100fea4fb2e9614f1736c /efi-lockdown.patch
parent9664f61c53daecbcfe15acdae46d0d1c47d63696 (diff)
downloadkernel-5bf5e37a7486ccdfd14568b43d80c148729a5483.tar.gz
kernel-5bf5e37a7486ccdfd14568b43d80c148729a5483.tar.xz
kernel-5bf5e37a7486ccdfd14568b43d80c148729a5483.zip
Linux v4.16-9576-g38c23685b273
Diffstat (limited to 'efi-lockdown.patch')
-rw-r--r--efi-lockdown.patch45
1 files changed, 0 insertions, 45 deletions
diff --git a/efi-lockdown.patch b/efi-lockdown.patch
index a567084d7..4f9814181 100644
--- a/efi-lockdown.patch
+++ b/efi-lockdown.patch
@@ -1522,51 +1522,6 @@ index b38737c83a24..6d71e1e97b20 100644
--
2.14.3
-From 5b76b160badb6e53f68a65f0374df700894559bb Mon Sep 17 00:00:00 2001
-From: David Howells <dhowells@redhat.com>
-Date: Tue, 27 Feb 2018 10:04:53 +0000
-Subject: [PATCH 19/31] scsi: Lock down the eata driver
-
-When the kernel is running in secure boot mode, we lock down the kernel to
-prevent userspace from modifying the running kernel image. Whilst this
-includes prohibiting access to things like /dev/mem, it must also prevent
-access by means of configuring driver modules in such a way as to cause a
-device to access or modify the kernel image.
-
-The eata driver takes a single string parameter that contains a slew of
-settings, including hardware resource configuration. Prohibit use of the
-parameter if the kernel is locked down.
-
-Suggested-by: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
-Signed-off-by: David Howells <dhowells@redhat.com>
-cc: Dario Ballabio <ballabio_dario@emc.com>
-cc: "James E.J. Bottomley" <jejb@linux.vnet.ibm.com>
-cc: "Martin K. Petersen" <martin.petersen@oracle.com>
-cc: linux-scsi@vger.kernel.org
----
- drivers/scsi/eata.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/drivers/scsi/eata.c b/drivers/scsi/eata.c
-index 6501c330d8c8..72fceaa8f3da 100644
---- a/drivers/scsi/eata.c
-+++ b/drivers/scsi/eata.c
-@@ -1552,8 +1552,11 @@ static int eata2x_detect(struct scsi_host_template *tpnt)
-
- tpnt->proc_name = "eata2x";
-
-- if (strlen(boot_options))
-+ if (strlen(boot_options)) {
-+ if (kernel_is_locked_down("Command line-specified device addresses, irqs and dma channels"))
-+ return -EPERM;
- option_setup(boot_options);
-+ }
-
- #if defined(MODULE)
- /* io_port could have been modified when loading as a module */
---
-2.14.3
-
From ebdc673699d9732a1cccfc2f80e84402aa7ec0c9 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Tue, 27 Feb 2018 10:04:54 +0000