diff options
author | Laura Abbott <labbott@fedoraproject.org> | 2015-09-01 15:03:08 -0700 |
---|---|---|
committer | Laura Abbott <labbott@fedoraproject.org> | 2015-09-01 15:59:56 -0700 |
commit | d07b889185195409a6090ed3e12fff475b4258f4 (patch) | |
tree | c2b98784a9c45c2ba5420c4a256c03d1c1c2e125 /sb-hibernate.patch | |
parent | 07775e21b6d0c7b9c2251deb8cb5ef3052a38c6e (diff) | |
download | kernel-d07b889185195409a6090ed3e12fff475b4258f4.tar.gz kernel-d07b889185195409a6090ed3e12fff475b4258f4.tar.xz kernel-d07b889185195409a6090ed3e12fff475b4258f4.zip |
Linux v4.2
This is a squashed patch of the history from F22 + the 4.2 rebase
Diffstat (limited to 'sb-hibernate.patch')
-rw-r--r-- | sb-hibernate.patch | 115 |
1 files changed, 0 insertions, 115 deletions
diff --git a/sb-hibernate.patch b/sb-hibernate.patch deleted file mode 100644 index da7bb7428..000000000 --- a/sb-hibernate.patch +++ /dev/null @@ -1,115 +0,0 @@ -Bugzilla: N/A -Upstream-status: Fedora mustard - -From ffe1ee94d526900ce1e5191cdd38934477dd209a Mon Sep 17 00:00:00 2001 -From: Josh Boyer <jwboyer@fedoraproject.org> -Date: Fri, 26 Oct 2012 14:02:09 -0400 -Subject: [PATCH] hibernate: Disable in a signed modules environment - -There is currently no way to verify the resume image when returning -from hibernate. This might compromise the signed modules trust model, -so until we can work with signed hibernate images we disable it in -a secure modules environment. - -Signed-off-by: Josh Boyer <jwboyer@fedoraproject.com> ---- - kernel/power/hibernate.c | 16 +++++++++++++++- - kernel/power/main.c | 7 ++++++- - kernel/power/user.c | 1 + - 3 files changed, 22 insertions(+), 2 deletions(-) - -diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c -index b26f5f1..e65228b 100644 ---- a/kernel/power/hibernate.c -+++ b/kernel/power/hibernate.c -@@ -28,6 +28,8 @@ - #include <linux/syscore_ops.h> - #include <linux/ctype.h> - #include <linux/genhd.h> -+#include <linux/efi.h> -+#include <linux/module.h> - - #include "power.h" - -@@ -632,6 +634,10 @@ int hibernate(void) - { - int error; - -+ if (secure_modules()) { -+ return -EPERM; -+ } -+ - lock_system_sleep(); - /* The snapshot device should not be opened while we're running */ - if (!atomic_add_unless(&snapshot_device_available, -1, 0)) { -@@ -723,7 +729,7 @@ static int software_resume(void) - /* - * If the user said "noresume".. bail out early. - */ -- if (noresume) -+ if (noresume || secure_modules()) - return 0; - - /* -@@ -889,6 +895,11 @@ static ssize_t disk_show(struct kobject *kobj, struct kobj_attribute *attr, - int i; - char *start = buf; - -+ if (efi_enabled(EFI_SECURE_BOOT)) { -+ buf += sprintf(buf, "[%s]\n", "disabled"); -+ return buf-start; -+ } -+ - for (i = HIBERNATION_FIRST; i <= HIBERNATION_MAX; i++) { - if (!hibernation_modes[i]) - continue; -@@ -923,6 +934,9 @@ static ssize_t disk_store(struct kobject *kobj, struct kobj_attribute *attr, - char *p; - int mode = HIBERNATION_INVALID; - -+ if (secure_modules()) -+ return -EPERM; -+ - p = memchr(buf, '\n', n); - len = p ? p - buf : n; - -diff --git a/kernel/power/main.c b/kernel/power/main.c -index 1d1bf63..300f300 100644 ---- a/kernel/power/main.c -+++ b/kernel/power/main.c -@@ -15,6 +15,7 @@ - #include <linux/workqueue.h> - #include <linux/debugfs.h> - #include <linux/seq_file.h> -+#include <linux/efi.h> - - #include "power.h" - -@@ -301,7 +302,11 @@ static ssize_t state_show(struct kobject *kobj, struct kobj_attribute *attr, - } - #endif - #ifdef CONFIG_HIBERNATION -- s += sprintf(s, "%s\n", "disk"); -+ if (!efi_enabled(EFI_SECURE_BOOT)) { -+ s += sprintf(s, "%s\n", "disk"); -+ } else { -+ s += sprintf(s, "\n"); -+ } - #else - if (s != buf) - /* convert the last space to a newline */ -diff --git a/kernel/power/user.c b/kernel/power/user.c -index 15cb72f..fa85ed5 100644 ---- a/kernel/power/user.c -+++ b/kernel/power/user.c -@@ -25,6 +25,7 @@ - #include <linux/cpu.h> - #include <linux/freezer.h> - #include <linux/module.h> -+#include <linux/efi.h> - - #include <asm/uaccess.h> - --- -1.8.3.1 - |