rpms / kernel

Clone
Source Code
GIT

Blame sb-hibernate.patch

26 Label_NFS f10 f11 f12 f12-user-myoung-xendom0 f13 f13-2.6.33-master f13-user-steved-pnfs-13 f14 f14-user-kyle-bz664206 f14-user-kyle-f14-2.6.37 f14-user-lkundrak-vaio-brightness-645937 f14-user-steved-pnfs-f14 f15 f15-2.6.39 f15-30-going-on-40 f15-user-steved-pnfs-f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f25-pf f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 main oneoffs private-jcm-arm-nosmp-kallsyms private-jcm-arm-nosmp-kallsyms-f17 private-nhorman-sgx-v15 rawhide rhbz_1205083 stabilization talos user/steved/f19-lnfs-v3.8 user/steved/f19-lnfs-v3.8-rc7
  1.   1c39e37061f04669a015414f247658ef94ea3294
  2.   sb-hibernate.patch
Blob History Raw
68d0d67 
Bugzilla: N/A
68d0d67 
Upstream-status: Fedora mustard
68d0d67
79d682f 
From 9cdffb6980a2c573844b4b87f907da24d68fb916 Mon Sep 17 00:00:00 2001
c9d9c5a 
From: Josh Boyer <jwboyer@fedoraproject.org>
c9d9c5a 
Date: Fri, 26 Oct 2012 14:02:09 -0400
c9d9c5a 
Subject: [PATCH] hibernate: Disable in a signed modules environment
c9d9c5a
c9d9c5a 
There is currently no way to verify the resume image when returning
c9d9c5a 
from hibernate.  This might compromise the signed modules trust model,
c9d9c5a 
so until we can work with signed hibernate images we disable it in
c9d9c5a 
a secure modules environment.
c9d9c5a
c9d9c5a 
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.com>
c9d9c5a 
---
c9d9c5a 
 kernel/power/hibernate.c | 16 +++++++++++++++-
c9d9c5a 
 kernel/power/main.c      |  7 ++++++-
d7ee6f3 
 kernel/power/user.c      |  1 +
d7ee6f3 
 3 files changed, 22 insertions(+), 2 deletions(-)
c9d9c5a
c9d9c5a 
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
79d682f 
index 49e0a20fd010..777eff68e8ef 100644
c9d9c5a 
--- a/kernel/power/hibernate.c
c9d9c5a 
+++ b/kernel/power/hibernate.c
79d682f 
@@ -29,6 +29,8 @@
c9d9c5a 
 #include <linux/ctype.h>
c9d9c5a 
 #include <linux/genhd.h>
79d682f 
 #include <trace/events/power.h>
c9d9c5a 
+#include <linux/module.h>
79d682f 
+#include <linux/efi.h>
c9d9c5a
c9d9c5a 
 #include "power.h"
c9d9c5a
79d682f 
@@ -642,6 +644,10 @@ int hibernate(void)
c9d9c5a 
 {
c9d9c5a 
 	int error;
c9d9c5a
c9d9c5a 
+	if (secure_modules()) {
c9d9c5a 
+		return -EPERM;
c9d9c5a 
+	}
c9d9c5a 
+
c9d9c5a 
 	lock_system_sleep();
c9d9c5a 
 	/* The snapshot device should not be opened while we're running */
c9d9c5a 
 	if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
79d682f 
@@ -734,7 +740,7 @@ static int software_resume(void)
c9d9c5a 
 	/*
c9d9c5a 
 	 * If the user said "noresume".. bail out early.
c9d9c5a 
 	 */
c9d9c5a 
-	if (noresume)
c9d9c5a 
+	if (noresume || secure_modules())
c9d9c5a 
 		return 0;
c9d9c5a
c9d9c5a 
 	/*
79d682f 
@@ -900,6 +906,11 @@ static ssize_t disk_show(struct kobject *kobj, struct kobj_attribute *attr,
c9d9c5a 
 	int i;
c9d9c5a 
 	char *start = buf;
c9d9c5a
c9d9c5a 
+	if (efi_enabled(EFI_SECURE_BOOT)) {
c9d9c5a 
+		buf += sprintf(buf, "[%s]\n", "disabled");
c9d9c5a 
+		return buf-start;
c9d9c5a 
+	}
c9d9c5a 
+
c9d9c5a 
 	for (i = HIBERNATION_FIRST; i <= HIBERNATION_MAX; i++) {
c9d9c5a 
 		if (!hibernation_modes[i])
c9d9c5a 
 			continue;
79d682f 
@@ -934,6 +945,9 @@ static ssize_t disk_store(struct kobject *kobj, struct kobj_attribute *attr,
c9d9c5a 
 	char *p;
c9d9c5a 
 	int mode = HIBERNATION_INVALID;
c9d9c5a
c9d9c5a 
+	if (secure_modules())
c9d9c5a 
+		return -EPERM;
c9d9c5a 
+
c9d9c5a 
 	p = memchr(buf, '\n', n);
c9d9c5a 
 	len = p ? p - buf : n;
c9d9c5a
c9d9c5a 
diff --git a/kernel/power/main.c b/kernel/power/main.c
a7fb628 
index 573410d6647e..f5201093adc4 100644
c9d9c5a 
--- a/kernel/power/main.c
c9d9c5a 
+++ b/kernel/power/main.c
c9d9c5a 
@@ -15,6 +15,7 @@
c9d9c5a 
 #include <linux/workqueue.h>
c9d9c5a 
 #include <linux/debugfs.h>
c9d9c5a 
 #include <linux/seq_file.h>
c9d9c5a 
+#include <linux/efi.h>
c9d9c5a
c9d9c5a 
 #include "power.h"
c9d9c5a
c9d9c5a 
@@ -301,7 +302,11 @@ static ssize_t state_show(struct kobject *kobj, struct kobj_attribute *attr,
a7fb628
c9d9c5a 
 #endif
c9d9c5a 
 #ifdef CONFIG_HIBERNATION
c9d9c5a 
-	s += sprintf(s, "%s\n", "disk");
c9d9c5a 
+	if (!efi_enabled(EFI_SECURE_BOOT)) {
c9d9c5a 
+		s += sprintf(s, "%s\n", "disk");
c9d9c5a 
+	} else {
c9d9c5a 
+		s += sprintf(s, "\n");
c9d9c5a 
+	}
c9d9c5a 
 #else
c9d9c5a 
 	if (s != buf)
c9d9c5a 
 		/* convert the last space to a newline */
c9d9c5a 
diff --git a/kernel/power/user.c b/kernel/power/user.c
a7fb628 
index efe99dee9510..5f5d1026f1e2 100644
c9d9c5a 
--- a/kernel/power/user.c
c9d9c5a 
+++ b/kernel/power/user.c
d7ee6f3 
@@ -25,6 +25,7 @@
c9d9c5a 
 #include <linux/cpu.h>
c9d9c5a 
 #include <linux/freezer.h>
d7ee6f3 
 #include <linux/module.h>
c9d9c5a 
+#include <linux/efi.h>
c9d9c5a
c9d9c5a 
 #include <asm/uaccess.h>
c9d9c5a
c9d9c5a 
--
a7fb628 
1.9.3
c9d9c5a
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.