rpms / kernel

Clone
Source Code
GIT

Blame sb-hibernate.patch

26 Label_NFS f10 f11 f12 f12-user-myoung-xendom0 f13 f13-2.6.33-master f13-user-steved-pnfs-13 f14 f14-user-kyle-bz664206 f14-user-kyle-f14-2.6.37 f14-user-lkundrak-vaio-brightness-645937 f14-user-steved-pnfs-f14 f15 f15-2.6.39 f15-30-going-on-40 f15-user-steved-pnfs-f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f25-pf f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 main oneoffs private-jcm-arm-nosmp-kallsyms private-jcm-arm-nosmp-kallsyms-f17 private-nhorman-sgx-v15 rawhide rhbz_1205083 stabilization talos user/steved/f19-lnfs-v3.8 user/steved/f19-lnfs-v3.8-rc7
  1.   68d0d670b3b52d747647375a1b3e1a7fdf5c93e7
  2.   sb-hibernate.patch
Blob History Raw
68d0d67 
Bugzilla: N/A
68d0d67 
Upstream-status: Fedora mustard
68d0d67
d7ee6f3 
From ffe1ee94d526900ce1e5191cdd38934477dd209a Mon Sep 17 00:00:00 2001
c9d9c5a 
From: Josh Boyer <jwboyer@fedoraproject.org>
c9d9c5a 
Date: Fri, 26 Oct 2012 14:02:09 -0400
c9d9c5a 
Subject: [PATCH] hibernate: Disable in a signed modules environment
c9d9c5a
c9d9c5a 
There is currently no way to verify the resume image when returning
c9d9c5a 
from hibernate.  This might compromise the signed modules trust model,
c9d9c5a 
so until we can work with signed hibernate images we disable it in
c9d9c5a 
a secure modules environment.
c9d9c5a
c9d9c5a 
Signed-off-by: Josh Boyer <jwboyer@fedoraproject.com>
c9d9c5a 
---
c9d9c5a 
 kernel/power/hibernate.c | 16 +++++++++++++++-
c9d9c5a 
 kernel/power/main.c      |  7 ++++++-
d7ee6f3 
 kernel/power/user.c      |  1 +
d7ee6f3 
 3 files changed, 22 insertions(+), 2 deletions(-)
c9d9c5a
c9d9c5a 
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
c9d9c5a 
index b26f5f1..e65228b 100644
c9d9c5a 
--- a/kernel/power/hibernate.c
c9d9c5a 
+++ b/kernel/power/hibernate.c
c9d9c5a 
@@ -28,6 +28,8 @@
c9d9c5a 
 #include <linux/syscore_ops.h>
c9d9c5a 
 #include <linux/ctype.h>
c9d9c5a 
 #include <linux/genhd.h>
c9d9c5a 
+#include <linux/efi.h>
c9d9c5a 
+#include <linux/module.h>
c9d9c5a
c9d9c5a 
 #include "power.h"
c9d9c5a
c9d9c5a 
@@ -632,6 +634,10 @@ int hibernate(void)
c9d9c5a 
 {
c9d9c5a 
 	int error;
c9d9c5a
c9d9c5a 
+	if (secure_modules()) {
c9d9c5a 
+		return -EPERM;
c9d9c5a 
+	}
c9d9c5a 
+
c9d9c5a 
 	lock_system_sleep();
c9d9c5a 
 	/* The snapshot device should not be opened while we're running */
c9d9c5a 
 	if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
c9d9c5a 
@@ -723,7 +729,7 @@ static int software_resume(void)
c9d9c5a 
 	/*
c9d9c5a 
 	 * If the user said "noresume".. bail out early.
c9d9c5a 
 	 */
c9d9c5a 
-	if (noresume)
c9d9c5a 
+	if (noresume || secure_modules())
c9d9c5a 
 		return 0;
c9d9c5a
c9d9c5a 
 	/*
c9d9c5a 
@@ -889,6 +895,11 @@ static ssize_t disk_show(struct kobject *kobj, struct kobj_attribute *attr,
c9d9c5a 
 	int i;
c9d9c5a 
 	char *start = buf;
c9d9c5a
c9d9c5a 
+	if (efi_enabled(EFI_SECURE_BOOT)) {
c9d9c5a 
+		buf += sprintf(buf, "[%s]\n", "disabled");
c9d9c5a 
+		return buf-start;
c9d9c5a 
+	}
c9d9c5a 
+
c9d9c5a 
 	for (i = HIBERNATION_FIRST; i <= HIBERNATION_MAX; i++) {
c9d9c5a 
 		if (!hibernation_modes[i])
c9d9c5a 
 			continue;
c9d9c5a 
@@ -923,6 +934,9 @@ static ssize_t disk_store(struct kobject *kobj, struct kobj_attribute *attr,
c9d9c5a 
 	char *p;
c9d9c5a 
 	int mode = HIBERNATION_INVALID;
c9d9c5a
c9d9c5a 
+	if (secure_modules())
c9d9c5a 
+		return -EPERM;
c9d9c5a 
+
c9d9c5a 
 	p = memchr(buf, '\n', n);
c9d9c5a 
 	len = p ? p - buf : n;
c9d9c5a
c9d9c5a 
diff --git a/kernel/power/main.c b/kernel/power/main.c
c9d9c5a 
index 1d1bf63..300f300 100644
c9d9c5a 
--- a/kernel/power/main.c
c9d9c5a 
+++ b/kernel/power/main.c
c9d9c5a 
@@ -15,6 +15,7 @@
c9d9c5a 
 #include <linux/workqueue.h>
c9d9c5a 
 #include <linux/debugfs.h>
c9d9c5a 
 #include <linux/seq_file.h>
c9d9c5a 
+#include <linux/efi.h>
c9d9c5a
c9d9c5a 
 #include "power.h"
c9d9c5a
c9d9c5a 
@@ -301,7 +302,11 @@ static ssize_t state_show(struct kobject *kobj, struct kobj_attribute *attr,
c9d9c5a 
 	}
c9d9c5a 
 #endif
c9d9c5a 
 #ifdef CONFIG_HIBERNATION
c9d9c5a 
-	s += sprintf(s, "%s\n", "disk");
c9d9c5a 
+	if (!efi_enabled(EFI_SECURE_BOOT)) {
c9d9c5a 
+		s += sprintf(s, "%s\n", "disk");
c9d9c5a 
+	} else {
c9d9c5a 
+		s += sprintf(s, "\n");
c9d9c5a 
+	}
c9d9c5a 
 #else
c9d9c5a 
 	if (s != buf)
c9d9c5a 
 		/* convert the last space to a newline */
c9d9c5a 
diff --git a/kernel/power/user.c b/kernel/power/user.c
d7ee6f3 
index 15cb72f..fa85ed5 100644
c9d9c5a 
--- a/kernel/power/user.c
c9d9c5a 
+++ b/kernel/power/user.c
d7ee6f3 
@@ -25,6 +25,7 @@
c9d9c5a 
 #include <linux/cpu.h>
c9d9c5a 
 #include <linux/freezer.h>
d7ee6f3 
 #include <linux/module.h>
c9d9c5a 
+#include <linux/efi.h>
c9d9c5a
c9d9c5a 
 #include <asm/uaccess.h>
c9d9c5a
c9d9c5a 
--
c9d9c5a 
1.8.3.1
c9d9c5a
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.