From 46166d542f49af37a1067c693543f6b104913b55 Mon Sep 17 00:00:00 2001
From: Jeremy Cline <jcline@redhat.com>
Date: Oct 02 2019 20:37:22 +0000
Subject: Fix up the lockdown sysrq patch


Signed-off-by: Jeremy Cline <jcline@redhat.com>

---

diff --git a/efi-lockdown.patch b/efi-lockdown.patch
index 25c143f..297cb70 100644
--- a/efi-lockdown.patch
+++ b/efi-lockdown.patch
@@ -1871,16 +1871,20 @@ index fa0ce7dd9e24..06c60fed7656 100644
  
          op_p = __sysrq_get_key_op(key);
          if (op_p) {
+-		/*
+-		 * Should we check for enabled operations (/proc/sysrq-trigger
+-		 * should not) and is the invoked operation enabled?
+-		 */
+-		if (!check_mask || sysrq_on_mask(op_p->enable_mask)) {
 +		/* Ban synthetic events from some sysrq functionality */
 +		if ((from == SYSRQ_FROM_PROC || from == SYSRQ_FROM_SYNTHETIC) &&
-+		    op_p->enable_mask & SYSRQ_DISABLE_USERSPACE)
++		    op_p->enable_mask & SYSRQ_DISABLE_USERSPACE) {
 +			printk("This sysrq operation is disabled from userspace.\n");
- 		/*
- 		 * Should we check for enabled operations (/proc/sysrq-trigger
- 		 * should not) and is the invoked operation enabled?
- 		 */
--		if (!check_mask || sysrq_on_mask(op_p->enable_mask)) {
-+		if (from == SYSRQ_FROM_KERNEL || sysrq_on_mask(op_p->enable_mask)) {
++		} else if (from == SYSRQ_FROM_KERNEL || sysrq_on_mask(op_p->enable_mask)) {
++			/*
++			 * Should we check for enabled operations (/proc/sysrq-trigger
++			 * should not) and is the invoked operation enabled?
++			 */
  			pr_info("%s\n", op_p->action_msg);
  			console_loglevel = orig_log_level;
  			op_p->handler(key);