https://github.com/torvalds/linux
Revision 094d42bdc412fb92a5476e27cd09c6aa0f692935 authored by Mike Christie on 28 November 2017, 18:40:29 UTC, committed by Bryant G. Ly on 28 February 2018, 18:48:44 UTC
Separate unmap_thread_fn to make it easier to read. Note: this patch does not fix the bug where we might miss a wake up call. The next patch will fix that. This patch only separates the code into functions. Signed-off-by: Mike Christie <mchristi@redhat.com> Signed-off-by: Nicholas Bellinger <nab@linux-iscsi.org>
1 parent 2e11070
Tip revision: 094d42bdc412fb92a5476e27cd09c6aa0f692935 authored by Mike Christie on 28 November 2017, 18:40:29 UTC
tcmu: split unmap_thread_fn
tcmu: split unmap_thread_fn
Tip revision: 094d42b
lock_down.c
/* Lock down the kernel
*
* Copyright (C) 2016 Red Hat, Inc. All Rights Reserved.
* Written by David Howells (dhowells@redhat.com)
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public Licence
* as published by the Free Software Foundation; either version
* 2 of the Licence, or (at your option) any later version.
*/
#include <linux/security.h>
#include <linux/export.h>
#include <linux/sysrq.h>
#include <linux/efi.h>
#include <asm/setup.h>
#ifdef CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ
static __read_mostly bool kernel_locked_down;
#else
static __ro_after_init bool kernel_locked_down;
#endif
/*
* Put the kernel into lock-down mode.
*/
static void __init lock_kernel_down(const char *where)
{
if (!kernel_locked_down) {
kernel_locked_down = true;
pr_notice("Kernel is locked down from %s; see man kernel_lockdown.7\n",
where);
}
}
static int __init lockdown_param(char *ignored)
{
lock_kernel_down("command line");
return 0;
}
early_param("lockdown", lockdown_param);
/*
* Lock the kernel down from very early in the arch setup. This must happen
* prior to things like ACPI being initialised.
*/
void __init init_lockdown(void)
{
#ifdef CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT
if (efi_enabled(EFI_SECURE_BOOT))
lock_kernel_down("EFI secure boot");
#endif
}
/**
* kernel_is_locked_down - Find out if the kernel is locked down
* @what: Tag to use in notice generated if lockdown is in effect
*/
bool __kernel_is_locked_down(const char *what, bool first)
{
if (what && first && kernel_locked_down)
pr_notice("Lockdown: %s is restricted; see man kernel_lockdown.7\n",
what);
return kernel_locked_down;
}
EXPORT_SYMBOL(__kernel_is_locked_down);
#ifdef CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ
/*
* Take the kernel out of lockdown mode.
*/
static void lift_kernel_lockdown(void)
{
pr_notice("Lifting lockdown\n");
kernel_locked_down = false;
}
/*
* Allow lockdown to be lifted by pressing something like SysRq+x (and not by
* echoing the appropriate letter into the sysrq-trigger file).
*/
static void sysrq_handle_lockdown_lift(int key)
{
if (kernel_locked_down)
lift_kernel_lockdown();
}
static struct sysrq_key_op lockdown_lift_sysrq_op = {
.handler = sysrq_handle_lockdown_lift,
.help_msg = "unSB(x)",
.action_msg = "Disabling Secure Boot restrictions",
.enable_mask = SYSRQ_DISABLE_USERSPACE,
};
static int __init lockdown_lift_sysrq(void)
{
if (kernel_locked_down) {
lockdown_lift_sysrq_op.help_msg[5] = LOCKDOWN_LIFT_KEY;
register_sysrq_key(LOCKDOWN_LIFT_KEY, &lockdown_lift_sysrq_op);
}
return 0;
}
late_initcall(lockdown_lift_sysrq);
#endif /* CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ */
Computing file changes ...
