Commit 3a75e746 authored by David Howells's avatar David Howells Committed by Khalid Elmously

UBUNTU: SAUCE: (efi-lockdown) debugfs: Disallow use of debugfs files when the kernel is locked down

BugLink: https://bugs.launchpad.net/bugs/1884159

Disallow opening of debugfs files when the kernel is locked down as various
drivers give raw access to hardware through debugfs.

Accesses to tracefs should use /sys/kernel/tracing/ rather than
/sys/kernel/debug/tracing/.  Possibly a symlink should be emplaced.

Normal device interaction should be done through configfs or a miscdev, not
debugfs.

Note that this makes it unnecessary to specifically lock down show_dsts(),
show_devs() and show_call() in the asus-wmi driver.
Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
cc: Andy Shevchenko <andy.shevchenko@gmail.com>
cc: acpi4asus-user@lists.sourceforge.net
cc: platform-driver-x86@vger.kernel.org
cc: Matthew Garrett <matthew.garrett@nebula.com>
cc: Thomas Gleixner <tglx@linutronix.de>
(backported from commit 125da2e1c5d0a6aca5faafba336c8e8506a4e000
 git://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git)
Signed-off-by: default avatarSeth Forshee <seth.forshee@canonical.com>
Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
Acked-by: default avatarAndrea Righi <andrea.righi@canonical.com>
Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
parent 7045c869
......@@ -106,6 +106,9 @@ static int open_proxy_open(struct inode *inode, struct file *filp)
const struct file_operations *real_fops = NULL;
int srcu_idx, r;
if (secure_modules())
return -EPERM;
r = debugfs_use_file_start(dentry, &srcu_idx);
if (r) {
r = -ENOENT;
......@@ -235,6 +238,9 @@ static int full_proxy_open(struct inode *inode, struct file *filp)
struct file_operations *proxy_fops = NULL;
int srcu_idx, r;
if (secure_modules())
return -EPERM;
r = debugfs_use_file_start(dentry, &srcu_idx);
if (r) {
r = -ENOENT;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment