dgit.raspbian.org Git - linux.git/commit

author	Kyle McMartin <kyle@redhat.com>
	Mon, 18 Feb 2019 12:44:57 +0000 (12:44 +0000)
committer	Salvatore Bonaccorso <carnil@debian.org>
	Sun, 5 Jan 2020 14:40:37 +0000 (14:40 +0000)
commit	0fd18c76546436518bb8674e5e4206956c3e8cea
tree	fe84023de26df714fc7454874582847d5fce4273	tree \| snapshot
parent	afd35a8cd1f5cc808604cb38559d399b3d3a6180	commit \| diff

Add a SysRq option to lift kernel lockdown

Make an option to provide a sysrq key that will lift the kernel lockdown,
thereby allowing the running kernel image to be accessed and modified.

On x86 this is triggered with SysRq+x, but this key may not be available on
all arches, so it is set by setting LOCKDOWN_LIFT_KEY in asm/setup.h.
Since this macro must be defined in an arch to be able to use this facility
for that arch, the Kconfig option is restricted to arches that support it.

Signed-off-by: Kyle McMartin <kyle@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: x86@kernel.org
[bwh: Forward-ported to upstream lockdown:
- Change config dependency to SECURITY_LOCKDOWN_LSM
- Compare kernel_locked_down with LOCKDOWN_NONE instead of treating it
as a bool
- Adjust filenames, context]

Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name add-a-sysrq-option-to-lift-kernel-lockdown.patch

arch/x86/include/asm/setup.h		diff \| blob \| history
drivers/input/misc/uinput.c		diff \| blob \| history
drivers/tty/sysrq.c		diff \| blob \| history
include/linux/input.h		diff \| blob \| history
include/linux/sysrq.h		diff \| blob \| history
kernel/debug/kdb/kdb_main.c		diff \| blob \| history
security/lockdown/Kconfig		diff \| blob \| history
security/lockdown/lockdown.c		diff \| blob \| history