dgit.raspbian.org Git - linux.git/commit

author	David Howells <dhowells@redhat.com>
	Wed, 8 Nov 2017 15:11:35 +0000 (15:11 +0000)
committer	Ben Hutchings <ben@decadent.org.uk>
	Thu, 19 Apr 2018 10:13:03 +0000 (11:13 +0100)
commit	42715cf2acf1913881baa60d4732b86223edd325
tree	51947a4b53fcbaf34e4567a79fa913f83a488e0c	tree \| snapshot
parent	1becc82d7992afc48109582c97ae2d09b66d8ef6	commit \| diff

scsi: Lock down the eata driver

When the kernel is running in secure boot mode, we lock down the kernel to
prevent userspace from modifying the running kernel image. Whilst this
includes prohibiting access to things like /dev/mem, it must also prevent
access by means of configuring driver modules in such a way as to cause a
device to access or modify the kernel image.

The eata driver takes a single string parameter that contains a slew of
settings, including hardware resource configuration. Prohibit use of the
parameter if the kernel is locked down.

Suggested-by: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Dario Ballabio <ballabio_dario@emc.com>
cc: "James E.J. Bottomley" <jejb@linux.vnet.ibm.com>
cc: "Martin K. Petersen" <martin.petersen@oracle.com>
cc: linux-scsi@vger.kernel.org

Gbp-Pq: Topic features/all/lockdown
Gbp-Pq: Name 0019-scsi-Lock-down-the-eata-driver.patch