43 lines
1.7 KiB
Diff
43 lines
1.7 KiB
Diff
From: David Howells <dhowells@redhat.com>
|
|
Date: Wed, 8 Nov 2017 15:11:35 +0000
|
|
Subject: [19/29] scsi: Lock down the eata driver
|
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=54aab7f5b0e4e6f68cec46d92c37e6c482b5e56e
|
|
|
|
When the kernel is running in secure boot mode, we lock down the kernel to
|
|
prevent userspace from modifying the running kernel image. Whilst this
|
|
includes prohibiting access to things like /dev/mem, it must also prevent
|
|
access by means of configuring driver modules in such a way as to cause a
|
|
device to access or modify the kernel image.
|
|
|
|
The eata driver takes a single string parameter that contains a slew of
|
|
settings, including hardware resource configuration. Prohibit use of the
|
|
parameter if the kernel is locked down.
|
|
|
|
Suggested-by: Alan Cox <gnomes@lxorguk.ukuu.org.uk>
|
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
cc: Dario Ballabio <ballabio_dario@emc.com>
|
|
cc: "James E.J. Bottomley" <jejb@linux.vnet.ibm.com>
|
|
cc: "Martin K. Petersen" <martin.petersen@oracle.com>
|
|
cc: linux-scsi@vger.kernel.org
|
|
---
|
|
drivers/scsi/eata.c | 5 ++++-
|
|
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/drivers/scsi/eata.c b/drivers/scsi/eata.c
|
|
index 6501c330d8c8..72fceaa8f3da 100644
|
|
--- a/drivers/scsi/eata.c
|
|
+++ b/drivers/scsi/eata.c
|
|
@@ -1552,8 +1552,11 @@ static int eata2x_detect(struct scsi_host_template *tpnt)
|
|
|
|
tpnt->proc_name = "eata2x";
|
|
|
|
- if (strlen(boot_options))
|
|
+ if (strlen(boot_options)) {
|
|
+ if (kernel_is_locked_down("Command line-specified device addresses, irqs and dma channels"))
|
|
+ return -EPERM;
|
|
option_setup(boot_options);
|
|
+ }
|
|
|
|
#if defined(MODULE)
|
|
/* io_port could have been modified when loading as a module */
|