52 lines
1.7 KiB
Diff
52 lines
1.7 KiB
Diff
From: David Howells <dhowells@redhat.com>
|
|
Date: Wed, 8 Nov 2017 15:11:36 +0000
|
|
Subject: [24/29] debugfs: Disallow use of debugfs files when the kernel is
|
|
locked down
|
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=118cc5e1c27e1a75640cf2379c1299e12791063e
|
|
|
|
Disallow opening of debugfs files when the kernel is locked down as various
|
|
drivers give raw access to hardware through debugfs.
|
|
|
|
Accesses to tracefs should use /sys/kernel/tracing/ rather than
|
|
/sys/kernel/debug/tracing/. Possibly a symlink should be emplaced.
|
|
|
|
Normal device interaction should be done through configfs or a miscdev, not
|
|
debugfs.
|
|
|
|
Note that this makes it unnecessary to specifically lock down show_dsts(),
|
|
show_devs() and show_call() in the asus-wmi driver.
|
|
|
|
Signed-off-by: David Howells <dhowells@redhat.com>
|
|
cc: Andy Shevchenko <andy.shevchenko@gmail.com>
|
|
cc: acpi4asus-user@lists.sourceforge.net
|
|
cc: platform-driver-x86@vger.kernel.org
|
|
cc: Matthew Garrett <matthew.garrett@nebula.com>
|
|
cc: Thomas Gleixner <tglx@linutronix.de>
|
|
[bwh: Forward-ported to 4.15]
|
|
---
|
|
fs/debugfs/file.c | 6 ++++++
|
|
1 file changed, 6 insertions(+)
|
|
|
|
--- a/fs/debugfs/file.c
|
|
+++ b/fs/debugfs/file.c
|
|
@@ -142,6 +142,9 @@ static int open_proxy_open(struct inode
|
|
const struct file_operations *real_fops = NULL;
|
|
int r;
|
|
|
|
+ if (kernel_is_locked_down("debugfs"))
|
|
+ return -EPERM;
|
|
+
|
|
r = debugfs_file_get(dentry);
|
|
if (r)
|
|
return r == -EIO ? -ENOENT : r;
|
|
@@ -267,6 +270,9 @@ static int full_proxy_open(struct inode
|
|
struct file_operations *proxy_fops = NULL;
|
|
int r;
|
|
|
|
+ if (kernel_is_locked_down("debugfs"))
|
|
+ return -EPERM;
|
|
+
|
|
r = debugfs_file_get(dentry);
|
|
if (r)
|
|
return r == -EIO ? -ENOENT : r;
|