Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

On Thu, 6 Apr 2017, David Howells wrote: > James Morris wrote: > > > > +static __read_mostly bool kernel_locked_down; > > > > How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not > > configured? > > I guess lock_kernel_down() would need to be __init also in

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

On Thu, 6 Apr 2017, David Howells wrote: > James Morris wrote: > > > > +static __read_mostly bool kernel_locked_down; > > > > How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not > > configured? > > I guess lock_kernel_down() would need to be __init also in that case.

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

James Morris wrote: > > +static __read_mostly bool kernel_locked_down; > > How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not > configured? I guess lock_kernel_down() would need to be __init also in that case. Also, the implementation of

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

James Morris wrote: > > +static __read_mostly bool kernel_locked_down; > > How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not > configured? I guess lock_kernel_down() would need to be __init also in that case. Also, the implementation of lift_kernel_lockdown() should be

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

On Wed, 5 Apr 2017, David Howells wrote: > +#include > +#include > + > +static __read_mostly bool kernel_locked_down; How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not configured? -- James Morris

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

On Wed, 5 Apr 2017, David Howells wrote: > +#include > +#include > + > +static __read_mostly bool kernel_locked_down; How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not configured? -- James Morris