subject:"\[PATCH 02\/24\] Add the ability to lock down access to the running kernel image"

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

2017-04-06 Thread James Morris

On Thu, 6 Apr 2017, David Howells wrote: > James Morris wrote: > > > > +static __read_mostly bool kernel_locked_down; > > > > How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not > > configured? > > I guess lock_kernel_down() would need to be __init also in

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

2017-04-06 Thread James Morris

On Thu, 6 Apr 2017, David Howells wrote: > James Morris wrote: > > > > +static __read_mostly bool kernel_locked_down; > > > > How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not > > configured? > > I guess lock_kernel_down() would need to be __init also in that case.

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

2017-04-06 Thread David Howells

James Morris wrote: > > +static __read_mostly bool kernel_locked_down; > > How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not > configured? I guess lock_kernel_down() would need to be __init also in that case. Also, the implementation of

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

2017-04-06 Thread David Howells

James Morris wrote: > > +static __read_mostly bool kernel_locked_down; > > How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not > configured? I guess lock_kernel_down() would need to be __init also in that case. Also, the implementation of lift_kernel_lockdown() should be

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

2017-04-06 Thread James Morris

On Wed, 5 Apr 2017, David Howells wrote: > +#include > +#include > + > +static __read_mostly bool kernel_locked_down; How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not configured? -- James Morris

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

2017-04-06 Thread James Morris

On Wed, 5 Apr 2017, David Howells wrote: > +#include > +#include > + > +static __read_mostly bool kernel_locked_down; How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not configured? -- James Morris

[PATCH 02/24] Add the ability to lock down access to the running kernel image

2017-04-05 Thread David Howells

Provide a single call to allow kernel code to determine whether the system should be locked down, thereby disallowing various accesses that might allow the running kernel image to be changed including the loading of modules that aren't validly signed with a key we recognise, fiddling with MSR

[PATCH 02/24] Add the ability to lock down access to the running kernel image

2017-04-05 Thread David Howells

Provide a single call to allow kernel code to determine whether the system should be locked down, thereby disallowing various accesses that might allow the running kernel image to be changed including the loading of modules that aren't validly signed with a key we recognise, fiddling with MSR

[PATCH 02/24] Add the ability to lock down access to the running kernel image

2017-04-05 Thread David Howells

Provide a single call to allow kernel code to determine whether the system should be locked down, thereby disallowing various accesses that might allow the running kernel image to be changed including the loading of modules that aren't validly signed with a key we recognise, fiddling with MSR

[PATCH 02/24] Add the ability to lock down access to the running kernel image

2017-04-05 Thread David Howells

Provide a single call to allow kernel code to determine whether the system should be locked down, thereby disallowing various accesses that might allow the running kernel image to be changed including the loading of modules that aren't validly signed with a key we recognise, fiddling with MSR

[PATCH 02/24] Add the ability to lock down access to the running kernel image

2017-04-05 Thread David Howells

Provide a single call to allow kernel code to determine whether the system should be locked down, thereby disallowing various accesses that might allow the running kernel image to be changed including the loading of modules that aren't validly signed with a key we recognise, fiddling with MSR

[PATCH 02/24] Add the ability to lock down access to the running kernel image

2017-04-05 Thread David Howells

Provide a single call to allow kernel code to determine whether the system should be locked down, thereby disallowing various accesses that might allow the running kernel image to be changed including the loading of modules that aren't validly signed with a key we recognise, fiddling with MSR

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

[PATCH 02/24] Add the ability to lock down access to the running kernel image

[PATCH 02/24] Add the ability to lock down access to the running kernel image

[PATCH 02/24] Add the ability to lock down access to the running kernel image

[PATCH 02/24] Add the ability to lock down access to the running kernel image

[PATCH 02/24] Add the ability to lock down access to the running kernel image

[PATCH 02/24] Add the ability to lock down access to the running kernel image

12 matches

Site Navigation

Mail list logo

Footer information