On Thu, 6 Apr 2017, David Howells wrote:
> James Morris wrote:
>
> > > +static __read_mostly bool kernel_locked_down;
> >
> > How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not
> > configured?
>
> I guess lock_kernel_down() would need to be __init also in
On Thu, 6 Apr 2017, David Howells wrote:
> James Morris wrote:
>
> > > +static __read_mostly bool kernel_locked_down;
> >
> > How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not
> > configured?
>
> I guess lock_kernel_down() would need to be __init also in that case.
James Morris wrote:
> > +static __read_mostly bool kernel_locked_down;
>
> How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not
> configured?
I guess lock_kernel_down() would need to be __init also in that case.
Also, the implementation of
James Morris wrote:
> > +static __read_mostly bool kernel_locked_down;
>
> How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not
> configured?
I guess lock_kernel_down() would need to be __init also in that case.
Also, the implementation of lift_kernel_lockdown() should be
On Wed, 5 Apr 2017, David Howells wrote:
> +#include
> +#include
> +
> +static __read_mostly bool kernel_locked_down;
How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not
configured?
--
James Morris
On Wed, 5 Apr 2017, David Howells wrote:
> +#include
> +#include
> +
> +static __read_mostly bool kernel_locked_down;
How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not
configured?
--
James Morris
Provide a single call to allow kernel code to determine whether the system
should be locked down, thereby disallowing various accesses that might
allow the running kernel image to be changed including the loading of
modules that aren't validly signed with a key we recognise, fiddling with
MSR
Provide a single call to allow kernel code to determine whether the system
should be locked down, thereby disallowing various accesses that might
allow the running kernel image to be changed including the loading of
modules that aren't validly signed with a key we recognise, fiddling with
MSR
Provide a single call to allow kernel code to determine whether the system
should be locked down, thereby disallowing various accesses that might
allow the running kernel image to be changed including the loading of
modules that aren't validly signed with a key we recognise, fiddling with
MSR
Provide a single call to allow kernel code to determine whether the system
should be locked down, thereby disallowing various accesses that might
allow the running kernel image to be changed including the loading of
modules that aren't validly signed with a key we recognise, fiddling with
MSR
Provide a single call to allow kernel code to determine whether the system
should be locked down, thereby disallowing various accesses that might
allow the running kernel image to be changed including the loading of
modules that aren't validly signed with a key we recognise, fiddling with
MSR
Provide a single call to allow kernel code to determine whether the system
should be locked down, thereby disallowing various accesses that might
allow the running kernel image to be changed including the loading of
modules that aren't validly signed with a key we recognise, fiddling with
MSR
12 matches
Mail list logo