Disallow opening of debugfs files when the kernel is locked down as various
drivers give raw access to hardware through debugfs.
Accesses to tracefs should use /sys/kernel/tracing/ rather than
/sys/kernel/debug/tracing/. Possibly a symlink should be emplaced.
Normal device interaction should be done through configfs or a miscdev, not
debugfs.
Note that this makes it unnecessary to specifically lock down show_dsts(),
show_devs() and show_call() in the asus-wmi driver.
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Andy Shevchenko <andy.shevchenko@gmail.com>
cc: acpi4asus-user@lists.sourceforge.net
cc: platform-driver-x86@vger.kernel.org
cc: Matthew Garrett <matthew.garrett@nebula.com>
cc: Thomas Gleixner <tglx@linutronix.de>
(cherry picked from commit
125da2e1c5d0a6aca5faafba336c8e8506a4e000
git://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git)
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
const struct file_operations *real_fops = NULL;
int r;
const struct file_operations *real_fops = NULL;
int r;
+ if (kernel_is_locked_down("debugfs"))
+ return -EPERM;
+
+
r = debugfs_file_get(dentry);
if (r)
return r == -EIO ? -ENOENT : r;
r = debugfs_file_get(dentry);
if (r)
return r == -EIO ? -ENOENT : r;
struct file_operations *proxy_fops = NULL;
int r;
struct file_operations *proxy_fops = NULL;
int r;
+ if (kernel_is_locked_down("debugfs"))
+ return -EPERM;
+
r = debugfs_file_get(dentry);
if (r)
return r == -EIO ? -ENOENT : r;
r = debugfs_file_get(dentry);
if (r)
return r == -EIO ? -ENOENT : r;