UBUNTU: SAUCE: (efi-lockdown) uswsusp: Disable when the kernel is locked down

uswsusp allows a user process to dump and then restore kernel state, which
makes it possible to modify the running kernel.  Disable this if the kernel
is locked down.

Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: "Lee, Chun-Yi" <jlee@suse.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
cc: linux-pm@vger.kernel.org
(cherry picked from commit fc55d45a5b3c80d7a751de9650865113293518eb
 git://git.kernel.org/pub/scm/linux/kernel/git/jwboyer/fedora.git)
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>

diff --git a/kernel/power/user.c b/kernel/power/user.c
index 22df9f7ff672425f1200c421eceff5a41c220ff2..678ade9decfe8e78a300d3f5b4989c26bb87a947 100644 (file)
--- a/kernel/power/user.c
+++ b/kernel/power/user.c
@@ -52,6 +52,9 @@ static int snapshot_open(struct inode *inode, struct file *filp)
        if (!hibernation_available())
                return -EPERM;
 
+       if (kernel_is_locked_down("/dev/snapshot"))
+               return -EPERM;
+
        lock_system_sleep();
 
        if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {