#include <linux/linkage.h>
#include <asm/page_types.h>
-#define LOCKDOWN_LIFT_KEY 'x'
-
#ifdef __i386__
#include <linux/pfn.h>
CONFIG_STATIC_USERMODEHELPER policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}>
CONFIG_LOCK_DOWN_KERNEL policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'n', 's390x': 'y'}>
CONFIG_LOCK_DOWN_KERNEL_FORCE policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 's390x': 'n'}>
-CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ policy<{'amd64': 'y', 'i386': 'y'}>
CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y'}>
CONFIG_LSM policy<{'amd64': '"yama,integrity,apparmor"', 'arm64': '"yama,integrity,apparmor"', 'armhf': '"yama,integrity,apparmor"', 'i386': '"yama,integrity,apparmor"', 'ppc64el': '"yama,integrity,apparmor"', 's390x': '"yama,integrity,apparmor"'}>
#
CONFIG_ALIM1535_WDT=m
CONFIG_ALIX=y
CONFIG_ALLOW_DEV_COREDUMP=y
-CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ=y
CONFIG_ALPINE_MSI=y
CONFIG_ALTERA_FREEZE_BRIDGE=m
CONFIG_ALTERA_MBOX=m
dev->flush = uinput_dev_flush;
}
- dev->flags |= INPUTDEV_FLAGS_SYNTHETIC;
dev->event = uinput_dev_event;
input_set_drvdata(udev->dev, udev);
/* x: May be registered on mips for TLB dump */
/* x: May be registered on ppc/powerpc for xmon */
/* x: May be registered on sparc64 for global PMU dump */
- /* x: May be registered on x86_64 for disabling secure boot */
NULL, /* x */
/* y: May be registered on sparc64 for global register dump */
NULL, /* y */
sysrq_key_table[i] = op_p;
}
-void __handle_sysrq(int key, unsigned int from)
+void __handle_sysrq(int key, bool check_mask)
{
struct sysrq_key_op *op_p;
int orig_log_level;
op_p = __sysrq_get_key_op(key);
if (op_p) {
- /* Ban synthetic events from some sysrq functionality */
- if ((from == SYSRQ_FROM_PROC || from == SYSRQ_FROM_SYNTHETIC) &&
- op_p->enable_mask & SYSRQ_DISABLE_USERSPACE) {
- printk("This sysrq operation is disabled from userspace.\n");
- } else if (from == SYSRQ_FROM_KERNEL || sysrq_on_mask(op_p->enable_mask)) {
- /*
- * Should we check for enabled operations (/proc/sysrq-trigger
- * should not) and is the invoked operation enabled?
- */
+ /*
+ * Should we check for enabled operations (/proc/sysrq-trigger
+ * should not) and is the invoked operation enabled?
+ */
+ if (!check_mask || sysrq_on_mask(op_p->enable_mask)) {
pr_info("%s\n", op_p->action_msg);
console_loglevel = orig_log_level;
op_p->handler(key);
void handle_sysrq(int key)
{
if (sysrq_on())
- __handle_sysrq(key, SYSRQ_FROM_KERNEL);
+ __handle_sysrq(key, true);
}
EXPORT_SYMBOL(handle_sysrq);
static void sysrq_handle_reset_request(struct sysrq_state *state)
{
if (state->reset_requested)
- __handle_sysrq(sysrq_xlate[KEY_B], SYSRQ_FROM_KERNEL);
+ __handle_sysrq(sysrq_xlate[KEY_B], false);
if (sysrq_reset_downtime_ms)
mod_timer(&state->keyreset_timer,
default:
if (sysrq->active && value && value != 2) {
- int from = sysrq->handle.dev->flags & INPUTDEV_FLAGS_SYNTHETIC ?
- SYSRQ_FROM_SYNTHETIC : 0;
sysrq->need_reinject = false;
- __handle_sysrq(sysrq_xlate[code], from);
+ __handle_sysrq(sysrq_xlate[code], true);
}
break;
}
if (get_user(c, buf))
return -EFAULT;
- __handle_sysrq(c, SYSRQ_FROM_PROC);
+ __handle_sysrq(c, false);
}
return count;
* @phys: physical path to the device in the system hierarchy
* @uniq: unique identification code for the device (if device has it)
* @id: id of the device (struct input_id)
- * @flags: input device flags (SYNTHETIC, etc.)
* @propbit: bitmap of device properties and quirks
* @evbit: bitmap of types of events supported by the device (EV_KEY,
* EV_REL, etc.)
const char *uniq;
struct input_id id;
- unsigned int flags;
-
unsigned long propbit[BITS_TO_LONGS(INPUT_PROP_CNT)];
unsigned long evbit[BITS_TO_LONGS(EV_CNT)];
};
#define to_input_dev(d) container_of(d, struct input_dev, dev)
-#define INPUTDEV_FLAGS_SYNTHETIC 0x000000001
-
/*
* Verify that we are in sync with input_device_id mod_devicetable.h #defines
*/
#define SYSRQ_ENABLE_BOOT 0x0080
#define SYSRQ_ENABLE_RTNICE 0x0100
-#define SYSRQ_DISABLE_USERSPACE 0x00010000
-
struct sysrq_key_op {
void (*handler)(int);
char *help_msg;
* are available -- else NULL's).
*/
-#define SYSRQ_FROM_KERNEL 0x0001
-#define SYSRQ_FROM_PROC 0x0002
-#define SYSRQ_FROM_SYNTHETIC 0x0004
-
void handle_sysrq(int key);
-void __handle_sysrq(int key, unsigned int from);
+void __handle_sysrq(int key, bool check_mask);
int register_sysrq_key(int key, struct sysrq_key_op *op);
int unregister_sysrq_key(int key, struct sysrq_key_op *op);
struct sysrq_key_op *__sysrq_get_key_op(int key);
return KDB_ARGCOUNT;
kdb_trap_printk++;
- __handle_sysrq(*argv[1], check_mask ? SYSRQ_FROM_KERNEL : 0);
+ __handle_sysrq(*argv[1], check_mask);
kdb_trap_printk--;
return 0;
help
Enable the kernel lock down functionality automatically at boot.
-config ALLOW_LOCKDOWN_LIFT_BY_SYSRQ
- bool "Allow the kernel lockdown to be lifted by SysRq"
- depends on LOCK_DOWN_KERNEL
- depends on !LOCK_DOWN_KERNEL_FORCE
- depends on MAGIC_SYSRQ
- depends on X86
- help
- Allow the lockdown on a kernel to be lifted, by pressing a SysRq key
- combination on a wired keyboard. On x86, this is SysRq+x.
-
config LOCK_DOWN_IN_EFI_SECURE_BOOT
bool "Lock down the kernel in EFI Secure Boot mode"
default n
#include <linux/security.h>
#include <linux/export.h>
#include <linux/efi.h>
-#include <linux/sysrq.h>
-#include <asm/setup.h>
#ifdef CONFIG_S390
#include <asm/ipl.h>
#endif
-#ifdef CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ
-static __read_mostly bool kernel_locked_down;
-#else
static __ro_after_init bool kernel_locked_down;
-#endif
/*
* Put the kernel into lock-down mode.
return kernel_locked_down;
}
EXPORT_SYMBOL(__kernel_is_locked_down);
-
-#ifdef CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ
-
-/*
- * Take the kernel out of lockdown mode.
- */
-static void lift_kernel_lockdown(void)
-{
- pr_notice("Lifting lockdown\n");
- kernel_locked_down = false;
-}
-
-/*
- * Allow lockdown to be lifted by pressing something like SysRq+x (and not by
- * echoing the appropriate letter into the sysrq-trigger file).
- */
-static void sysrq_handle_lockdown_lift(int key)
-{
- if (kernel_locked_down)
- lift_kernel_lockdown();
-}
-
-static struct sysrq_key_op lockdown_lift_sysrq_op = {
- .handler = sysrq_handle_lockdown_lift,
- .help_msg = "unSB(x)",
- .action_msg = "Disabling Secure Boot restrictions",
- .enable_mask = SYSRQ_DISABLE_USERSPACE,
-};
-
-static int __init lockdown_lift_sysrq(void)
-{
- if (kernel_locked_down) {
- lockdown_lift_sysrq_op.help_msg[5] = LOCKDOWN_LIFT_KEY;
- register_sysrq_key(LOCKDOWN_LIFT_KEY, &lockdown_lift_sysrq_op);
- }
- return 0;
-}
-
-late_initcall(lockdown_lift_sysrq);
-
-#endif /* CONFIG_ALLOW_LOCKDOWN_LIFT_BY_SYSRQ */
projects / mirror_ubuntu-eoan-kernel.git / commitdiff