於 二,2013-09-03 於 19:50 -0400,Matthew Garrett 提到: > uswsusp allows a user process to dump and then restore kernel state, which > makes it possible to avoid module loading restrictions. Prevent this when > any restrictions have been imposed on loading modules. > > Signed-off-by: Matthew Garrett <matthew.garrett@xxxxxxxxxx> Tested-by: Lee, Chun-Yi <jlee@xxxxxxxx> > --- > kernel/power/user.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/kernel/power/user.c b/kernel/power/user.c > index 4ed81e7..15cb72f 100644 > --- a/kernel/power/user.c > +++ b/kernel/power/user.c > @@ -24,6 +24,7 @@ > #include <linux/console.h> > #include <linux/cpu.h> > #include <linux/freezer.h> > +#include <linux/module.h> > > #include <asm/uaccess.h> > > @@ -48,6 +49,9 @@ static int snapshot_open(struct inode *inode, struct file *filp) > struct snapshot_data *data; > int error; > > + if (secure_modules()) > + return -EPERM; > + > lock_system_sleep(); > > if (!atomic_add_unless(&snapshot_device_available, -1, 0)) { Thanks Joey Lee -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html