於 二,2013-09-03 於 19:50 -0400,Matthew Garrett 提到:
> uswsusp allows a user process to dump and then restore kernel state, which
> makes it possible to avoid module loading restrictions. Prevent this when
> any restrictions have been imposed on loading modules.
>
> Signed-off-by: Matthew Garrett <matthew.garrett@xxxxxxxxxx>
Tested-by: Lee, Chun-Yi <jlee@xxxxxxxx>
> ---
> kernel/power/user.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/kernel/power/user.c b/kernel/power/user.c
> index 4ed81e7..15cb72f 100644
> --- a/kernel/power/user.c
> +++ b/kernel/power/user.c
> @@ -24,6 +24,7 @@
> #include <linux/console.h>
> #include <linux/cpu.h>
> #include <linux/freezer.h>
> +#include <linux/module.h>
>
> #include <asm/uaccess.h>
>
> @@ -48,6 +49,9 @@ static int snapshot_open(struct inode *inode, struct file *filp)
> struct snapshot_data *data;
> int error;
>
> + if (secure_modules())
> + return -EPERM;
> +
> lock_system_sleep();
>
> if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
Thanks
Joey Lee
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
