On Thu, Dec 01, 2016 at 12:33:54PM +0000, David Howells wrote: > When the kernel is running in secure boot mode, we lock down the kernel to > prevent userspace from modifying the running kernel image. Whilst this > includes prohibiting access to things like /dev/mem, it must also prevent > access by means of configuring driver modules in such a way as to cause a > device to access or modify the kernel image. > > To this end, annotate module_param* statements that refer to hardware > configuration and indicate for future reference what type of parameter they > specify. The parameter parser in the core sees this information and can > skip such parameters with an error message if the kernel is locked down. > The module initialisation then runs as normal, but just sees whatever the > default values for those parameters is. > > Note that we do still need to do the module initialisation because some > drivers have viable defaults set in case parameters aren't specified and > some drivers support automatic configuration (e.g. PNP or PCI) in addition > to manually coded parameters. > > This patch annotates drivers in drivers/tty/. > > Suggested-by: One Thousand Gnomes <gnomes@xxxxxxxxxxxxxxxxxxx> > Signed-off-by: David Howells <dhowells@xxxxxxxxxx> > cc: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> > cc: Jiri Slaby <jslaby@xxxxxxxx> > cc: linux-serial@xxxxxxxxxxxxxxx > --- > > drivers/tty/cyclades.c | 4 ++-- > drivers/tty/moxa.c | 2 +- > drivers/tty/mxser.c | 2 +- > drivers/tty/rocket.c | 10 +++++----- > drivers/tty/serial/8250/8250_core.c | 4 ++-- > drivers/tty/synclink.c | 6 +++--- > 6 files changed, 14 insertions(+), 14 deletions(-) NAK, see my response to patch 1 of this series. thanks, greg k-h -- To unsubscribe from this list: send the line "unsubscribe linux-serial" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
