On 12/01/2016 01:32 PM, David Howells wrote: > When the kernel is running in secure boot mode, we lock down the kernel to > prevent userspace from modifying the running kernel image. Whilst this > includes prohibiting access to things like /dev/mem, it must also prevent > access by means of configuring driver modules in such a way as to cause a > device to access or modify the kernel image. > > To this end, annotate module_param* statements that refer to hardware > configuration and indicate for future reference what type of parameter they > specify. The parameter parser in the core sees this information and can > skip such parameters with an error message if the kernel is locked down. > The module initialisation then runs as normal, but just sees whatever the > default values for those parameters is. > > Note that we do still need to do the module initialisation because some > drivers have viable defaults set in case parameters aren't specified and > some drivers support automatic configuration (e.g. PNP or PCI) in addition > to manually coded parameters. > > This patch annotates drivers in drivers/net/can/. > > Suggested-by: One Thousand Gnomes <gno...@lxorguk.ukuu.org.uk> > Signed-off-by: David Howells <dhowe...@redhat.com> > cc: Wolfgang Grandegger <w...@grandegger.com> > cc: Marc Kleine-Budde <m...@pengutronix.de> > cc: linux-...@vger.kernel.org > cc: net...@vger.kernel.org
Acked-by: Marc Kleine-Budde <m...@pengutronix.de> regards, Marc -- Pengutronix e.K. | Marc Kleine-Budde | Industrial Linux Solutions | Phone: +49-231-2826-924 | Vertretung West/Dortmund | Fax: +49-5121-206917-5555 | Amtsgericht Hildesheim, HRA 2686 | http://www.pengutronix.de |
signature.asc
Description: OpenPGP digital signature
