subject:"Re\: \[PATCH 02\/24\] Add the ability to lock down access to the running kernel image"

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

2017-04-06 Thread James Morris

On Thu, 6 Apr 2017, David Howells wrote:

> James Morris  wrote:
> 
> > > +static __read_mostly bool kernel_locked_down;
> > 
> > How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not 
> > configured?
> 
> I guess lock_kernel_down() would need to be __init also in that case.

Ideally, yes.

> 
> Also, the implementation of lift_kernel_lockdown() should be conditional on
> CONFIG_ALLOW_LOCKDOWN_LIFT.
> 
> David
> 

-- 
James Morris

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

2017-04-06 Thread James Morris

On Thu, 6 Apr 2017, David Howells wrote:

> James Morris  wrote:
> 
> > > +static __read_mostly bool kernel_locked_down;
> > 
> > How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not 
> > configured?
> 
> I guess lock_kernel_down() would need to be __init also in that case.

Ideally, yes.

> 
> Also, the implementation of lift_kernel_lockdown() should be conditional on
> CONFIG_ALLOW_LOCKDOWN_LIFT.
> 
> David
> 

-- 
James Morris

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

2017-04-06 Thread David Howells

James Morris  wrote:

> > +static __read_mostly bool kernel_locked_down;
> 
> How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not 
> configured?

I guess lock_kernel_down() would need to be __init also in that case.

Also, the implementation of lift_kernel_lockdown() should be conditional on
CONFIG_ALLOW_LOCKDOWN_LIFT.

David

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

2017-04-06 Thread David Howells

James Morris  wrote:

> > +static __read_mostly bool kernel_locked_down;
> 
> How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not 
> configured?

I guess lock_kernel_down() would need to be __init also in that case.

Also, the implementation of lift_kernel_lockdown() should be conditional on
CONFIG_ALLOW_LOCKDOWN_LIFT.

David

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

2017-04-06 Thread James Morris

On Wed, 5 Apr 2017, David Howells wrote:

> +#include 
> +#include 
> +
> +static __read_mostly bool kernel_locked_down;

How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not 
configured?


-- 
James Morris

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

2017-04-06 Thread James Morris

On Wed, 5 Apr 2017, David Howells wrote:

> +#include 
> +#include 
> +
> +static __read_mostly bool kernel_locked_down;

How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not 
configured?


-- 
James Morris

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image

6 matches

Site Navigation

Mail list logo

Footer information