Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image
On Thu, 6 Apr 2017, David Howells wrote: > James Morris wrote: > > > > +static __read_mostly bool kernel_locked_down; > > > > How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not > > configured? > > I guess lock_kernel_down() would need to be __init also in that case. Ideally, yes. > > Also, the implementation of lift_kernel_lockdown() should be conditional on > CONFIG_ALLOW_LOCKDOWN_LIFT. > > David > -- James Morris
Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image
James Morris wrote: > > +static __read_mostly bool kernel_locked_down; > > How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not > configured? I guess lock_kernel_down() would need to be __init also in that case. Also, the implementation of lift_kernel_lockdown() should be conditional on CONFIG_ALLOW_LOCKDOWN_LIFT. David
Re: [PATCH 02/24] Add the ability to lock down access to the running kernel image
On Wed, 5 Apr 2017, David Howells wrote: > +#include > +#include > + > +static __read_mostly bool kernel_locked_down; How about marking this __ro_after_init if ALLOW_LOCKDOWN_LIFT is not configured? -- James Morris