MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 15:03:53 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
be15dab9a4
linux-yocto/arch
History
Peter Oberparleiter 13b8655986 s390/hypfs: Enable limited access during lockdown 
[ Upstream commit 3868f910440c47cd5d158776be4ba4e2186beda7 ]

When kernel lockdown is active, debugfs_locked_down() blocks access to
hypfs files that register ioctl callbacks, even if the ioctl interface
is not required for a function. This unnecessarily breaks userspace
tools that only rely on read operations.

Resolve this by registering a minimal set of file operations during
lockdown, avoiding ioctl registration and preserving access for affected
tooling.

Note that this change restores hypfs functionality when lockdown is
active from early boot (e.g. via lockdown=integrity kernel parameter),
but does not apply to scenarios where lockdown is enabled dynamically
while Linux is running.

Tested-by: Mete Durlu <meted@linux.ibm.com>
Reviewed-by: Vasily Gorbik <gor@linux.ibm.com>
Fixes: 5496197f9b ("debugfs: Restrict debugfs when the kernel is locked down")
Signed-off-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-08-28 16:34:51 +02:00
..
alpha mm: pgtable: fix pte_swp_exclusive 2025-06-11 14:52:08 -07:00
arc ARC fixes for 6.16 2025-06-12 08:17:56 -07:00
arm lib/crypto: arm/poly1305: Fix register corruption in no-SIMD contexts 2025-08-28 16:34:13 +02:00
arm64 arm64: dts: rockchip: Remove workaround that prevented Turing RK1 GPU power regulator control 2025-08-28 16:34:16 +02:00
csky mm: pgtable: fix pte_swp_exclusive 2025-06-11 14:52:08 -07:00
hexagon mm: pgtable: fix pte_swp_exclusive 2025-06-11 14:52:08 -07:00
loongarch LoongArch: KVM: Use kvm_get_vcpu_by_id() instead of kvm_get_vcpu() 2025-08-28 16:34:49 +02:00
m68k m68k: Fix lost column on framebuffer debug console 2025-08-28 16:34:12 +02:00
microblaze mm: pgtable: fix pte_swp_exclusive 2025-06-11 14:52:08 -07:00
mips lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap 2025-08-28 16:34:13 +02:00
nios2 mm: pgtable: fix pte_swp_exclusive 2025-06-11 14:52:08 -07:00
openrisc mm: pgtable: fix pte_swp_exclusive 2025-06-11 14:52:08 -07:00
parisc parisc: Update comments in make_insert_tlb 2025-08-28 16:34:27 +02:00
powerpc powerpc: floppy: Add missing checks after DMA map 2025-08-20 18:41:16 +02:00
riscv mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() 2025-08-20 18:41:41 +02:00
s390 s390/hypfs: Enable limited access during lockdown 2025-08-28 16:34:51 +02:00
sh sh: Do not use hyphen in exported variable name 2025-08-15 16:39:12 +02:00
sparc mm: pgtable: fix pte_swp_exclusive 2025-06-11 14:52:08 -07:00
um um: Re-evaluate thread flags repeatedly 2025-08-20 18:41:09 +02:00
x86 x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper 2025-08-28 16:34:42 +02:00
xtensa mm: pgtable: fix pte_swp_exclusive 2025-06-11 14:52:08 -07:00
.gitignore
Kconfig fs/resctrl: Add boiler plate for external resctrl code 2025-05-16 11:05:40 +02:00