MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 15:03:53 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
c6a3b81c36
linux-yocto/arch
History
Peter Oberparleiter 27d0ed38e1 s390/hypfs: Enable limited access during lockdown 
[ Upstream commit 3868f910440c47cd5d158776be4ba4e2186beda7 ]

When kernel lockdown is active, debugfs_locked_down() blocks access to
hypfs files that register ioctl callbacks, even if the ioctl interface
is not required for a function. This unnecessarily breaks userspace
tools that only rely on read operations.

Resolve this by registering a minimal set of file operations during
lockdown, avoiding ioctl registration and preserving access for affected
tooling.

Note that this change restores hypfs functionality when lockdown is
active from early boot (e.g. via lockdown=integrity kernel parameter),
but does not apply to scenarios where lockdown is enabled dynamically
while Linux is running.

Tested-by: Mete Durlu <meted@linux.ibm.com>
Reviewed-by: Vasily Gorbik <gor@linux.ibm.com>
Fixes: 5496197f9b ("debugfs: Restrict debugfs when the kernel is locked down")
Signed-off-by: Peter Oberparleiter <oberpar@linux.ibm.com>
Signed-off-by: Alexander Gordeev <agordeev@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-08-28 16:22:59 +02:00
..
alpha alpha/elf: Fix misc/setarch test of util-linux by removing 32bit support 2025-04-10 14:30:49 +02:00
arc ARC: build: Try to guess GCC variant of cross compiler 2025-01-09 13:25:05 +01:00
arm ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS 2025-08-28 16:22:54 +02:00
arm64 mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd() 2025-08-28 16:22:55 +02:00
c6x
csky csky, hexagon: fix broken sys_sync_file_range 2024-07-05 09:12:54 +02:00
h8300
hexagon hexagon: Fix unbalanced spinlock in die() 2025-03-13 12:46:59 +01:00
ia64 efi: ia64: move IA64-only declarations to new asm/efi.h header 2024-07-18 13:05:50 +02:00
m68k m68k: Fix lost column on framebuffer debug console 2025-08-28 16:22:48 +02:00
microblaze microblaze: don't treat zero reserved memory regions as error 2024-10-17 15:07:35 +02:00
mips lib/crypto: mips/chacha: Fix clang build and remove unneeded byteswap 2025-08-28 16:22:49 +02:00
nds32
nios2 nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults 2025-06-27 11:04:17 +01:00
openrisc openrisc: Call setup_memory() earlier in the init sequence 2024-09-04 13:17:38 +02:00
parisc parisc: Makefile: fix a typo in palo.conf 2025-08-28 16:22:48 +02:00
powerpc (powerpc/512) Fix possible dma_unmap_single() on uninitialized pointer 2025-08-28 16:22:43 +02:00
riscv riscv: Avoid fortify warning in syscall_get_arguments() 2025-05-02 07:41:02 +02:00
s390 s390/hypfs: Enable limited access during lockdown 2025-08-28 16:22:59 +02:00
sh sh: Do not use hyphen in exported variable name 2025-08-28 16:22:35 +02:00
sparc sparc/mm: disable preemption in lazy mmu mode 2025-05-02 07:40:56 +02:00
um um: vector: Reduce stack usage in vector_eth_configure() 2025-07-17 18:27:59 +02:00
x86 compiler: remove __ADDRESSABLE_ASM{_STR,}() again 2025-08-28 16:22:58 +02:00
xtensa xtensa: boot/lib: fix function prototypes 2023-10-10 21:53:31 +02:00
.gitignore
Kconfig cpu: Re-enable CPU mitigations by default for !X86 architectures 2024-05-02 16:23:44 +02:00