[kernel/f18] Fix power management sysfs on non-secure boot machines (rhbz 896243)

Josh Boyer jwboyer at fedoraproject.org
Thu Jan 17 03:13:30 UTC 2013 

commit 202608877d88faba8f114c079c25f6d04075d10b
Author: Josh Boyer <jwboyer at redhat.com>
Date:   Wed Jan 16 22:08:34 2013 -0500

    Fix power management sysfs on non-secure boot machines (rhbz 896243)

 kernel.spec                |    5 +++-
 secure-boot-20121212.patch |   48 ++++++++++++++++++++++++++++++-------------
 2 files changed, 37 insertions(+), 16 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index dfd0249..46c06cd 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -62,7 +62,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 204
+%global baserelease 205
 %global fedora_build %{baserelease}
 
 # base_sublevel is the kernel version we're starting with and patching
@@ -2389,6 +2389,9 @@ fi
 #                 ||----w |
 #                 ||     ||
 %changelog
+* Wed Jan 16 2013 Josh Boyer <jwboyer at redhat.com>
+- Fix power management sysfs on non-secure boot machines (rhbz 896243)
+
 * Wed Jan 16 2013 Justin M. Forbes <jforbes at redhat.com>  3.7.2-204
 - Fix for CVE-2013-0190 xen corruption with 32bit pvops (rhbz 896051 896038)
 
diff --git a/secure-boot-20121212.patch b/secure-boot-20121212.patch
index 387302b..61f796e 100644
--- a/secure-boot-20121212.patch
+++ b/secure-boot-20121212.patch
@@ -1318,10 +1318,10 @@ index 0000000..76a5a34
 1.8.0.1
 
 
-From 7d5629a2000d9dc92da91d2f1258af748e89cfd7 Mon Sep 17 00:00:00 2001
+From e45330362517d08579cdaddc718febe68e2cae06 Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer at redhat.com>
 Date: Fri, 26 Oct 2012 14:02:09 -0400
-Subject: [PATCH 19/20] hibernate: Disable in a Secure Boot environment
+Subject: [PATCH] hibernate: Disable in a Secure Boot environment
 
 There is currently no way to verify the resume image when returning
 from hibernate.  This might compromise the secure boot trust model,
@@ -1330,16 +1330,24 @@ a Secure Boot environment.
 
 Signed-off-by: Josh Boyer <jwboyer at redhat.com>
 ---
- kernel/power/hibernate.c | 14 +++++++++++++-
- kernel/power/main.c      |  4 +++-
+ kernel/power/hibernate.c | 15 ++++++++++++++-
+ kernel/power/main.c      |  7 ++++++-
  kernel/power/user.c      |  3 +++
- 3 files changed, 19 insertions(+), 2 deletions(-)
+ 3 files changed, 23 insertions(+), 2 deletions(-)
 
 diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
-index b26f5f1..f04343b 100644
+index b26f5f1..26bdfa8 100644
 --- a/kernel/power/hibernate.c
 +++ b/kernel/power/hibernate.c
-@@ -632,6 +632,10 @@ int hibernate(void)
+@@ -28,6 +28,7 @@
+ #include <linux/syscore_ops.h>
+ #include <linux/ctype.h>
+ #include <linux/genhd.h>
++#include <linux/efi.h>
+ 
+ #include "power.h"
+ 
+@@ -632,6 +633,10 @@ int hibernate(void)
  {
  	int error;
  
@@ -1350,7 +1358,7 @@ index b26f5f1..f04343b 100644
  	lock_system_sleep();
  	/* The snapshot device should not be opened while we're running */
  	if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
-@@ -723,7 +727,7 @@ static int software_resume(void)
+@@ -723,7 +728,7 @@ static int software_resume(void)
  	/*
  	 * If the user said "noresume".. bail out early.
  	 */
@@ -1359,11 +1367,11 @@ index b26f5f1..f04343b 100644
  		return 0;
  
  	/*
-@@ -889,6 +893,11 @@ static ssize_t disk_show(struct kobject *kobj, struct kobj_attribute *attr,
+@@ -889,6 +894,11 @@ static ssize_t disk_show(struct kobject *kobj, struct kobj_attribute *attr,
  	int i;
  	char *start = buf;
  
-+	if (!capable(CAP_COMPROMISE_KERNEL)) {
++	if (secure_boot_enabled) {
 +		buf += sprintf(buf, "[%s]\n", "disabled");
 +		return buf-start;
 +	}
@@ -1371,7 +1379,7 @@ index b26f5f1..f04343b 100644
  	for (i = HIBERNATION_FIRST; i <= HIBERNATION_MAX; i++) {
  		if (!hibernation_modes[i])
  			continue;
-@@ -923,6 +932,9 @@ static ssize_t disk_store(struct kobject *kobj, struct kobj_attribute *attr,
+@@ -923,6 +933,9 @@ static ssize_t disk_store(struct kobject *kobj, struct kobj_attribute *attr,
  	char *p;
  	int mode = HIBERNATION_INVALID;
  
@@ -1382,16 +1390,26 @@ index b26f5f1..f04343b 100644
  	len = p ? p - buf : n;
  
 diff --git a/kernel/power/main.c b/kernel/power/main.c
-index f458238..72580c1 100644
+index 1c16f91..8e3456d 100644
 --- a/kernel/power/main.c
 +++ b/kernel/power/main.c
-@@ -301,7 +301,9 @@ static ssize_t state_show(struct kobject *kobj, struct kobj_attribute *attr,
+@@ -15,6 +15,7 @@
+ #include <linux/workqueue.h>
+ #include <linux/debugfs.h>
+ #include <linux/seq_file.h>
++#include <linux/efi.h>
+ 
+ #include "power.h"
+ 
+@@ -301,7 +302,11 @@ static ssize_t state_show(struct kobject *kobj, struct kobj_attribute *attr,
  	}
  #endif
  #ifdef CONFIG_HIBERNATION
 -	s += sprintf(s, "%s\n", "disk");
-+	if (capable(CAP_COMPROMISE_KERNEL)) {
++	if (!secure_boot_enabled) {
 +		s += sprintf(s, "%s\n", "disk");
++	} else {
++		s += sprintf(s, "\n");
 +	}
  #else
  	if (s != buf)
@@ -1411,7 +1429,7 @@ index 4ed81e7..b11a0f4 100644
  
  	if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {
 -- 
-1.8.0.1
+1.8.0.2
 
 
 From 81adc779dba0f45f10b5ff307bd55832305f1112 Mon Sep 17 00:00:00 2001

More information about the scm-commits mailing list