kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   f98e5145766658826610ef663941a4c22c7f81b4
  2.   patches.suse
  3.   0002-hibernate-avoid-the-data-in-hidden-area-to-be-snapsh.patch
Blob Blame History Raw 
From f5b5360dede9682551f09bf505ee2f2c79985c92 Mon Sep 17 00:00:00 2001
From: "Lee, Chun-Yi" <jlee@suse.com>
Date: Mon, 11 Dec 2017 18:41:51 +0800
Subject: [PATCH 02/11] hibernate: avoid the data in hidden area to be
 snapshotted
Patch-mainline: No, will be submitted to upstream
References: fate#316350

The sensitive data in hidden area should not be snapshotted by hibernate.
On the other hand, the hidden area in boot kernel should be cleaned before
the system be restored to target kernel.

Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
---
 kernel/power/snapshot.c |    7 +++++++
 kernel/power/swap.c     |    6 ++++++
 kernel/power/user.c     |    3 +++
 3 files changed, 16 insertions(+)

--- a/kernel/power/snapshot.c
+++ b/kernel/power/snapshot.c
@@ -30,6 +30,7 @@
 #include <linux/slab.h>
 #include <linux/compiler.h>
 #include <linux/ktime.h>
+#include <linux/security.h>
 
 #include <linux/uaccess.h>
 #include <asm/mmu_context.h>
@@ -1220,6 +1221,9 @@ static struct page *saveable_highmem_pag
 
 	BUG_ON(!PageHighMem(page));
 
+	if (page_is_hidden(page))
+		return NULL;
+
 	if (swsusp_page_is_forbidden(page) ||  swsusp_page_is_free(page) ||
 	    PageReserved(page))
 		return NULL;
@@ -1282,6 +1286,9 @@ static struct page *saveable_page(struct
 
 	BUG_ON(PageHighMem(page));
 
+	if (page_is_hidden(page))
+		return NULL;
+
 	if (swsusp_page_is_forbidden(page) || swsusp_page_is_free(page))
 		return NULL;
 
--- a/kernel/power/swap.c
+++ b/kernel/power/swap.c
@@ -31,6 +31,7 @@
 #include <linux/kthread.h>
 #include <linux/crc32.h>
 #include <linux/ktime.h>
+#include <linux/security.h>
 
 #include "power.h"
 
@@ -1100,6 +1101,9 @@ static int load_image(struct swap_map_ha
 		snapshot_write_finalize(snapshot);
 		if (!snapshot_image_loaded(snapshot))
 			ret = -ENODATA;
+
+		/* clean the hidden area in boot kernel */
+		clean_hidden_area();
 	}
 	swsusp_show_speed(start, stop, nr_to_read, "Read");
 	return ret;
@@ -1461,6 +1465,8 @@ out_finish:
 				}
 			}
 		}
+		/* clean the hidden area in boot kernel */
+		clean_hidden_area();
 	}
 	swsusp_show_speed(start, stop, nr_to_read, "Read");
 out_clean:
--- a/kernel/power/user.c
+++ b/kernel/power/user.c
@@ -24,6 +24,7 @@
 #include <linux/console.h>
 #include <linux/cpu.h>
 #include <linux/freezer.h>
+#include <linux/security.h>
 
 #include <linux/uaccess.h>
 
@@ -270,6 +271,8 @@ static long snapshot_ioctl(struct file *
 			error = -EPERM;
 			break;
 		}
+		/* clean the hidden area in boot kernel */
+		clean_hidden_area();
 		error = hibernation_restore(data->platform_support);
 		break;
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.