summaryrefslogtreecommitdiffstats
path: root/fs/proc
diff options
context:
space:
mode:
authorMatthew Garrett <matthewgarrett@google.com>2019-08-20 02:18:05 +0200
committerJames Morris <jmorris@namei.org>2019-08-20 06:54:17 +0200
commitb602614a81078bf29c82b2671bb96a63488f68d6 (patch)
treeeb83d8f6461eeff1bd51eda39267ab0f523bd5f8 /fs/proc
parentefi: Restrict efivar_ssdt_load when the kernel is locked down (diff)
downloadlinux-b602614a81078bf29c82b2671bb96a63488f68d6.tar.xz
linux-b602614a81078bf29c82b2671bb96a63488f68d6.zip
lockdown: Print current->comm in restriction messages
Print the content of current->comm in messages generated by lockdown to indicate a restriction that was hit. This makes it a bit easier to find out what caused the message. The message now patterned something like: Lockdown: <comm>: <what> is restricted; see man kernel_lockdown.7 Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: Matthew Garrett <mjg59@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'fs/proc')
-rw-r--r--fs/proc/kcore.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/fs/proc/kcore.c b/fs/proc/kcore.c
index ee2c576cc94e..e2ed8e08cc7a 100644
--- a/fs/proc/kcore.c
+++ b/fs/proc/kcore.c
@@ -548,11 +548,12 @@ static int open_kcore(struct inode *inode, struct file *filp)
{
int ret = security_locked_down(LOCKDOWN_KCORE);
- if (ret)
- return ret;
if (!capable(CAP_SYS_RAWIO))
return -EPERM;
+ if (ret)
+ return ret;
+
filp->private_data = kmalloc(PAGE_SIZE, GFP_KERNEL);
if (!filp->private_data)
return -ENOMEM;