brknkfr/0001-Add-a-lockdown_hibernate-parameter.patch

## 0001-Add-a-lockdown_hibernate-parameter.patch
From e4db4f07e77feb1c126e7afbf441e9eae34b4e57 Mon Sep 17 00:00:00 2001
From: Kelvie Wong <kelvie@kelvie.ca>
Date: Sun, 2 Oct 2022 13:23:25 -0700
Subject: [PATCH] Add a lockdown_hibernate parameter

This allows the user to tell the kernel that they know better (namely,
they secured their swap properly), and that it can enable hibernation.

Signed-off-by: Kelvie Wong <kelvie@kelvie.ca>
---
 Documentation/admin-guide/kernel-parameters.txt |  5 +++++
 kernel/power/hibernate.c                        | 10 +++++++++-
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index b72e204..1e1d72a 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2973,6 +2973,11 @@
 			to extract confidential information from the kernel
 			are also disabled.

+	lockdown_hibernate	[HIBERNATION]
+			Enable hibernation even if lockdown is enabled. Enable this only if
+			your swap is encrypted and secured properly, as an attacker can
+			modify the kernel offline during hibernation.
+
 	locktorture.acq_writer_lim= [KNL]
 			Set the time limit in jiffies for a lock
 			acquisition.  Acquisitions exceeding this limit
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index dee341a..45187b6 100644
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -37,6 +37,7 @@
 #include "power.h"


+static int lockdown_hibernate;
 static int nocompress;
 static int noresume;
 static int nohibernate;
@@ -92,7 +93,7 @@ void hibernate_release(void)
 bool hibernation_available(void)
 {
 	return nohibernate == 0 &&
-		!security_locked_down(LOCKDOWN_HIBERNATION) &&
+		(lockdown_hibernate || !security_locked_down(LOCKDOWN_HIBERNATION)) &&
 		!secretmem_active() && !cxl_mem_active();
 }

@@ -1422,6 +1423,12 @@ static int __init nohibernate_setup(char *str)
 	return 1;
 }

+static int __init lockdown_hibernate_setup(char *str)
+{
+	lockdown_hibernate = 1;
+	return 1;
+}
+
 static const char * const comp_alg_enabled[] = {
 #if IS_ENABLED(CONFIG_CRYPTO_LZO)
 	COMPRESSION_ALGO_LZO,
@@ -1480,3 +1487,4 @@ __setup("hibernate=", hibernate_setup);
 __setup("resumewait", resumewait_setup);
 __setup("resumedelay=", resumedelay_setup);
 __setup("nohibernate", nohibernate_setup);
+__setup("lockdown_hibernate", lockdown_hibernate_setup);
--
2.45.2
	From e4db4f07e77feb1c126e7afbf441e9eae34b4e57 Mon Sep 17 00:00:00 2001
	From: Kelvie Wong <kelvie@kelvie.ca>
	Date: Sun, 2 Oct 2022 13:23:25 -0700
	Subject: [PATCH] Add a lockdown_hibernate parameter

	This allows the user to tell the kernel that they know better (namely,
	they secured their swap properly), and that it can enable hibernation.

	Signed-off-by: Kelvie Wong <kelvie@kelvie.ca>
	---
	Documentation/admin-guide/kernel-parameters.txt \| 5 +++++
	kernel/power/hibernate.c \| 10 +++++++++-
	2 files changed, 14 insertions(+), 1 deletion(-)

	diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
	index b72e204..1e1d72a 100644
	--- a/Documentation/admin-guide/kernel-parameters.txt
	+++ b/Documentation/admin-guide/kernel-parameters.txt
	@@ -2973,6 +2973,11 @@
	to extract confidential information from the kernel
	are also disabled.

	+ lockdown_hibernate [HIBERNATION]
	+ Enable hibernation even if lockdown is enabled. Enable this only if
	+ your swap is encrypted and secured properly, as an attacker can
	+ modify the kernel offline during hibernation.
	+
	locktorture.acq_writer_lim= [KNL]
	Set the time limit in jiffies for a lock
	acquisition. Acquisitions exceeding this limit
	diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
	index dee341a..45187b6 100644
	--- a/kernel/power/hibernate.c
	+++ b/kernel/power/hibernate.c
	@@ -37,6 +37,7 @@
	#include "power.h"


	+static int lockdown_hibernate;
	static int nocompress;
	static int noresume;
	static int nohibernate;
	@@ -92,7 +93,7 @@ void hibernate_release(void)
	bool hibernation_available(void)
	{
	return nohibernate == 0 &&
	- !security_locked_down(LOCKDOWN_HIBERNATION) &&
	+ (lockdown_hibernate \|\| !security_locked_down(LOCKDOWN_HIBERNATION)) &&
	!secretmem_active() && !cxl_mem_active();
	}

	@@ -1422,6 +1423,12 @@ static int __init nohibernate_setup(char *str)
	return 1;
	}

	+static int __init lockdown_hibernate_setup(char *str)
	+{
	+ lockdown_hibernate = 1;
	+ return 1;
	+}
	+
	static const char * const comp_alg_enabled[] = {
	#if IS_ENABLED(CONFIG_CRYPTO_LZO)
	COMPRESSION_ALGO_LZO,
	@@ -1480,3 +1487,4 @@ __setup("hibernate=", hibernate_setup);
	__setup("resumewait", resumewait_setup);
	__setup("resumedelay=", resumedelay_setup);
	__setup("nohibernate", nohibernate_setup);
	+__setup("lockdown_hibernate", lockdown_hibernate_setup);
	--
	2.45.2
No results found