[v2,2/2] hibernate: split snapshot dev option

Message ID	20200501152304.609906298@gmail.com
State	New
Headers	show Return-Path: <SRS0=hlrK=6P=vger.kernel.org=linux-pm-owner@kernel.org> Message-Id: <20200501152304.609906298@gmail.com> User-Agent: quilt/0.65 Date: Fri, 01 May 2020 17:14:54 +0200 From: Domenico Andreoli <domenico.andreoli@linux.com> To: "Rafael J. Wysocki" <rjw@rjwysocki.net>, Pavel Machek <pavel@ucw.cz> Cc: Linux PM <linux-pm@vger.kernel.org>, Domenico Andreoli <domenico.andreoli@linux.com> Subject: [PATCH v2 2/2] hibernate: split snapshot dev option References: <20200501151452.621900831@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Disposition: inline; filename=hibernate-split-snapshot-dev-option Sender: linux-pm-owner@vger.kernel.org Precedence: bulk
Series	hibernate: add config option for snapshot device \| expand [v2,0/2] hibernate: add config option for snapshot device [v2,2/2] hibernate: split snapshot dev option

Message ID

20200501152304.609906298@gmail.com

State

New

Headers

Message-Id: <20200501152304.609906298@gmail.com>
User-Agent: quilt/0.65
Date: Fri, 01 May 2020 17:14:54 +0200
From: Domenico Andreoli <domenico.andreoli@linux.com>
To: "Rafael J. Wysocki" <rjw@rjwysocki.net>, Pavel Machek <pavel@ucw.cz>
Cc: Linux PM <linux-pm@vger.kernel.org>,
	Domenico Andreoli <domenico.andreoli@linux.com>
Subject: [PATCH v2 2/2] hibernate: split snapshot dev option
References: <20200501151452.621900831@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Disposition: inline; filename=hibernate-split-snapshot-dev-option
Sender: linux-pm-owner@vger.kernel.org
Precedence: bulk

Series

hibernate: add config option for snapshot device | expand

Commit Message

Domenico Andreoli May 1, 2020, 3:14 p.m. UTC

From: Domenico Andreoli <domenico.andreoli@linux.com>

Make it possible to reduce the attack surface in case the snapshot
device is not to be used from userspace.

v2:
 - the option is enabled by default (it was disabled by default)
 - remove the premature "DEPRECATED" marking
 - drop the redefinition of mutual exclusion helpers (in v2 they are
   owned by hibernte.c) in case the option is deselected
 - add the help message to the config option

Signed-off-by: Domenico Andreoli <domenico.andreoli@linux.com>
Cc: "Rafael J. Wysocki" <rjw@rjwysocki.net>
Cc: Pavel Machek <pavel@ucw.cz>
Cc: Linux PM <linux-pm@vger.kernel.org>

---
 kernel/power/Kconfig  |   12 ++++++++++++
 kernel/power/Makefile |    3 ++-
 2 files changed, 14 insertions(+), 1 deletion(-)

Index: b/kernel/power/Kconfig
===================================================================
--- a/kernel/power/Kconfig
+++ b/kernel/power/Kconfig
@@ -80,6 +80,18 @@  config HIBERNATION
 
 	  For more information take a look at <file:Documentation/power/swsusp.rst>.
 
+config HIBERNATION_SNAPSHOT_DEV
+	bool "Userspace snapshot device"
+	depends on HIBERNATION
+	default y
+	---help---
+	  Device used by the uswsusp tools.
+
+	  Say N if no snapshotting from userspace is needed, this also
+	  reduces the attack surface of the kernel.
+
+	  If in doubt, say Y.
+
 config PM_STD_PARTITION
 	string "Default resume partition"
 	depends on HIBERNATION
Index: b/kernel/power/Makefile
===================================================================
--- a/kernel/power/Makefile
+++ b/kernel/power/Makefile
@@ -10,7 +10,8 @@  obj-$(CONFIG_VT_CONSOLE_SLEEP)	+= consol
 obj-$(CONFIG_FREEZER)		+= process.o
 obj-$(CONFIG_SUSPEND)		+= suspend.o
 obj-$(CONFIG_PM_TEST_SUSPEND)	+= suspend_test.o
-obj-$(CONFIG_HIBERNATION)	+= hibernate.o snapshot.o swap.o user.o
+obj-$(CONFIG_HIBERNATION)	+= hibernate.o snapshot.o swap.o
+obj-$(CONFIG_HIBERNATION_SNAPSHOT_DEV) += user.o
 obj-$(CONFIG_PM_AUTOSLEEP)	+= autosleep.o
 obj-$(CONFIG_PM_WAKELOCKS)	+= wakelock.o

[v2,2/2] hibernate: split snapshot dev option

Commit Message

Patch