From martha.unitednations at c2.hu  Wed Apr  5 07:04:18 2017
From: martha.unitednations at c2.hu (Mrs. Martha Jefferson)
Date: Wed, 05 Apr 2017 15:04:18 +0100
Subject: Waiting for your Urgent Response.
Message-ID: <20170405124234.73BA3681675@mail.bprc.ac.cn>

Greetings to you

I'm Mrs. Martha Jefferson a widow to late Mr. Jahn Jefferson from London  "I am 58 years old, my husband is late and he is the Director of a Construction Company here before his sudden death in this Country during Political Crisis in 2013, but before his death, he deposited the sum of $ 4 million dollars with one of the Bank in Malaysia with my name and I have been suffering from pancreatic cancer, my condition is  really bad and it is obvious that I will not live more than two months according to my doctor, and I do not have any child who will take care of large amounts of money, I am willing to donate this amount $ 4 million dollars to you to help widows and people who are disadvantaged in rural and urban areas and to carry out charity work in your Country and around the World in my name.

Waiting for your Urgent Response through my email address, marthajefferson1 at outlook.com 

Remain blessed in the name of God.

Yours 

Mrs. Martha Jefferson.


From dhowells at redhat.com  Wed Apr  5 10:00:45 2017
From: dhowells at redhat.com (David Howells)
Date: Wed, 05 Apr 2017 18:00:45 +0100
Subject: [PATCH 26/38] Annotate hardware config module parameters in
 drivers/pcmcia/
In-Reply-To: <149141141298.29162.5612793122429261720.stgit@warthog.procyon.org.uk>
References: <149141141298.29162.5612793122429261720.stgit@warthog.procyon.org.uk>
Message-ID: <149141164504.29162.16240363352018356960.stgit@warthog.procyon.org.uk>

When the kernel is running in secure boot mode, we lock down the kernel to
prevent userspace from modifying the running kernel image.  Whilst this
includes prohibiting access to things like /dev/mem, it must also prevent
access by means of configuring driver modules in such a way as to cause a
device to access or modify the kernel image.

To this end, annotate module_param* statements that refer to hardware
configuration and indicate for future reference what type of parameter they
specify.  The parameter parser in the core sees this information and can
skip such parameters with an error message if the kernel is locked down.
The module initialisation then runs as normal, but just sees whatever the
default values for those parameters is.

Note that we do still need to do the module initialisation because some
drivers have viable defaults set in case parameters aren't specified and
some drivers support automatic configuration (e.g. PNP or PCI) in addition
to manually coded parameters.

This patch annotates drivers in drivers/pcmcia/.

Suggested-by: Alan Cox <gnomes at lxorguk.ukuu.org.uk>
Signed-off-by: David Howells <dhowells at redhat.com>
cc: linux-pcmcia at lists.infradead.org
---

 drivers/pcmcia/i82365.c |    8 ++++----
 drivers/pcmcia/tcic.c   |    8 ++++----
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/drivers/pcmcia/i82365.c b/drivers/pcmcia/i82365.c
index eb0d80a429e4..fb38cc01859f 100644
--- a/drivers/pcmcia/i82365.c
+++ b/drivers/pcmcia/i82365.c
@@ -108,12 +108,12 @@ static int async_clock = -1;
 static int cable_mode = -1;
 static int wakeup = 0;
 
-module_param(i365_base, ulong, 0444);
+module_param_hw(i365_base, ulong, ioport, 0444);
 module_param(ignore, int, 0444);
 module_param(extra_sockets, int, 0444);
-module_param(irq_mask, int, 0444);
-module_param_array(irq_list, int, &irq_list_count, 0444);
-module_param(cs_irq, int, 0444);
+module_param_hw(irq_mask, int, other, 0444);
+module_param_hw_array(irq_list, int, irq, &irq_list_count, 0444);
+module_param_hw(cs_irq, int, irq, 0444);
 module_param(async_clock, int, 0444);
 module_param(cable_mode, int, 0444);
 module_param(wakeup, int, 0444);
diff --git a/drivers/pcmcia/tcic.c b/drivers/pcmcia/tcic.c
index 1ee63e5f0550..a1ac72d51d70 100644
--- a/drivers/pcmcia/tcic.c
+++ b/drivers/pcmcia/tcic.c
@@ -85,12 +85,12 @@ static int poll_quick = HZ/20;
 /* CCLK external clock time, in nanoseconds.  70 ns = 14.31818 MHz */
 static int cycle_time = 70;
 
-module_param(tcic_base, ulong, 0444);
+module_param_hw(tcic_base, ulong, ioport, 0444);
 module_param(ignore, int, 0444);
 module_param(do_scan, int, 0444);
-module_param(irq_mask, int, 0444);
-module_param_array(irq_list, int, &irq_list_count, 0444);
-module_param(cs_irq, int, 0444);
+module_param_hw(irq_mask, int, other, 0444);
+module_param_hw_array(irq_list, int, irq, &irq_list_count, 0444);
+module_param_hw(cs_irq, int, irq, 0444);
 module_param(poll_interval, int, 0444);
 module_param(poll_quick, int, 0444);
 module_param(cycle_time, int, 0444);



From dhowells at redhat.com  Wed Apr  5 13:17:45 2017
From: dhowells at redhat.com (David Howells)
Date: Wed, 05 Apr 2017 21:17:45 +0100
Subject: [PATCH 22/24] Prohibit PCMCIA CIS storage when the kernel is locked
 down
In-Reply-To: <149142326734.5101.4596394505987813763.stgit@warthog.procyon.org.uk>
References: <149142326734.5101.4596394505987813763.stgit@warthog.procyon.org.uk>
Message-ID: <149142346534.5101.3176119517193928628.stgit@warthog.procyon.org.uk>

Prohibit replacement of the PCMCIA Card Information Structure when the
kernel is locked down.

Suggested-by: Dominik Brodowski <linux at dominikbrodowski.net>
Signed-off-by: David Howells <dhowells at redhat.com>
cc: linux-pcmcia at lists.infradead.org
---

 drivers/pcmcia/cistpl.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/pcmcia/cistpl.c b/drivers/pcmcia/cistpl.c
index 55ef7d1fd8da..193e4f7b73b1 100644
--- a/drivers/pcmcia/cistpl.c
+++ b/drivers/pcmcia/cistpl.c
@@ -1578,6 +1578,11 @@ static ssize_t pccard_store_cis(struct file *filp, struct kobject *kobj,
 	struct pcmcia_socket *s;
 	int error;
 
+	if (kernel_is_locked_down()) {
+		pr_err("Direct CIS storage isn't permitted when the kernel is locked down\n");
+		return -EPERM;
+	}
+
 	s = to_socket(container_of(kobj, struct device, kobj));
 
 	if (off)