From 4bda65b55beb2a8ddbd35ab8a7c57b1026784681dd1092a5411508f2536ffdd0 Mon Sep 17 00:00:00 2001 From: Nikolay Gueorguiev Date: Wed, 25 Oct 2023 06:26:47 +0000 Subject: [PATCH] Accepting request 1120167 from home:ngueorguiev:branches:hardware - Applied a patch(bsc#1216212,bsc#1214466) * qclib-sys-kernel-security-lockdown-enabled.patch OBS-URL: https://build.opensuse.org/request/show/1120167 OBS-URL: https://build.opensuse.org/package/show/hardware/qclib?expand=0&rev=42 --- ...sys-kernel-security-lockdown-enabled.patch | 51 +++++++++++++++++++ qclib.changes | 6 +++ qclib.spec | 3 ++ 3 files changed, 60 insertions(+) create mode 100644 qclib-sys-kernel-security-lockdown-enabled.patch diff --git a/qclib-sys-kernel-security-lockdown-enabled.patch b/qclib-sys-kernel-security-lockdown-enabled.patch new file mode 100644 index 0000000..7f2899e --- /dev/null +++ b/qclib-sys-kernel-security-lockdown-enabled.patch @@ -0,0 +1,51 @@ +commit 73f9792009be42fe652ae897d390852f18bf445a +Author: Stefan Raspl +Date: Thu Sep 7 22:47:16 2023 +0200 + + Handle systems with /sys/kernel/security/lockdown enabled + + Hypfs becomes inaccessible when /sys/kernel/security/lockdown is enabled, as + is the case with e.g. secure booted systems. + To reproduce, run + + echo integrity > /sys/kernel/security/lockdown + + Since qclib conceptually only requires access to /proc/sysinfo at a minimum, + we simply skip hypfs in this case. + + Signed-off-by: Stefan Raspl + +diff --git a/query_capacity_hypfs.c b/query_capacity_hypfs.c +index 9845e88b..3907c269 100644 +--- a/query_capacity_hypfs.c ++++ b/query_capacity_hypfs.c +@@ -617,7 +617,7 @@ static int qc_read_diag_file(struct qc_handle *hdl, const char *dbgfs, struct hy + out_fail: + free(priv->data); + priv->data = NULL; +- rc = -1; ++ rc = 1; + out: + free(fpath); + +@@ -942,14 +942,18 @@ static int qc_hypfs_open(struct qc_handle *hdl, char **buf) { + /* if z/VM diag file exists, the LPAR diag file's content + isn't valid, so we're done after handling the z/VM file */ + priv->diag = QC_HYPFS_ZVM; +- if ((rc = qc_read_diag_file(hdl, dbgfs, priv)) != 0) ++ if ((rc = qc_read_diag_file(hdl, dbgfs, priv)) != 0) { ++ rc = 0; // not a fatal error - we just skip this source + goto out; ++ } + priv->avail = HYPFS_AVAIL_BIN_ZVM; + } else { + qc_debug(hdl, "No z/VM diag file found, must be an LPAR\n"); + priv->diag = QC_HYPFS_LPAR; +- if ((rc = qc_read_diag_file(hdl, dbgfs, priv)) != 0) ++ if ((rc = qc_read_diag_file(hdl, dbgfs, priv)) != 0) { ++ rc = 0; // not a fatal error - we just skip this source + goto out; ++ } + priv->avail = HYPFS_AVAIL_BIN_LPAR; + } + } else { diff --git a/qclib.changes b/qclib.changes index 185e770..eb25ee7 100644 --- a/qclib.changes +++ b/qclib.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Oct 25 06:16:21 UTC 2023 - Nikolay Gueorguiev + +- Applied a patch(bsc#1216212,bsc#1214466) + * qclib-sys-kernel-security-lockdown-enabled.patch + ------------------------------------------------------------------- Mon Oct 16 11:13:48 UTC 2023 - Nikolay Gueorguiev diff --git a/qclib.spec b/qclib.spec index 8972a4c..240182c 100644 --- a/qclib.spec +++ b/qclib.spec @@ -36,6 +36,9 @@ BuildRequires: glibc-devel-static BuildRequires: glibc-devel %endif +# +Patch000: qclib-sys-kernel-security-lockdown-enabled.patch + %description qclib provides a C API for extraction of system information for Linux on z Systems.