xref: /OK3568_Linux_fs/buildroot/boot/grub2/0042-commands-setpci-Restrict-setpci-command-when-locked-.patch (revision 4882a59341e53eb6f0b4789bf948001014eff981)

From 58b77d4069823b44c5fa916fa8ddfc9c4cd51e02 Mon Sep 17 00:00:00 2001
From: Javier Martinez Canillas <javierm@redhat.com>
Date: Wed, 24 Feb 2021 22:59:59 +0100
Subject: [PATCH] commands/setpci: Restrict setpci command when locked down

This command can set PCI devices register values, which makes it dangerous
in a locked down configuration. Restrict it so can't be used on this setup.

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
Signed-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
---
 grub-core/commands/setpci.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/grub-core/commands/setpci.c b/grub-core/commands/setpci.c
index d5bc97d..fa2ba7d 100644
--- a/grub-core/commands/setpci.c
+++ b/grub-core/commands/setpci.c
@@ -329,10 +329,10 @@ static grub_extcmd_t cmd;

 GRUB_MOD_INIT(setpci)
 {
-  cmd = grub_register_extcmd ("setpci", grub_cmd_setpci, 0,
-			      N_("[-s POSITION] [-d DEVICE] [-v VAR] "
-				 "REGISTER[=VALUE[:MASK]]"),
-			      N_("Manipulate PCI devices."), options);
+  cmd = grub_register_extcmd_lockdown ("setpci", grub_cmd_setpci, 0,
+				       N_("[-s POSITION] [-d DEVICE] [-v VAR] "
+					  "REGISTER[=VALUE[:MASK]]"),
+				       N_("Manipulate PCI devices."), options);
 }

 GRUB_MOD_FINI(setpci)
--
2.14.2