linux/kernel/power
Domenico Andreoli ad1e4f74c0 PM: hibernate: Restrict writes to the resume device
Hibernation via snapshot device requires write permission to the swap
block device, the one that more often (but not necessarily) is used to
store the hibernation image.

With this patch, such permissions are granted iff:

 1) snapshot device config option is enabled
 2) swap partition is used as resume device

In other circumstances the swap device is not writable from userspace.

In order to achieve this, every write attempt to a swap device is
checked against the device configured as part of the uswsusp API [0]
using a pointer to the inode struct in memory. If the swap device being
written was not configured for resuming, the write request is denied.

NOTE: this implementation works only for swap block devices, where the
inode configured by swapon (which sets S_SWAPFILE) is the same used
by SNAPSHOT_SET_SWAP_AREA.

In case of swap file, SNAPSHOT_SET_SWAP_AREA indeed receives the inode
of the block device containing the filesystem where the swap file is
located (+ offset in it) which is never passed to swapon and then has
not set S_SWAPFILE.

As result, the swap file itself (as a file) has never an option to be
written from userspace. Instead it remains writable if accessed directly
from the containing block device, which is always writeable from root.

[0] Documentation/power/userland-swsusp.rst

v2:
 - rename is_hibernate_snapshot_dev() to is_hibernate_resume_dev()
 - fix description so to correctly refer to the resume device

Signed-off-by: Domenico Andreoli <domenico.andreoli@linux.com>
Acked-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Rafael J. Wysocki <rafael.j.wysocki@intel.com>
2020-05-27 17:55:59 +02:00
..
Kconfig PM: hibernate: Split off snapshot dev option 2020-05-19 17:48:08 +02:00
Makefile PM: hibernate: Split off snapshot dev option 2020-05-19 17:48:08 +02:00
autosleep.c PM / wakeup: Show wakeup sources stats in sysfs 2019-08-21 00:20:40 +02:00
console.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
energy_model.c sched/topology: Remove unused 'sd' parameter from arch_scale_cpu_capacity() 2019-06-24 19:23:39 +02:00
hibernate.c PM: hibernate: Incorporate concurrency handling 2020-05-19 17:48:08 +02:00
main.c PM: sleep: Add pm_debug_messages kernel command line option 2020-04-02 15:29:56 +02:00
power.h PM: hibernate: Incorporate concurrency handling 2020-05-19 17:48:08 +02:00
poweroff.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 248 2019-06-19 17:09:08 +02:00
process.c PM / sleep: Show freezing tasks that caused a suspend abort 2018-09-10 12:09:10 +02:00
qos.c PM: QoS: annotate data races in pm_qos_*_value() 2020-03-03 23:34:51 +01:00
snapshot.c s390 updates for the 5.7 merge window 2020-04-04 09:45:50 -07:00
suspend.c ACPI: PM: s2idle: Avoid possible race related to the EC GPE 2020-02-11 10:11:02 +01:00
suspend_test.c PM: sleep: Switch to rtc_time64_to_tm()/rtc_tm_to_time64() 2019-12-20 09:58:08 +01:00
swap.c kernel: power: swap: use kzalloc() instead of kmalloc() followed by memset() 2019-06-28 10:20:39 +02:00
user.c PM: hibernate: Restrict writes to the resume device 2020-05-27 17:55:59 +02:00
wakelock.c PM / wakeup: Show wakeup sources stats in sysfs 2019-08-21 00:20:40 +02:00