From ac89b4ad914e2aea2d797fa77a72b46bfef2ca4f Mon Sep 17 00:00:00 2001
From: Jeremy Cline <jcline@redhat.com>
Date: Wed, 2 Oct 2019 16:37:22 -0400
Subject: [PATCH] Fix up the lockdown sysrq patch

Signed-off-by: Jeremy Cline <jcline@redhat.com>
---
 efi-lockdown.patch | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/efi-lockdown.patch b/efi-lockdown.patch
index c213cfce9..75d4b7ed7 100644
--- a/efi-lockdown.patch
+++ b/efi-lockdown.patch
@@ -1898,16 +1898,20 @@ index 573b2055173c..7cc95a8bdf8d 100644
  
          op_p = __sysrq_get_key_op(key);
          if (op_p) {
+-		/*
+-		 * Should we check for enabled operations (/proc/sysrq-trigger
+-		 * should not) and is the invoked operation enabled?
+-		 */
+-		if (!check_mask || sysrq_on_mask(op_p->enable_mask)) {
 +		/* Ban synthetic events from some sysrq functionality */
 +		if ((from == SYSRQ_FROM_PROC || from == SYSRQ_FROM_SYNTHETIC) &&
-+		    op_p->enable_mask & SYSRQ_DISABLE_USERSPACE)
++		    op_p->enable_mask & SYSRQ_DISABLE_USERSPACE) {
 +			printk("This sysrq operation is disabled from userspace.\n");
- 		/*
- 		 * Should we check for enabled operations (/proc/sysrq-trigger
- 		 * should not) and is the invoked operation enabled?
- 		 */
--		if (!check_mask || sysrq_on_mask(op_p->enable_mask)) {
-+		if (from == SYSRQ_FROM_KERNEL || sysrq_on_mask(op_p->enable_mask)) {
++		} else if (from == SYSRQ_FROM_KERNEL || sysrq_on_mask(op_p->enable_mask)) {
++			/*
++			 * Should we check for enabled operations (/proc/sysrq-trigger
++			 * should not) and is the invoked operation enabled?
++			 */
  			pr_info("%s\n", op_p->action_msg);
  			console_loglevel = orig_log_level;
  			op_p->handler(key);