Received: by 2002:ac0:a5b6:0:0:0:0:0 with SMTP id m51-v6csp61281imm;
        Mon, 4 Jun 2018 13:01:56 -0700 (PDT)
X-Google-Smtp-Source: ADUXVKJoCpQxtdt5rk0DCc6tnB4zhfoz/b0wr/Vuca7WlC2eoxsn5QuON+Z15gklchICw66YrNBn
X-Received: by 2002:a65:4783:: with SMTP id e3-v6mr18436514pgs.235.1528142516897;
        Mon, 04 Jun 2018 13:01:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1528142516; cv=none;
        d=google.com; s=arc-20160816;
        b=PAPHxk5p5u3R6e+MTs2dW8j+mZkANGAhESVozmEx+VvlcXUv4v1rOe1tr39aWIJxiO
         XyeAcERhSb0xXPmEgQhlnivvx2CdVxjEFEozLZsZSdKRp36wP8vsSPwdNQOQHmqS6Krw
         lZzQ9O8DleKziwCyCWtObD4VBbArtck/DqfZmbuvZRw4gj6uWekcRIFVHsEAEdnATJFG
         6oXEUbMGSgnhn8Q7CMSXOcf+L2KssUXnlItF8iMRLeulDpTrFVjX0eld2+8eNoPBs543
         ZpqlXCp2caGhENa5xF9vJsr4kZqnhPHzdx34NbSbFSjg/cjh+sEh67KsNu3Sz1YpnbpI
         DCIg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=M0yqAlclZgbcZTzl0mJ5q/NejvKD8jbGGAY96Rf3Yww=;
        b=gjZO4FCVwIGEjvI8UZwpXetZET70KMEePgjXq5ke5HNiHln8uuoXJ+l1yMw9ovzSjL
         7MW3GI3gzgXhzZDxL/Yr/LhTDUzos9ZnVnaqhxHcH3auAUyZ2mB1OBfLBEsH5tkuAScg
         M0mH9Nc8C5BORt337hLKcFRJXv3fbEPRT69+vSymM1uzVUz8ymk6g46h8tl0Yf17f07i
         aL5nLVXk+BmOUlsx7DNcQAakk5iBuPt3QhnqdKduKXU9u/Ad9Mq07ugOJJGAB1toGlzC
         mZ456J9eOSKER5nWUFWG2MqswsLlOscj3nCcnHtRYdV/QB/Y7o4PmA8s8H0WcpL7vgwn
         F/iQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f9-v6si37280001pgt.625.2018.06.04.13.01.42;
        Mon, 04 Jun 2018 13:01:56 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751303AbeFDUAO (ORCPT <rfc822;rao.subba.venkata@gmail.com>
        + 99 others); Mon, 4 Jun 2018 16:00:14 -0400
Received: from h2.hallyn.com ([78.46.35.8]:56624 "EHLO mail.hallyn.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751093AbeFDUAM (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 4 Jun 2018 16:00:12 -0400
Received: by mail.hallyn.com (Postfix, from userid 1001)
        id 7A36F1202C4; Mon,  4 Jun 2018 15:00:11 -0500 (CDT)
Date:   Mon, 4 Jun 2018 15:00:11 -0500
From:   "Serge E. Hallyn" <serge@hallyn.com>
To:     Mimi Zohar <zohar@linux.vnet.ibm.com>
Cc:     linux-integrity@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, David Howells <dhowells@redhat.com>,
        "Luis R . Rodriguez" <mcgrof@kernel.org>,
        Eric Biederman <ebiederm@xmission.com>,
        kexec@lists.infradead.org, Andres Rodriguez <andresx7@gmail.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Ard Biesheuvel <ard.biesheuvel@linaro.org>,
        Kees Cook <keescook@chromium.org>
Subject: Re: [PATCH v4 2/8] kexec: add call to LSM hook in original
 kexec_load syscall
Message-ID: <20180604200011.GC14454@mail.hallyn.com>
References: <1527616920-5415-1-git-send-email-zohar@linux.vnet.ibm.com>
 <1527616920-5415-3-git-send-email-zohar@linux.vnet.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1527616920-5415-3-git-send-email-zohar@linux.vnet.ibm.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Quoting Mimi Zohar (zohar@linux.vnet.ibm.com):
> In order for LSMs and IMA-appraisal to differentiate between kexec_load
> and kexec_file_load syscalls, both the original and new syscalls must
> call an LSM hook.  This patch adds a call to security_kernel_load_data()
> in the original kexec_load syscall.
> 
> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
> Cc: Eric Biederman <ebiederm@xmission.com>

Acked-by: Serge Hallyn <serge@hallyn.com>

> Cc: Luis R. Rodriguez <mcgrof@kernel.org>
> Cc: Kees Cook <keescook@chromium.org>
> Cc: David Howells <dhowells@redhat.com>
> ---
>  kernel/kexec.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/kernel/kexec.c b/kernel/kexec.c
> index aed8fb2564b3..68559808fdfa 100644
> --- a/kernel/kexec.c
> +++ b/kernel/kexec.c
> @@ -11,6 +11,7 @@
>  #include <linux/capability.h>
>  #include <linux/mm.h>
>  #include <linux/file.h>
> +#include <linux/security.h>
>  #include <linux/kexec.h>
>  #include <linux/mutex.h>
>  #include <linux/list.h>
> @@ -195,10 +196,17 @@ static int do_kexec_load(unsigned long entry, unsigned long nr_segments,
>  static inline int kexec_load_check(unsigned long nr_segments,
>  				   unsigned long flags)
>  {
> +	int result;
> +
>  	/* We only trust the superuser with rebooting the system. */
>  	if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
>  		return -EPERM;
>  
> +	/* Permit LSMs and IMA to fail the kexec */
> +	result = security_kernel_load_data(LOADING_KEXEC_IMAGE);
> +	if (result < 0)
> +		return result;
> +
>  	/*
>  	 * Verify we have a legal set of flags
>  	 * This leaves us room for future extensions.
> -- 
> 2.7.5