Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp4528861imb; Wed, 6 Mar 2019 16:03:38 -0800 (PST) X-Google-Smtp-Source: APXvYqywtpXKTtnYSOcwdHJtaUhlx1388l+ld1M1895h3nMiLROEwJwxPFzbZK+gQwxR919CoAPE X-Received: by 2002:a62:834c:: with SMTP id h73mr10363601pfe.252.1551917018189; Wed, 06 Mar 2019 16:03:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551917018; cv=none; d=google.com; s=arc-20160816; b=MGcK/wy4NCtkqAPZS2LPWUTRnHGDRUktEkiwyuxP5kGEfnq5hCAFBrXfBU2ljGJb6k Wp805q0QKFhZye9ujgFchc7qWEgBVj4A+maVT0vDAeVobAPm2LeazQi8U14LRwmRf19N 6C2p9HJ9DEemuVjuoqzYXUC7TosPGMDQvuYolIhjscINNXE9+DCkic+OtQdakIqjPOtg hqZYIk/Y5CsNEjj9MHoP6nvBrhJOngfz6Ls5uhhBzaur+34rZtyGJmw6vwVO5qThOONa z1FP8dqi8J9ik0xiJ2y/64g6qznC8BEYAeYy3ZDvTV1rcrQKOGfzY/tRHgDtCGXZq3fQ wdUg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=rcoY9tEENkPaxN2uc2H4A3TvvTCasWpC/2OBy6PWjj0=; b=HT1CH0hPV11JukAkxjM5yMMXMUIlmnnI79dxeWh7p5crvxEsUWLv041FGq1CQpaie1 cIcEO3T8NHBMVWy/6JQ/S+gcJuZXfrN8NzbGy2PkN7L1OtoQqdSThsxBz78IDPK0g6bm 7cJxkxZtihdJJtTD3AB6KgESJ0pfklhK4SHX6ekX6NP21Gv1zKkFTRlkBIp4SoqqrDJk aa6/rnbr0Mc+oAuQm1SsJMxQjhN8hq1AmsfhmkfMERGUU+MUfYfs+uUPHkl9XgoCxymx PI1gMqzQne/gLOUmorwWhQhBKsrO5olAawZL8s8Qn/aXTDxVgc529yua0iaoFWWwL7wd BGOg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=JRB6MFnI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 1si2818299plw.207.2019.03.06.16.03.22; Wed, 06 Mar 2019 16:03:38 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=JRB6MFnI; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726411AbfCFX7v (ORCPT + 99 others); Wed, 6 Mar 2019 18:59:51 -0500 Received: from mail-it1-f201.google.com ([209.85.166.201]:58600 "EHLO mail-it1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726418AbfCFX7r (ORCPT ); Wed, 6 Mar 2019 18:59:47 -0500 Received: by mail-it1-f201.google.com with SMTP id 9so7041275ita.8 for ; Wed, 06 Mar 2019 15:59:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=rcoY9tEENkPaxN2uc2H4A3TvvTCasWpC/2OBy6PWjj0=; b=JRB6MFnI6CPHKumtls+v+QBW7huDdcHgUo+9G6jnfMgtqnoDu+NHyFBZ3cUbo632t2 PlyEn7WDWbPymbRpkF3y3nrGsSdRqjr6WuE0wI5aQpoDoJtOPImZywpluRwMVNUtzYnv vr8adGb/tSGxj/r/6bBGVZYEhsyms0OeDTa+7aU7+SmwYVp224csVMQWZUWLnSPI0P4K udeBcAK3Ti48QozUBr3XOz3jl02KsXDgn3AOjVOj03xEtm8S7aLowHKVDYj6l5OL6cLW rYZtqPka5Y+F/WjoAzm6m9vHA8cgp3v6by7Z5TBVbSp/uAEjvbwkH3xvVDBUX5flQAGx qC5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=rcoY9tEENkPaxN2uc2H4A3TvvTCasWpC/2OBy6PWjj0=; b=H0Qapa7RWsKYkd87YuYWmk7Y+htMYRxEq6VzLhBT0ILeJV7fsklNdfYJtHnkCR2Vzm 6tkJxquEl/LwKYjbG2iJzNN80ET5RlBqzNnBseKU1/U/c9dtMlUvFDyq25G79MNRuY2V x6PA01JLp1QdFddRH3aOdndPETt6Gvgqx7tmjKuIWWqlFPswr9w7fHgEQUyFmpSLcMjm v63fB2C0ASdfr8Y34zbsFCQdlNMPQbO4gf4DDb8uuBXXv6OwKO7r+LnUkOc052HdGVfQ 9uc/FcAmNQbmn5i7g/YMlC8m1zIxmAxv7ei1DMYDR5zcOQtmU2C+QvdCsFt1pERdytXB 8VRg== X-Gm-Message-State: APjAAAWjWaCWEhf/oc31hJejPzPDacE8Akc49REnzleMR5wa/yPiriZS njv/3fIUuVHFUiubDiQTx9RFgzTKGePu+l18juPEpg== X-Received: by 2002:a05:660c:48:: with SMTP id p8mr7384486itk.31.1551916786498; Wed, 06 Mar 2019 15:59:46 -0800 (PST) Date: Wed, 6 Mar 2019 15:58:54 -0800 In-Reply-To: <20190306235913.6631-1-matthewgarrett@google.com> Message-Id: <20190306235913.6631-9-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190306235913.6631-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.352.gf09ad66450-goog Subject: [PATCH 08/27] kexec_file: Restrict at runtime if the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jiri Bohac When KEXEC_SIG is not enabled, kernel should not load images through kexec_file systemcall if the kernel is locked down. [Modified by David Howells to fit with modifications to the previous patch and to return -EPERM if the kernel is locked down for consistency with other lockdowns. Modified by Matthew Garrett to remove the IMA integration, which will be replaced by integrating with the IMA architecture policy patches.] Signed-off-by: Jiri Bohac Signed-off-by: David Howells Reviewed-by: Jiri Bohac Cc: Matthew Garrett cc: Chun-Yi Lee cc: kexec@lists.infradead.org Signed-off-by: Matthew Garrett --- kernel/kexec_file.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index 67f3a866eabe..0cfe4f6f7f85 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -239,6 +239,12 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, } ret = 0; + + if (kernel_is_locked_down(reason)) { + ret = -EPERM; + goto out; + } + break; /* All other errors are fatal, including nomem, unparseable -- 2.21.0.352.gf09ad66450-goog