Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp3665040img; Mon, 25 Mar 2019 15:15:07 -0700 (PDT) X-Google-Smtp-Source: APXvYqwy+NeOZRu1vOqnyinuLySTtTtfZfG6l7IBuQhlNfqDxh8lbO4se7ZUdi2zaWHPz1gc+UO5 X-Received: by 2002:a63:6903:: with SMTP id e3mr25678665pgc.147.1553552107599; Mon, 25 Mar 2019 15:15:07 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553552107; cv=none; d=google.com; s=arc-20160816; b=SLfqF+g01dOlkMM08dggE2/fLJUXP6tisjMev64HdZ2q7aAvldcIkexiK8lTEbctOP CxXPlFKqJAh5983bvq3yKMlJ0i6D2TUhGELGpzWnTJpnCz7ZxWZGe5yNlf/5WWEAW/9n MMLAZ1mti0G0kZHbaIeud+VxvhK+rMKKlBBHRMT91GpVpmCvSXc2k/luRPQibY+OxZSr r8G5b9LVK8zKsgyLJIk2RaTRBgjX0Mg9ZllDCw9zV8g2kBtbIbmaCPekofah/WiVMbzz J+SnOhJkheINgwtcbMrtWPn443iEM5l17gPD9vH5nJfD8uPJKrhOyui4n/OYN+ghRw3o kEnA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=X5oNP2XY53YozTNmiCclewjXBZfVRAeb2tiuFY95Uwk=; b=HJrqDRE3VG6uXjfNdtlbX6NcyefdT9tSuwrwS+pRUtrZTmLtyLj42EEtK4dPmCJ1z2 vtFexqNBBZkeqQFPpASf8cVOY42pdIXQ2YKeRX/Coowvp0Wxd21u1N8jsUDliacooa4C srMloAFCM1qnX0j6pu4WsG2noEvzr7JfsneG5g2hgNkPMhHq0IqB7rOV30cTKd4Mi/IP U8FA460x9B4fkM2mWqofaLFrWT9yMok0Fi46Li3Qf268LP3CsPYLHvSiKayuK5oVBAN2 DFAPCyGHjjLn9GVgIdDq4aaXFJ4mwqOygSNiPTSoCxVCbdRE7QetzwInMT88Y/NNVjf9 t/Pg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=u13CIWRG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m7si14914760pfb.272.2019.03.25.15.14.52; Mon, 25 Mar 2019 15:15:07 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=u13CIWRG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730803AbfCYWKT (ORCPT + 99 others); Mon, 25 Mar 2019 18:10:19 -0400 Received: from mail-ua1-f74.google.com ([209.85.222.74]:54480 "EHLO mail-ua1-f74.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730754AbfCYWKQ (ORCPT ); Mon, 25 Mar 2019 18:10:16 -0400 Received: by mail-ua1-f74.google.com with SMTP id n17so1334806uap.21 for ; Mon, 25 Mar 2019 15:10:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=X5oNP2XY53YozTNmiCclewjXBZfVRAeb2tiuFY95Uwk=; b=u13CIWRGtDMPj3byxBFCVrr6OnDevFvTn8bFk79IWQ56LzoqBeROHSCpVHTrb9tna+ QqcOQTtuSPNkcEgBAV1gJh/I5l0ktQ1woTpRAK9ZjwYb5I9okHjQGn/SUFJsOBIz09cC YvzwPEyi3dt9tEGY3MgzzFHFpsLDpERJo0wH8uf9DAVzkxAZMf2v7vlwDs0lSjNRpRnu LQytjUdQZEjm61YEsjWouhp1uiqxAatExqMEZordeAQwIvcSNsJrsF7viRyi2MSggQ3J 8V0vRKYU0k5tp7SWc2P8q99CmUAqb8NFdLeibtJIap7kN4PJsARZLkTr3HNNjTBVfY8c Inng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=X5oNP2XY53YozTNmiCclewjXBZfVRAeb2tiuFY95Uwk=; b=bNJ2LeIpZvsA477O5x4ABYK9zV3RWhjanCKoO+7X6PC4NJ8ZuWToJuQHoFGT6pGi+2 0HAzhpfkI47mI9iHlHG9dlCA3PfqFf+UcokTxqF/TJgWunndznvQOH1kUGgvzDixwkIr BGutCSR3injPji+bI0Tp35AZBFg2BsbYDutOmPSeGGu/4fDslahgvewxLVKAqwU+HitK jMj7yHqMEdI5NDrXXeBNCL4u8zyrIHKzVVLEbcQoDZiG+JY7o0YZQHCt5Bn9yhE8xDBg cP86jsiY+VIJKKocOkT90dLIfH42Cc8N6E4nL968f57NhwmmGvE0TJ7VNehiauxol8tv KXsw== X-Gm-Message-State: APjAAAWHBfTgjJdVHHchlBC7n/dzhRS9UZDwt+YtEB9psR5vNgJdPzGX /ezxfkTlmLPTBQDDNNCI7x4fhlVDpeae6sxBCKo0YA== X-Received: by 2002:a1f:b587:: with SMTP id e129mr15961016vkf.23.1553551816082; Mon, 25 Mar 2019 15:10:16 -0700 (PDT) Date: Mon, 25 Mar 2019 15:09:34 -0700 In-Reply-To: <20190325220954.29054-1-matthewgarrett@google.com> Message-Id: <20190325220954.29054-8-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190325220954.29054-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog Subject: [PATCH 07/27] kexec_file: Restrict at runtime if the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, Jiri Bohac , kexec@lists.infradead.org, Matthew Garrett Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jiri Bohac When KEXEC_SIG is not enabled, kernel should not load images through kexec_file systemcall if the kernel is locked down. [Modified by David Howells to fit with modifications to the previous patch and to return -EPERM if the kernel is locked down for consistency with other lockdowns. Modified by Matthew Garrett to remove the IMA integration, which will be replaced by integrating with the IMA architecture policy patches.] Signed-off-by: Jiri Bohac Signed-off-by: David Howells Reviewed-by: Jiri Bohac cc: kexec@lists.infradead.org Signed-off-by: Matthew Garrett --- kernel/kexec_file.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index 67f3a866eabe..0cfe4f6f7f85 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -239,6 +239,12 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, } ret = 0; + + if (kernel_is_locked_down(reason)) { + ret = -EPERM; + goto out; + } + break; /* All other errors are fatal, including nomem, unparseable -- 2.21.0.392.gf8f6787159e-goog