Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp4544308img; Tue, 26 Mar 2019 11:29:36 -0700 (PDT) X-Google-Smtp-Source: APXvYqwAn8ldK9S+fOOCqtSXCHDTEdH9ak1PYwCU3I/H7bjjoVOHNtvkYl3DWykJhL/jSd1iNk4b X-Received: by 2002:a62:6c43:: with SMTP id h64mr31186798pfc.123.1553624975963; Tue, 26 Mar 2019 11:29:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553624975; cv=none; d=google.com; s=arc-20160816; b=V3Tc+M/Xz+k6slGKdWF/s0ydEV1VM9GdjfNLo8qA+isZ5GNDaulIGdHfpH8HKDUddV y0Ic4UpnjAMtcHmSi7usKqqDMEtLLdRhqSNQn6R2md1TWuwW5IeqeMhtfhkl3yhrgYrr wZxN04rURBndvDXeagGRH+Z6x+QA+hiO0o1blB4OR/u36mJUBX3Wi0ej7HPg5W8nSPHG LoG96ZZ1TIEye+DiRDOaXfEyFVJ7WgImzMZfBlzJehc1zOncrNM4MhgeHIUFUP/lLDXI obIxXSBOhEI89Q7iUMHriPyh+5Pr/wktctDpk26gUaw243oFgPyDV77c1YXK7XteVx8b 5y8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=iaaF5/aYD/K1PTKwNLEWQdX8WLqLGYfc09hndKsTKvo=; b=ClPmXPrPO66SJd4QCeDLAO1r/aIU/g3FXE2zC9FYxN4d9Nj2IdqTeZK18c+VZGEmz9 qUVaXsoI9Fx9qWgsAjIFhhncj86WyciZBps1AcjMpqgduoOtBjskyiCp+AfuGpzucspq dKl4kBfP9PX4PXYR16KJr4m/9DxgPF7lEPQwJeBQeqStbDS/Y+r2r5jdPkicfeW8W3oK rGV0rrSBVBZkWmV2+04krObF349GmGlSFjhxuZLMZD+xWmmTIbQcnL4U6nzSHmSPsY2g w8D4czJbIonihPrzj41/y04AZuNhWhnClTvB9gWs46P6C3HCYnvIjECN8A+lCFyxuSnO AGyQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="l//G//2s"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t11si15951510pgp.229.2019.03.26.11.29.20; Tue, 26 Mar 2019 11:29:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="l//G//2s"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732659AbfCZS2R (ORCPT + 99 others); Tue, 26 Mar 2019 14:28:17 -0400 Received: from mail-pl1-f201.google.com ([209.85.214.201]:55782 "EHLO mail-pl1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732642AbfCZS2N (ORCPT ); Tue, 26 Mar 2019 14:28:13 -0400 Received: by mail-pl1-f201.google.com with SMTP id m37so2642377plg.22 for ; Tue, 26 Mar 2019 11:28:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=iaaF5/aYD/K1PTKwNLEWQdX8WLqLGYfc09hndKsTKvo=; b=l//G//2sHdyapUFBKmU1Oe0w93NOV++WkMVLG4McMk+SBsjMEM+vwC89tGHOeX4bX3 iLq2kDF27llh4VMpGE2JN5mQSXFfsQXQ6lDhYGtVWKn+8k364eUUUUFwWmvoQAg6NLmf GHIbF9CfAVLYRRoFqCFAY1gOfCMug1s/siggmuBq1Znm3Cu8YRUYsq7EpMo/6j7VjBef lCBHnMX9WL8pjUdPRK6ORN67KC8xL61mOXGev20Lw8Mkp0N+UiHfZzP3hC5VMfvpsnuf ki1fbB3JpuJVLdbavBWsVnzqyTLpzCb7ODNS0Q+LbzEj0FoHeMceWgWYlYk7kiTux4VE KGoQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=iaaF5/aYD/K1PTKwNLEWQdX8WLqLGYfc09hndKsTKvo=; b=TNrRKQYcrACZJ4nXsG+t1oXlvCkSfhsLcAjc4hXuznBb/jsccq09s3Xf/19SdpTWKN ziLi/VUgQP+un+sqHcphIyIXfpsIRm2r0WBneGxzyER3IMxqSannOQFRJHcx0eDr7eAe cMYDlZ2KeAmTDDf/fY1jPMlSwZO8np6ZFe3NdgUFAjTLBfPXGWkXMIsXG1sxh5HVOto4 EOBI9kyhlJ5bIxr4GEmAGvLdJjivegqcDPrUONpshQOd3K2SYsMvdyegSi/45k7I5VWc D3B5k1AoViqXKwpFw3QHxBEW5hWhI/Lqob+F4c0k6bjorZOxgcqRuKIOgsF37O4FCMCu ZqBQ== X-Gm-Message-State: APjAAAWtmwyzehMu52jIbECuZ2gxKc6w2P+NJvA/6buG+2JDHSGg29bX jF6soGiy4Y51zfvkOdq4uWpsGRuKmSYN2LrU2VUzFQ== X-Received: by 2002:a63:2747:: with SMTP id n68mr29116516pgn.317.1553624892782; Tue, 26 Mar 2019 11:28:12 -0700 (PDT) Date: Tue, 26 Mar 2019 11:27:23 -0700 In-Reply-To: <20190326182742.16950-1-matthewgarrett@google.com> Message-Id: <20190326182742.16950-8-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190326182742.16950-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog Subject: [PATCH V31 07/25] kexec_file: Restrict at runtime if the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, linux-api@vger.kernel.org, luto@kernel.org, Jiri Bohac , Matthew Garrett , kexec@lists.infradead.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jiri Bohac When KEXEC_SIG is not enabled, kernel should not load images through kexec_file systemcall if the kernel is locked down. [Modified by David Howells to fit with modifications to the previous patch and to return -EPERM if the kernel is locked down for consistency with other lockdowns. Modified by Matthew Garrett to remove the IMA integration, which will be replaced by integrating with the IMA architecture policy patches.] Signed-off-by: Jiri Bohac Signed-off-by: David Howells Signed-off-by: Matthew Garrett Reviewed-by: Jiri Bohac cc: kexec@lists.infradead.org --- kernel/kexec_file.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index 67f3a866eabe..a1cc37c8b43b 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -239,6 +239,12 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, } ret = 0; + + if (kernel_is_locked_down(reason, LOCKDOWN_INTEGRITY)) { + ret = -EPERM; + goto out; + } + break; /* All other errors are fatal, including nomem, unparseable -- 2.21.0.392.gf8f6787159e-goog