Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp86047ybi; Thu, 20 Jun 2019 18:24:44 -0700 (PDT) X-Google-Smtp-Source: APXvYqwJU3i87IOfmVxWEw/SONE7qqTY9jHtkbmuO2WPwtJmzdArvWEyC02hsYxw6LS5XoUMOuLz X-Received: by 2002:a63:2258:: with SMTP id t24mr7171047pgm.236.1561080283701; Thu, 20 Jun 2019 18:24:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561080283; cv=none; d=google.com; s=arc-20160816; b=fghsKtr3OyGEBmEXsNh7pNUxmvBV67XG4hvs+I4RqhZHK1kis7y2sgo4zvRpClNJIu kZNHAzvLJMa/y7VR9nS5XA3VLhgLxMKWH/0NTPBDu9AjgXAZKNNjcg9R4qThmd4pohEm MXvd6NFeSJW2xG7ZaEphQeJ9X6oYrQxJaMzny70zYYIMW6m8cV9qcB04fuEKHh5XAIPi 6BCTBSOnOkqNk0wVsarZDl19FKik0LyvCLTERY896uSWHDQyHr+HmsSu5dgCiOsd+F7r nU23G7dUiN2YAUgR3Fl1CZ66vmNOo4dPc4al9MUshEOioZ9ZqGWBaJFus4FUN8sDtIZb FT6w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=sZPDagH2N6OInO/tFeMg9JGeODlstxnUOt5waxS+/Vg=; b=AVqxj01fzsFjoyfOtpGUh3CmKxv6ei7vgkKDH9OASZ48ewJTl7d1FIjSvf2StlkS0n 3FOEjBLe7YYRc+O29EPckBRkZXkOnS8avTvwrwJN7cP2+q1lmeLQkKW5UgqP4XBOapIZ 4O/Z+aMYKHsdflqLAdxi83eetNWO1R5G9OglJLZecHFLdMDGdIZW/L7XEUn+EYfR6OGK NVE7J2+BLyrGyCcAjvpr18l2GHonLHMC2NIVriyTlAbz8KwcvdRLxs25e3xz6rYkJAlE 12Rgx3moaibJ48Rx1ketAmvjI6SIl42bC/JkOGt4GQZ829yml6+SmVloXlylalQaE349 YiaQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=pHH18yoA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 5si1086737pfh.3.2019.06.20.18.24.28; Thu, 20 Jun 2019 18:24:43 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=pHH18yoA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726591AbfFUBUP (ORCPT + 99 others); Thu, 20 Jun 2019 21:20:15 -0400 Received: from mail-vk1-f202.google.com ([209.85.221.202]:48242 "EHLO mail-vk1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726556AbfFUBUO (ORCPT ); Thu, 20 Jun 2019 21:20:14 -0400 Received: by mail-vk1-f202.google.com with SMTP id f184so1919599vkd.15 for ; Thu, 20 Jun 2019 18:20:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=sZPDagH2N6OInO/tFeMg9JGeODlstxnUOt5waxS+/Vg=; b=pHH18yoAvnmfW2qvCxuOEiD2FV/+42fWKCvrpZZu8PPhOc9gYupxE7PK6VpLmLQXUU fve//NFkOKVWipooUBEnA3UcVzYHXWHFA03vNawm1eIL/hRriG8rI4pyD1VJdMiEJqZ8 80BEkDl7fWc5uJnNPpj/k+AzYjq/FMeNUF2Z5fTF7XHJdfi2rOzjvKpjlcQFPRd/3wr2 QirOfocXpfj5d2J3a+xkXF0J8R5o3pIsDbCwMiw5l1FgVBqeBAZ7mzDeR2s80FZYb/CK wHA8vGJZMP21IqcWXFBAXYdudMiW7M/o0z+aQXYnQOjnTbV8Ev4KFD8GEpSTuHMRcwT0 mINA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=sZPDagH2N6OInO/tFeMg9JGeODlstxnUOt5waxS+/Vg=; b=RzDobSSS2TJpbHizC9XUTL7EDoz3HyimA+a+drpvv0keFkdxHmsjqLCjrUMh9zQp05 6TOpse+Sld/E3g0EddyBTp5Pk7WwG6J/hdru4Hs4oK7dnZk94I2NEHhqilaLfnXuTkib S+qBMYgz1cxooFlCA8/RAgT1wHt2UZDTYkBzVWHNr1fkBQRwVfdhzdstaV25/UgdsZeg QwDeOAYV7bQ+zJo2si9ATVKuO4YYaGJY/hYCN8AhDdXhgVL4moqb4oSVUsuS4pQta4fu AP7PytBaJacNMS+A2ebfuQwTITmOHjSexchZghgZiKgp5uTt5X+4pXnQ6/meoY+vBdwd PErQ== X-Gm-Message-State: APjAAAXjgCi+N6bD2E4CMaNVabtgbcNj52HoMIdV3qJKDky38AnKijQD O8xvfCK7d4q9vOkm9BHkDXpE8SA7MRa69gGhjbGXGA== X-Received: by 2002:a1f:23d6:: with SMTP id j205mr8388245vkj.52.1561080012958; Thu, 20 Jun 2019 18:20:12 -0700 (PDT) Date: Thu, 20 Jun 2019 18:19:21 -0700 In-Reply-To: <20190621011941.186255-1-matthewgarrett@google.com> Message-Id: <20190621011941.186255-11-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190621011941.186255-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH V33 10/30] hibernate: Disable when the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, Josh Boyer , David Howells , Matthew Garrett , rjw@rjwysocki.net, pavel@ucw.cz, linux-pm@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Josh Boyer There is currently no way to verify the resume image when returning from hibernate. This might compromise the signed modules trust model, so until we can work with signed hibernate images we disable it when the kernel is locked down. Signed-off-by: Josh Boyer Signed-off-by: David Howells Signed-off-by: Matthew Garrett Cc: rjw@rjwysocki.net Cc: pavel@ucw.cz cc: linux-pm@vger.kernel.org --- include/linux/security.h | 1 + kernel/power/hibernate.c | 4 +++- security/lockdown/lockdown.c | 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/include/linux/security.h b/include/linux/security.h index 2d3c69b9fd04..deac722f0d86 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -85,6 +85,7 @@ enum lockdown_reason { LOCKDOWN_MODULE_SIGNATURE, LOCKDOWN_DEV_MEM, LOCKDOWN_KEXEC, + LOCKDOWN_HIBERNATION, LOCKDOWN_INTEGRITY_MAX, LOCKDOWN_CONFIDENTIALITY_MAX, }; diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c index abef759de7c8..5804ffeb8622 100644 --- a/kernel/power/hibernate.c +++ b/kernel/power/hibernate.c @@ -32,6 +32,7 @@ #include #include #include +#include #include #include "power.h" @@ -70,7 +71,8 @@ static const struct platform_hibernation_ops *hibernation_ops; bool hibernation_available(void) { - return (nohibernate == 0); + return nohibernate == 0 && + !security_is_locked_down(LOCKDOWN_HIBERNATION); } /** diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index 94af1c3583d8..42b7bc467ef6 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -21,6 +21,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = { [LOCKDOWN_MODULE_SIGNATURE] = "unsigned module loading", [LOCKDOWN_DEV_MEM] = "/dev/mem,kmem,port", [LOCKDOWN_KEXEC] = "kexec of unsigned images", + [LOCKDOWN_HIBERNATION] = "hibernation", [LOCKDOWN_INTEGRITY_MAX] = "integrity", [LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality", }; -- 2.22.0.410.gd8fdbe21b5-goog