Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp1237370ybi;
        Fri, 21 Jun 2019 17:05:20 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzHNSee6NOqWHpaHmCcJ6oEpAgPADrmLicUBtIvyKxzbQ5JeQdtAbz34NSY33K15rkeyy69
X-Received: by 2002:a17:90a:cb01:: with SMTP id z1mr9786957pjt.93.1561161920755;
        Fri, 21 Jun 2019 17:05:20 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1561161920; cv=none;
        d=google.com; s=arc-20160816;
        b=u5yvSD1n320wuu5NCsCuk8rhYfHq+7vV9PSFt1ctPQXCMrH9xds0CSXXFNbKC9UXS4
         ReuNRkBOI8GlW80ZfR9ZMvrLCM5AQR2E9dAlx/sd+yLUV7Ig3hDB2dy3u4rNVFlNG1Ph
         7d5IpSCTHl82Rx1pBHINsmk2JfKGrE79Vzf1jXk+F3SMQnpZbI1yt4JlYZjgIeoe878+
         1cAAbtZYrkNH4+pX3IiKKEvl75T/TpX3w9dMEbFrtDaOqQYY463Acgw2cYn0XHJt/hyg
         S6LzsxCJG/rbfc1Cu6/8e1xvqsYJENB+QJgmMDl1+7ZncfZuXFweJdtMuE2XMmMmV0oL
         BcBA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:from:subject:references
         :mime-version:message-id:in-reply-to:date:dkim-signature;
        bh=E1ydClCjIQanqkYubDCe4fTQ8CyYEUPCl76Zws+exX4=;
        b=bLQAc/ZyU6VvT/69LbAnm3rZGV4EL7WFt5AoLlQuFaVdlnHVQf3u030YTVNxp4YzfO
         sWHI3dvqG4BgCNDDWoEjBLhlRe+lOkFLdnRVl2GKZA5qje2Cqul2OGJnPR4tvZv5dG4n
         WqWnySJVchmCLBH+Q0TiFNxmDnYNawKR9LoXbMNRao/ZN1KjdAWVjFtJESGN5PekIQI9
         dZL8kHIipnhEDz87r+ldZ1fhh9BuyAUy1L01xM5l05J7PcRWmOsvxZAt5JynCvGHIicL
         MGdxSGPGqlAED2yrJ5k63/vMfkyZ/SVjTYyldEoYar8Cy8h3nrCQNS5iHFL51XD/Ta+W
         JxEg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=Mw1nxxDC;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k71si4290832pje.29.2019.06.21.17.05.05;
        Fri, 21 Jun 2019 17:05:20 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=Mw1nxxDC;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726653AbfFVAE3 (ORCPT <rfc822;vladislav.valtchev@gmail.com>
        + 99 others); Fri, 21 Jun 2019 20:04:29 -0400
Received: from mail-pg1-f201.google.com ([209.85.215.201]:41604 "EHLO
        mail-pg1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726631AbfFVAE1 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 21 Jun 2019 20:04:27 -0400
Received: by mail-pg1-f201.google.com with SMTP id x3so4998169pgp.8
        for <linux-kernel@vger.kernel.org>; Fri, 21 Jun 2019 17:04:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:in-reply-to:message-id:mime-version:references:subject:from:to
         :cc;
        bh=E1ydClCjIQanqkYubDCe4fTQ8CyYEUPCl76Zws+exX4=;
        b=Mw1nxxDCj3KPV9UNkkVTuYDyrqaNw9yfe8VMRM7ZPzqyoc628ni6A1ID84X/NQY/eG
         TjqgdDZ2eclCmQYBtR64hrRsKfdJ0/b2ea/MKIjVjf5Schmnsf9z4DGGkKrP3ZMtf/4Z
         5fExcPm/lB+/BHv/goxmhPnXnifnIxGZIkdJL93w+OXXSyC4vIJylekCmcsMP9+JbsT+
         gVi97q0IioDlBycYNesWz61vacRTWYh1YbLAOH7R2x6khfBxHVRBC8C//eYSarvexPeG
         Uo1SHVP2bSJa/A300oItLeqbJObzG1tatKWOxjfQ/shMDZS2UzCNHcLYt+NAQWt6dMzw
         3Daw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:in-reply-to:message-id:mime-version
         :references:subject:from:to:cc;
        bh=E1ydClCjIQanqkYubDCe4fTQ8CyYEUPCl76Zws+exX4=;
        b=AHcYMo+UzMtI2/ksNmDw2/IUaNiV++i+b4f4Z5G5s5btfFmbe9U3qrMCbUvofyn4dq
         j8Zlz5qgaSc6ugkICoa+TzKED2JqU/JSaCQi/me68ToF2ibly8Jk0QnSHj64vF37mkJP
         3ZjQmaCCHqOLjy7FxhBGKlgUsxtBTDrRX8J5r5jmoazyaUff1IY4mIcEZlXnDEbkBmB2
         lNmvz+bNJzKLAGF0sGQ3/srRdGLBnFKLLs61Xwp2/XvT5VzVY48h2HkWKZaGQvi0nqhs
         qp/tE2JBNTDdNY7jyd5M86VGAEXgF0rFAkmVcTfDIY5f9/tIYIolPOBH8ZTRQ9oQXxJd
         g4NQ==
X-Gm-Message-State: APjAAAVGGkj2TzmYnX8TThcph02cKwsClObyDP8VbL+dXfBmd6M31LkI
        9gIQ1LEWOGV9/Wn4GOZO1ERMTPoXu9fKQ5IfticsMQ==
X-Received: by 2002:a63:e304:: with SMTP id f4mr20804148pgh.187.1561161866832;
 Fri, 21 Jun 2019 17:04:26 -0700 (PDT)
Date:   Fri, 21 Jun 2019 17:03:39 -0700
In-Reply-To: <20190622000358.19895-1-matthewgarrett@google.com>
Message-Id: <20190622000358.19895-11-matthewgarrett@google.com>
Mime-Version: 1.0
References: <20190622000358.19895-1-matthewgarrett@google.com>
X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog
Subject: [PATCH V34 10/29] hibernate: Disable when the kernel is locked down
From:   Matthew Garrett <matthewgarrett@google.com>
To:     jmorris@namei.org
Cc:     linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
        Josh Boyer <jwboyer@fedoraproject.org>,
        David Howells <dhowells@redhat.com>,
        Matthew Garrett <mjg59@google.com>, rjw@rjwysocki.net,
        pavel@ucw.cz, linux-pm@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Josh Boyer <jwboyer@fedoraproject.org>

There is currently no way to verify the resume image when returning
from hibernate.  This might compromise the signed modules trust model,
so until we can work with signed hibernate images we disable it when the
kernel is locked down.

Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
Cc: rjw@rjwysocki.net
Cc: pavel@ucw.cz
cc: linux-pm@vger.kernel.org
---
 include/linux/security.h     | 1 +
 kernel/power/hibernate.c     | 3 ++-
 security/lockdown/lockdown.c | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/linux/security.h b/include/linux/security.h
index 00a31ab2e5ba..a051f21a1144 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -85,6 +85,7 @@ enum lockdown_reason {
 	LOCKDOWN_MODULE_SIGNATURE,
 	LOCKDOWN_DEV_MEM,
 	LOCKDOWN_KEXEC,
+	LOCKDOWN_HIBERNATION,
 	LOCKDOWN_INTEGRITY_MAX,
 	LOCKDOWN_CONFIDENTIALITY_MAX,
 };
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index abef759de7c8..3a9cb2d3da4a 100644
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -32,6 +32,7 @@
 #include <linux/ctype.h>
 #include <linux/genhd.h>
 #include <linux/ktime.h>
+#include <linux/security.h>
 #include <trace/events/power.h>
 
 #include "power.h"
@@ -70,7 +71,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
 
 bool hibernation_available(void)
 {
-	return (nohibernate == 0);
+	return nohibernate == 0 && !security_locked_down(LOCKDOWN_HIBERNATION);
 }
 
 /**
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 08fcd8116db3..ce5b3da9bd09 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -21,6 +21,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
 	[LOCKDOWN_MODULE_SIGNATURE] = "unsigned module loading",
 	[LOCKDOWN_DEV_MEM] = "/dev/mem,kmem,port",
 	[LOCKDOWN_KEXEC] = "kexec of unsigned images",
+	[LOCKDOWN_HIBERNATION] = "hibernation",
 	[LOCKDOWN_INTEGRITY_MAX] = "integrity",
 	[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
 };
-- 
2.22.0.410.gd8fdbe21b5-goog