Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp1240352ybi; Fri, 21 Jun 2019 17:08:58 -0700 (PDT) X-Google-Smtp-Source: APXvYqyC/awp3RQDCWSHMadOGiORVszcMyyNq6apvtEurseLl7QYvjI2Gg6eDuGTPUH3n6LoaIKW X-Received: by 2002:a17:90a:480a:: with SMTP id a10mr10022764pjh.57.1561162138015; Fri, 21 Jun 2019 17:08:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1561162138; cv=none; d=google.com; s=arc-20160816; b=tSLHKAikdlXtWe4ma229vbLpLzyDEUv+AjUmsbj0DKfEGKzqjQ4vh2LniMi3DIaRid FngXXC/3JpgwxDb0w9OzSd9MLp6np0yg67oHL7tZZQQuCVVFKxK7GDWseMK4FRnwpgUa 0UfYl1Wb6la4lQOAnUTlgQL5X1irKzcW+lGJD+HRruWIV2ZfcGhRoeab6OnTjfkOgTXC 1ztnNDGX3gWlKkmZt/0gbbH0yNy6q3zylFVyS3ro7A6MuVb2bGzqZrJuqrQHwRy76QoV AXhUzXWWZ/0WOvWE4fHgt5P/gIHu9IexvgqCev0XWN7qWGMKmYY57kupO3WDmA0UL79s UktQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=o4JS6ZsbyHnt4Iukj8bZlTq9cv6XEso1+I/lLyLsbpA=; b=gAJIKDHT1oT8y90B25KEmEH1H8TXH6S1RwkQvnvApXzKNMOfxYs2UP0AlC5590kMA9 GDG6WO9d1QYemTQh2JX63gXT058UEYqdgmXJinWmiDPvHSsxuWMLKFsypRZAfhov4kAg /myosKWSJweQxBAISoarVS9eUXjZHleHLPtXQ8ovVWAxA9DJIErhdbJjZ7YF0tOE3u81 3XWoOIaqlgictnl7kcRogzHwshW0d48AxRZ64b3hgfl1TLEXqSo9uQbpw25QC2uVtJ4W 2kRUM1pvyL6tPCYHwbcssoiRlRthLNHMvyVZheaMWakV9trfl7BSft7wMISRWwkLrY8l KBYw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=a+jT2ExB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y14si3844000pjr.88.2019.06.21.17.08.43; Fri, 21 Jun 2019 17:08:58 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=a+jT2ExB; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726874AbfFVAGk (ORCPT + 99 others); Fri, 21 Jun 2019 20:06:40 -0400 Received: from mail-pg1-f202.google.com ([209.85.215.202]:36692 "EHLO mail-pg1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726601AbfFVAEZ (ORCPT ); Fri, 21 Jun 2019 20:04:25 -0400 Received: by mail-pg1-f202.google.com with SMTP id s4so5008161pgr.3 for ; Fri, 21 Jun 2019 17:04:25 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=o4JS6ZsbyHnt4Iukj8bZlTq9cv6XEso1+I/lLyLsbpA=; b=a+jT2ExBtmOGrE2RBwibGRFthL5zBOYgrJWml8uNIPt9rHxq+DfglrA0/Y5pBqU9QQ HpS+WH2bZYzHAFWpqgCYqmXUCwak+27QIHhABd4BbGjacaPht5GkZL4AUiYAZqiFEw4g OWfCM5eDm4KrIttm0QlSi2FmyQ5mMxmZMrAg0PPYAY9jtCypjRtwPzqrvztnH6gGIENN 6gg0DvWo19xJnE3hv2pBXaws7upY4aoCIGqykeQepmFEC2MeVBjac+ouverM2jCUIr0N 76vtr2+s7zaSAuTfMYgT3Eb5U8sq72+KctC6jCs732M5YkTFIz0QsAVT6vMlXfsS6YBn 4DBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=o4JS6ZsbyHnt4Iukj8bZlTq9cv6XEso1+I/lLyLsbpA=; b=HeaN1ez2HgnW2g6oD09jkN4FtWScL+s8uWl4Rgu31tbKi3udnv6JCFTbfF2vRNti8t XP+cn4kX7I5si3YF9BCNf6p0wml264eIhEx3dsj8Rd7JaYG3tnWwfdaAEFuUGB2ti+kq eB6hr8LP389HVa9FD1W5d9i/mNgygPYd97rRqpTj6p7rVb6GWjmEZ3kJVi5cyltnf25I Fdv2z+9flvBWMF768qEMJK2Ck5LPGAczrCnoHnKQeWECw3zD2u9F2ymDIf5IhrnLeatL cAw01ioYfaGpc+f8B+/mNIMsTl9EVUGyQ6JiLvDVQiVW+VOsFOZhSLchFPJVBTCGZhEc LjgA== X-Gm-Message-State: APjAAAUnMrbGCWecRksnFUq77nOx7vkZkyud53eUuoy8tBpcB2U5q3Kq iq6RGhd2al3+/u+3nPhBGlhmHPnlw+Dzp+rgvq245A== X-Received: by 2002:a63:8c0f:: with SMTP id m15mr1862896pgd.441.1561161864327; Fri, 21 Jun 2019 17:04:24 -0700 (PDT) Date: Fri, 21 Jun 2019 17:03:38 -0700 In-Reply-To: <20190622000358.19895-1-matthewgarrett@google.com> Message-Id: <20190622000358.19895-10-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190622000358.19895-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.22.0.410.gd8fdbe21b5-goog Subject: [PATCH V34 09/29] kexec_file: Restrict at runtime if the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, Jiri Bohac , David Howells , Matthew Garrett , kexec@lists.infradead.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jiri Bohac When KEXEC_SIG is not enabled, kernel should not load images through kexec_file systemcall if the kernel is locked down. [Modified by David Howells to fit with modifications to the previous patch and to return -EPERM if the kernel is locked down for consistency with other lockdowns. Modified by Matthew Garrett to remove the IMA integration, which will be replaced by integrating with the IMA architecture policy patches.] Signed-off-by: Jiri Bohac Signed-off-by: David Howells Signed-off-by: Matthew Garrett Reviewed-by: Jiri Bohac cc: kexec@lists.infradead.org --- kernel/kexec_file.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index eec7e5bb2a08..27adb4312b03 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -237,7 +237,10 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, goto out; } - ret = 0; + ret = security_locked_down(LOCKDOWN_KEXEC); + if (ret) + goto out; + break; /* All other errors are fatal, including nomem, unparseable -- 2.22.0.410.gd8fdbe21b5-goog