Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp4687392ybi; Mon, 15 Jul 2019 13:03:51 -0700 (PDT) X-Google-Smtp-Source: APXvYqw6Dw3Zeekw7xAMW2zDgT90k51+D9j5hc1H6kXQLCROqj5oT8MkDtmjBDZxSimL4YAiZ2N0 X-Received: by 2002:a17:902:82c4:: with SMTP id u4mr30350559plz.196.1563221031672; Mon, 15 Jul 2019 13:03:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563221031; cv=none; d=google.com; s=arc-20160816; b=QxcjLYz2dxeDcxXRPxrcNcaYmV6ZqvMh98kJR8DfItzCF15Vv4INDLMZm73l/UzFOe 6oARpHqfFe/czVkeDMdGxjYAcJtYd7jTMI22CKrVSxUpJ2y4pU6dEbKkBtUaRUdkwnUs 89RtAJztiY+/NDSBcylOaIiXdBPL2ZaGqV1Ltq5zqtryMGBmtUT/q4ycV0EaENOav2be ypCiKWgxv4DxGWVa3fpQ44yzZ8Me3kB39T1GyptnU9DC5lQi+v/DxD+hzrfDqk2zVdYo r21PbF13LugrFZezhzBdH7RMDWA/nsa4+FHctEO6EqxEooPhq2OphnqP0YSTSA2i5V5L TvYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=7Fsa5djs+VQ2BrQJC+FUs9YwCCHQQfjCNM9PGrMIw+A=; b=Ip26PkQo2O/svVSESr716mlTWuuJ5xPaJ4Ozs721PAg7xb+BeoNmixwF5XJ5rSCaEe uAjn07ey5zfhvb+a9LlHeFUQa71AXEcSbKAglmvNWR2PXoFv9KKsldu5NNoIsSWjprzL S00TRB2almQgNu8nvKaQFJNEcp/medSa/e9UzB5m/elbN6hosHKA7Y8ouuGZPZli1/Gq dZHghpxKI1Jm3ojs1RQA7fOgeiUArMP1lidNZcmHVmG9H2JL/0kuuNk0NQFVqeWti1z9 k1AZ/JdlSi8d5f9FE+l8AFFlk/VQk2P5pSjWPDTZxRo7ti77C3dhhqL9P+GaftaxlLNM WEJw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=cJ58uU0X; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o4si16866529pgv.157.2019.07.15.13.03.35; Mon, 15 Jul 2019 13:03:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=cJ58uU0X; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732378AbfGOUC2 (ORCPT + 99 others); Mon, 15 Jul 2019 16:02:28 -0400 Received: from mail-pf1-f202.google.com ([209.85.210.202]:33562 "EHLO mail-pf1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732341AbfGOUAV (ORCPT ); Mon, 15 Jul 2019 16:00:21 -0400 Received: by mail-pf1-f202.google.com with SMTP id d190so10850888pfa.0 for ; Mon, 15 Jul 2019 13:00:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=7Fsa5djs+VQ2BrQJC+FUs9YwCCHQQfjCNM9PGrMIw+A=; b=cJ58uU0XE/YKJRyI5Mt8XS66fhl7mlr/5SBCN06rI3kOZahs9sJMcXx2ibpLoUVCaE 9N1NY7OgxzhRPwe9rAJ9sX1BJ0ihRRRL3eB1ATlWoL9AgojAMGNFU+IEzasvl9Qi8eeC ZkFc3LVDfGlr7B4KL2h2Fk7rzQRbQLG0fV2EprbbLhYAb3pInpVl0C4tpIWrC5ke1CaF 8SpfsbNg0HaA8UNxyOZPyFO9oH7pXi6W4xurmmtxgY7D5fmX5k+NL4JCD8shTiLjN3Q2 SXoPSH4JASf5Jv9Der3AxoWSuW+W9hMxss6p61KH1/LToqcS5HgvobYgH+qD2KX+O9I0 NjTQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=7Fsa5djs+VQ2BrQJC+FUs9YwCCHQQfjCNM9PGrMIw+A=; b=GckMgxOzMiUr5ndV+8NqrdzAivLrZt2Qjld+ALiEc/k+nmk1bPpdi4WbUwL70pHD57 EWrPdyGLYShhzFjS4zgZ2wgYBv+y7JjHCCx6at7t1ID7WSEAMyce19UrHwfmutEfogWm 3P/TIsHHIPrSItTOO8/blDTmjO4uRBkY4V841I5bE/F9LtWjfzg3eoFuItCQcoSI4WL9 3mxMjXKJzEPT0u6ILaISVo5BI0z9jSdyFTj75UEkIb0Igy+DcEAVYKJidfVXQUFPIUFb IaEYOwpL7SHDUNUF+Fe5a/iN5pqlEp+KGI+YKdxfTukkzQI+ENrt9jigk+AY9UcfTO3u CN6Q== X-Gm-Message-State: APjAAAXJinDxSsh+lj9NBZ1Ww/vCGJxl4ewlrxectHo+qDSjj8W3sI/k kjun6TMrtYfpsdQY+tRoWnu6y6gS/DEg34czbuiatA== X-Received: by 2002:a63:f857:: with SMTP id v23mr3963600pgj.228.1563220820065; Mon, 15 Jul 2019 13:00:20 -0700 (PDT) Date: Mon, 15 Jul 2019 12:59:27 -0700 In-Reply-To: <20190715195946.223443-1-matthewgarrett@google.com> Message-Id: <20190715195946.223443-11-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190715195946.223443-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.22.0.510.g264f2c817a-goog Subject: [PATCH V35 10/29] hibernate: Disable when the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, Josh Boyer , David Howells , Matthew Garrett , Kees Cook , rjw@rjwysocki.net, pavel@ucw.cz, linux-pm@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Josh Boyer There is currently no way to verify the resume image when returning from hibernate. This might compromise the signed modules trust model, so until we can work with signed hibernate images we disable it when the kernel is locked down. Signed-off-by: Josh Boyer Signed-off-by: David Howells Signed-off-by: Matthew Garrett Reviewed-by: Kees Cook Cc: rjw@rjwysocki.net Cc: pavel@ucw.cz cc: linux-pm@vger.kernel.org --- include/linux/security.h | 1 + kernel/power/hibernate.c | 3 ++- security/lockdown/lockdown.c | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/linux/security.h b/include/linux/security.h index 69c5de539e9a..304a155a5628 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -106,6 +106,7 @@ enum lockdown_reason { LOCKDOWN_MODULE_SIGNATURE, LOCKDOWN_DEV_MEM, LOCKDOWN_KEXEC, + LOCKDOWN_HIBERNATION, LOCKDOWN_INTEGRITY_MAX, LOCKDOWN_CONFIDENTIALITY_MAX, }; diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c index cd7434e6000d..3c0a5a8170b0 100644 --- a/kernel/power/hibernate.c +++ b/kernel/power/hibernate.c @@ -30,6 +30,7 @@ #include #include #include +#include #include #include "power.h" @@ -68,7 +69,7 @@ static const struct platform_hibernation_ops *hibernation_ops; bool hibernation_available(void) { - return (nohibernate == 0); + return nohibernate == 0 && !security_locked_down(LOCKDOWN_HIBERNATION); } /** diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index 6f302c156bc8..a0996f75629f 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -21,6 +21,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = { [LOCKDOWN_MODULE_SIGNATURE] = "unsigned module loading", [LOCKDOWN_DEV_MEM] = "/dev/mem,kmem,port", [LOCKDOWN_KEXEC] = "kexec of unsigned images", + [LOCKDOWN_HIBERNATION] = "hibernation", [LOCKDOWN_INTEGRITY_MAX] = "integrity", [LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality", }; -- 2.22.0.510.g264f2c817a-goog