Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp2700054ybi; Thu, 18 Jul 2019 12:45:37 -0700 (PDT) X-Google-Smtp-Source: APXvYqxjUf8R9fAxOGub4oO9Ap/U4Lmfdpw+QoKC/w+dnPNalwJEoGp/ZTl9+vhbAwvPAQ5XjKT/ X-Received: by 2002:a63:6901:: with SMTP id e1mr20345487pgc.390.1563479137610; Thu, 18 Jul 2019 12:45:37 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1563479137; cv=none; d=google.com; s=arc-20160816; b=UG6GxgTavBzmive22CEGoGccItMITK99uBkFFvSBaBL1/pRPNO5aKAIHQ4nTNp2UBA x877ABdNsb3Mm2JNgW2aWy23Bk5jygbQD0lFMdlzavLo3ddzbqT9Fl62hKl21ZuKpTLV NsKKMbQ4KzLF+AW5kr5DyOFKhBmUqG13hD1NA1U8yZEVYLl1lAAKauc3+dfY8QRNvvWI gM2dZ8uSnjGZKse260Vo/f26NSwtBHXvtcdSKkalYmo2xnFciXsL7lSBx+u3zyp2HF5n kGZL5GqqH4lxOZSqZsZdACtT94KOBqcfYFlkBdYycGu/qSRWbxUmA3TI7FKh9H1Tw2AK X7hQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=9fXbmdfL5KhuvIZCfCGIG29n6zuww7qo8MROnWxS5+E=; b=VVUV4VbgVhUQCIouKR2Cqw0pX/Z2Kdv0KAHKpbDbSTl4erFU1ymdvdTitbERCYLo3W SsbWt+2b6y9izYA2535UVCiurd6URCGw/nTT4QGmsNBSymSFGxBF+V9BP7wmknzjvqh6 ltoJ9gp3Jduoxo7GijNOZV32+WVQeUW8UevY3P89C694tJNCFQUZSLu1kBZ9/NQE8OH1 lS6AJhPYozdpo+HuJYjBSFxtkxpL+JOO5lIEdCmdxF5Up4sxTrCPzZE2SxN/x2X1PhUI tjNhgQnJ0N6LOmMd4wRTdR8qQlCDG+R4r3xFU58XKRpX8HXNQDrqyg+eFo+YOGonUEd5 Sp+w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=vaFKk2Q8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f72si494285pfa.67.2019.07.18.12.45.22; Thu, 18 Jul 2019 12:45:37 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=vaFKk2Q8; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2391652AbfGRTop (ORCPT + 99 others); Thu, 18 Jul 2019 15:44:45 -0400 Received: from mail-qk1-f201.google.com ([209.85.222.201]:46197 "EHLO mail-qk1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2391607AbfGRTon (ORCPT ); Thu, 18 Jul 2019 15:44:43 -0400 Received: by mail-qk1-f201.google.com with SMTP id c79so24227923qkg.13 for ; Thu, 18 Jul 2019 12:44:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=9fXbmdfL5KhuvIZCfCGIG29n6zuww7qo8MROnWxS5+E=; b=vaFKk2Q89nA8m9zpY9o5P/RyryqHBdnZpR8gvBpiaUPOc73uQhRke4kFn/wkdzgCxl U2Duhl+4hspB7HHsAUKNt8g59w64Y0FqOLBAqNw3Pl3ej3rwSW/y589QZ6A6ApenF8w2 daVo52oj5ggvqgEbXliWkyAt5Cs7XMh5cwhuDlUHhifbQULkx6UsimX5JAb/C2HZA3tE 9v4X/c4Q4p7oikJ+1P7BAsp1XkYXcYcR5trJpUpZGQes+T6Dbg0lDgBMS7KxMgKrVRS8 wxeppP6Cw5FcMVwd1u0yQsxFPsfRzN6VoauEsS4u/2f0lfU6SeMZf9gUfADnLY8TtFWv o/Rw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=9fXbmdfL5KhuvIZCfCGIG29n6zuww7qo8MROnWxS5+E=; b=ugqCTTIbxmkrVvhkYhz+yhNIB8PKJJZ4znVouZTy7K1dIQyrABsJb9U1sYGLUzfOFC h1NNHQtS7+gBqH3w8PoGjzs357DNRxAiHKeu2dm42HXcNeRyucYgfeBkWLhZq9vsUGKG cUCXsC0bD9b+v6MeUBJMTThzvy7dEMK62d8Yoif1kSl5Fxl2n6HkTq7+q9inre/1oidP w/qpvmtwhccjEMEgnIN4oeTHgIqwyf/lQ9r6cXQF7+aba1UcGNAGpBetyB+dOe5fKrXG N7W3+FXE3osusat5LrVKPMKGHps4Z1SOKeU2s1KqMmGRS8P33uY3qM5uJgtQ26RSSrY8 YtZw== X-Gm-Message-State: APjAAAVsq+wMFnIsetgt5QCSXEGWAxVl+eoi3itaaHHtitClP1OAs6Vn geNh/wrt4mVhQOErBfCELqoFiWngAECeMgWBgTFpSQ== X-Received: by 2002:a0c:acfb:: with SMTP id n56mr34542609qvc.87.1563479082093; Thu, 18 Jul 2019 12:44:42 -0700 (PDT) Date: Thu, 18 Jul 2019 12:43:55 -0700 In-Reply-To: <20190718194415.108476-1-matthewgarrett@google.com> Message-Id: <20190718194415.108476-10-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190718194415.108476-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.22.0.510.g264f2c817a-goog Subject: [PATCH V36 09/29] kexec_file: Restrict at runtime if the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, Jiri Bohac , David Howells , Matthew Garrett , Kees Cook , kexec@lists.infradead.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jiri Bohac When KEXEC_SIG is not enabled, kernel should not load images through kexec_file systemcall if the kernel is locked down. [Modified by David Howells to fit with modifications to the previous patch and to return -EPERM if the kernel is locked down for consistency with other lockdowns. Modified by Matthew Garrett to remove the IMA integration, which will be replaced by integrating with the IMA architecture policy patches.] Signed-off-by: Jiri Bohac Signed-off-by: David Howells Signed-off-by: Matthew Garrett Reviewed-by: Jiri Bohac Reviewed-by: Kees Cook cc: kexec@lists.infradead.org --- kernel/kexec_file.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index 875482c34154..dd06f1070d66 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -228,7 +228,10 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, goto out; } - ret = 0; + ret = security_locked_down(LOCKDOWN_KEXEC); + if (ret) + goto out; + break; /* All other errors are fatal, including nomem, unparseable -- 2.22.0.510.g264f2c817a-goog