Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp6481097ybi;
        Wed, 31 Jul 2019 15:23:59 -0700 (PDT)
X-Google-Smtp-Source: APXvYqy6vBUhu25IkuHnGP+sEJzaO1pKbXTEmpWis/qzpzHJ/kYiyN6aeMFvW88kSCFHGTZSiZz8
X-Received: by 2002:a65:4507:: with SMTP id n7mr8196630pgq.86.1564611839362;
        Wed, 31 Jul 2019 15:23:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1564611839; cv=none;
        d=google.com; s=arc-20160816;
        b=CYZXiVqrjMX9gSgX/Z+J9KyaSV3+t9pfCgehKjJqwbQLScZhfNU+EZCBoN+RqvL3wY
         bvAfRoz8zdVN4eWVafMDD0oTrzduqtVPUZ8avwJWH+1+UqcF5LsYsig5Mpd5iPl3DslL
         92Gdite18mqMoDh+fATXiMCYC7fpiINNqvihhT3Zr6BbyQWGowOhvWj54jwr72/eTyN2
         Of+7R9SYwfFw/giqO0HbqH3BbI802xLef4PjiDyMZYt6QIQSab6XTW3EJRe2biFQ1Ii1
         MIaetoLtWY3z3ZlkWNlsgBnVAj3n3AsBjbMu1EiuaUtK5ZsDZtSWvJaD+SFAGlfertrW
         1bSg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:from:subject:references
         :mime-version:message-id:in-reply-to:date:dkim-signature;
        bh=mRx6DvobeAgz9fXiYoI+VAmx830kBHXoGc7G6A5EVd0=;
        b=OwQyDhVVOTf6DQwfQT1PASSXrnOXBYUfKjH8z8kOFLI5/5zIG4hHsBiS9hhUlNH6Pd
         ycg0NyVQb87xWOix9JrtUbpLP4eoZL+WDQiO5NWNVXNRMKF7GqYff5YuAJ155QfDsX8q
         4WegsFJydY+hdb+l7kvWT/ZngEp8pO7g5FaZF+cjqFGKNuJ119BKClbLyEltpXRtHJ3n
         rdMCgEcYjw5kVPS6lEQDheEwQOAhQoyvMc6P98JTm9Xyc6KYCCNxGzL+bC2AagjzoEf9
         6FpiCXrk/z9dUv1eHqhakCymcBSLWb9PjzmAKes1p2wlPwxBX9nEYupUZk0QRfrLzLle
         Gylw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=IXsxtFi3;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id x184si20765953pfb.24.2019.07.31.15.23.44;
        Wed, 31 Jul 2019 15:23:59 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20161025 header.b=IXsxtFi3;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731252AbfGaWQy (ORCPT <rfc822;ablacktshirt@gmail.com>
        + 99 others); Wed, 31 Jul 2019 18:16:54 -0400
Received: from mail-pf1-f201.google.com ([209.85.210.201]:56779 "EHLO
        mail-pf1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1731238AbfGaWQw (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 31 Jul 2019 18:16:52 -0400
Received: by mail-pf1-f201.google.com with SMTP id x10so44196676pfa.23
        for <linux-kernel@vger.kernel.org>; Wed, 31 Jul 2019 15:16:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=date:in-reply-to:message-id:mime-version:references:subject:from:to
         :cc;
        bh=mRx6DvobeAgz9fXiYoI+VAmx830kBHXoGc7G6A5EVd0=;
        b=IXsxtFi3dTqKB+o/Wp7s083XS7SjUbQMcCgIsd0WIzzMtZmNaSQKck9SZk8/LV/tKW
         iauqc9Sh1AIluynW7+PR4PhpczN6yRdIv953ynjwuwFWHa/UVnQ72sULwrXjNjS6e/rU
         9B58SiL1PCO7x+gwtiCfLRDcFLfHYqJckXhIxs7f7BmC/OAWPsSihkTtRDo4hMCslWC4
         DcbbsuYXQYGwOfMS+1sE0Xp813o+0VO5tuwgaPAWsIiBTlDFJ2yTuhzH/viPVcMxtFXv
         PCDiNz31TQAFo2c/g5gz4FxUjGG5qNoYLTvZVJc1/xMrVhVCF6vii+6Ml1XW+QkFPzAs
         w83w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:in-reply-to:message-id:mime-version
         :references:subject:from:to:cc;
        bh=mRx6DvobeAgz9fXiYoI+VAmx830kBHXoGc7G6A5EVd0=;
        b=T0jurBEPOS2ykV577ndCBslOOiOxeqpMQGjfWUFM1cj57jJ9QAhm7/2Md3erLOcamB
         LVJptlfxG4mKS41TiRqNtviRHq1bbfUkryJrz1VumDS5JPVPk0Rl/8PzMEEWpmlUmy2Z
         XIX8LWAsk7w+xOarO5tXGlZujGI773YzE4PLA6C4PplcwL9r8+9ISn5oPy0z/FXpC9eS
         GtFEC05EQOedA4VsP7lW+Y7+VbaZCr25m2WktLHpCzEMFlxK4dq+6Fokc//VLeDb9SBg
         NliU4rk4mRxb1Of3XPMTP0XI/7JM3SPl7DhiwzSLVxHt9iN8o5jiqwj832ArOhB0xPJB
         RfAw==
X-Gm-Message-State: APjAAAU4Jzqsm9RtqQWvB5qby1r2WKDjk3xUGIDP648FWhsHBCHZ5oik
        Rgh1gyZLXQXNLvo/Ma6UmlWDbmxpYQlsOcxC01dYrA==
X-Received: by 2002:a65:44cc:: with SMTP id g12mr37784362pgs.409.1564611411719;
 Wed, 31 Jul 2019 15:16:51 -0700 (PDT)
Date:   Wed, 31 Jul 2019 15:15:58 -0700
In-Reply-To: <20190731221617.234725-1-matthewgarrett@google.com>
Message-Id: <20190731221617.234725-11-matthewgarrett@google.com>
Mime-Version: 1.0
References: <20190731221617.234725-1-matthewgarrett@google.com>
X-Mailer: git-send-email 2.22.0.770.g0f2c4a37fd-goog
Subject: [PATCH V37 10/29] hibernate: Disable when the kernel is locked down
From:   Matthew Garrett <matthewgarrett@google.com>
To:     jmorris@namei.org
Cc:     linux-security-module@vger.kernel.org,
        linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
        Josh Boyer <jwboyer@fedoraproject.org>,
        David Howells <dhowells@redhat.com>,
        Matthew Garrett <mjg59@google.com>,
        Kees Cook <keescook@chromium.org>, rjw@rjwysocki.net,
        pavel@ucw.cz, linux-pm@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Josh Boyer <jwboyer@fedoraproject.org>

There is currently no way to verify the resume image when returning
from hibernate.  This might compromise the signed modules trust model,
so until we can work with signed hibernate images we disable it when the
kernel is locked down.

Signed-off-by: Josh Boyer <jwboyer@fedoraproject.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: rjw@rjwysocki.net
Cc: pavel@ucw.cz
cc: linux-pm@vger.kernel.org
---
 include/linux/security.h     | 1 +
 kernel/power/hibernate.c     | 3 ++-
 security/lockdown/lockdown.c | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/linux/security.h b/include/linux/security.h
index 69c5de539e9a..304a155a5628 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -106,6 +106,7 @@ enum lockdown_reason {
 	LOCKDOWN_MODULE_SIGNATURE,
 	LOCKDOWN_DEV_MEM,
 	LOCKDOWN_KEXEC,
+	LOCKDOWN_HIBERNATION,
 	LOCKDOWN_INTEGRITY_MAX,
 	LOCKDOWN_CONFIDENTIALITY_MAX,
 };
diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c
index cd7434e6000d..3c0a5a8170b0 100644
--- a/kernel/power/hibernate.c
+++ b/kernel/power/hibernate.c
@@ -30,6 +30,7 @@
 #include <linux/ctype.h>
 #include <linux/genhd.h>
 #include <linux/ktime.h>
+#include <linux/security.h>
 #include <trace/events/power.h>
 
 #include "power.h"
@@ -68,7 +69,7 @@ static const struct platform_hibernation_ops *hibernation_ops;
 
 bool hibernation_available(void)
 {
-	return (nohibernate == 0);
+	return nohibernate == 0 && !security_locked_down(LOCKDOWN_HIBERNATION);
 }
 
 /**
diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c
index 6f302c156bc8..a0996f75629f 100644
--- a/security/lockdown/lockdown.c
+++ b/security/lockdown/lockdown.c
@@ -21,6 +21,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = {
 	[LOCKDOWN_MODULE_SIGNATURE] = "unsigned module loading",
 	[LOCKDOWN_DEV_MEM] = "/dev/mem,kmem,port",
 	[LOCKDOWN_KEXEC] = "kexec of unsigned images",
+	[LOCKDOWN_HIBERNATION] = "hibernation",
 	[LOCKDOWN_INTEGRITY_MAX] = "integrity",
 	[LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality",
 };
-- 
2.22.0.770.g0f2c4a37fd-goog