Received: by 2002:a25:ad19:0:0:0:0:0 with SMTP id y25csp6481097ybi; Wed, 31 Jul 2019 15:23:59 -0700 (PDT) X-Google-Smtp-Source: APXvYqy6vBUhu25IkuHnGP+sEJzaO1pKbXTEmpWis/qzpzHJ/kYiyN6aeMFvW88kSCFHGTZSiZz8 X-Received: by 2002:a65:4507:: with SMTP id n7mr8196630pgq.86.1564611839362; Wed, 31 Jul 2019 15:23:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564611839; cv=none; d=google.com; s=arc-20160816; b=CYZXiVqrjMX9gSgX/Z+J9KyaSV3+t9pfCgehKjJqwbQLScZhfNU+EZCBoN+RqvL3wY bvAfRoz8zdVN4eWVafMDD0oTrzduqtVPUZ8avwJWH+1+UqcF5LsYsig5Mpd5iPl3DslL 92Gdite18mqMoDh+fATXiMCYC7fpiINNqvihhT3Zr6BbyQWGowOhvWj54jwr72/eTyN2 Of+7R9SYwfFw/giqO0HbqH3BbI802xLef4PjiDyMZYt6QIQSab6XTW3EJRe2biFQ1Ii1 MIaetoLtWY3z3ZlkWNlsgBnVAj3n3AsBjbMu1EiuaUtK5ZsDZtSWvJaD+SFAGlfertrW 1bSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=mRx6DvobeAgz9fXiYoI+VAmx830kBHXoGc7G6A5EVd0=; b=OwQyDhVVOTf6DQwfQT1PASSXrnOXBYUfKjH8z8kOFLI5/5zIG4hHsBiS9hhUlNH6Pd ycg0NyVQb87xWOix9JrtUbpLP4eoZL+WDQiO5NWNVXNRMKF7GqYff5YuAJ155QfDsX8q 4WegsFJydY+hdb+l7kvWT/ZngEp8pO7g5FaZF+cjqFGKNuJ119BKClbLyEltpXRtHJ3n rdMCgEcYjw5kVPS6lEQDheEwQOAhQoyvMc6P98JTm9Xyc6KYCCNxGzL+bC2AagjzoEf9 6FpiCXrk/z9dUv1eHqhakCymcBSLWb9PjzmAKes1p2wlPwxBX9nEYupUZk0QRfrLzLle Gylw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=IXsxtFi3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x184si20765953pfb.24.2019.07.31.15.23.44; Wed, 31 Jul 2019 15:23:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=IXsxtFi3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731252AbfGaWQy (ORCPT + 99 others); Wed, 31 Jul 2019 18:16:54 -0400 Received: from mail-pf1-f201.google.com ([209.85.210.201]:56779 "EHLO mail-pf1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731238AbfGaWQw (ORCPT ); Wed, 31 Jul 2019 18:16:52 -0400 Received: by mail-pf1-f201.google.com with SMTP id x10so44196676pfa.23 for ; Wed, 31 Jul 2019 15:16:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=mRx6DvobeAgz9fXiYoI+VAmx830kBHXoGc7G6A5EVd0=; b=IXsxtFi3dTqKB+o/Wp7s083XS7SjUbQMcCgIsd0WIzzMtZmNaSQKck9SZk8/LV/tKW iauqc9Sh1AIluynW7+PR4PhpczN6yRdIv953ynjwuwFWHa/UVnQ72sULwrXjNjS6e/rU 9B58SiL1PCO7x+gwtiCfLRDcFLfHYqJckXhIxs7f7BmC/OAWPsSihkTtRDo4hMCslWC4 DcbbsuYXQYGwOfMS+1sE0Xp813o+0VO5tuwgaPAWsIiBTlDFJ2yTuhzH/viPVcMxtFXv PCDiNz31TQAFo2c/g5gz4FxUjGG5qNoYLTvZVJc1/xMrVhVCF6vii+6Ml1XW+QkFPzAs w83w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=mRx6DvobeAgz9fXiYoI+VAmx830kBHXoGc7G6A5EVd0=; b=T0jurBEPOS2ykV577ndCBslOOiOxeqpMQGjfWUFM1cj57jJ9QAhm7/2Md3erLOcamB LVJptlfxG4mKS41TiRqNtviRHq1bbfUkryJrz1VumDS5JPVPk0Rl/8PzMEEWpmlUmy2Z XIX8LWAsk7w+xOarO5tXGlZujGI773YzE4PLA6C4PplcwL9r8+9ISn5oPy0z/FXpC9eS GtFEC05EQOedA4VsP7lW+Y7+VbaZCr25m2WktLHpCzEMFlxK4dq+6Fokc//VLeDb9SBg NliU4rk4mRxb1Of3XPMTP0XI/7JM3SPl7DhiwzSLVxHt9iN8o5jiqwj832ArOhB0xPJB RfAw== X-Gm-Message-State: APjAAAU4Jzqsm9RtqQWvB5qby1r2WKDjk3xUGIDP648FWhsHBCHZ5oik Rgh1gyZLXQXNLvo/Ma6UmlWDbmxpYQlsOcxC01dYrA== X-Received: by 2002:a65:44cc:: with SMTP id g12mr37784362pgs.409.1564611411719; Wed, 31 Jul 2019 15:16:51 -0700 (PDT) Date: Wed, 31 Jul 2019 15:15:58 -0700 In-Reply-To: <20190731221617.234725-1-matthewgarrett@google.com> Message-Id: <20190731221617.234725-11-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190731221617.234725-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.22.0.770.g0f2c4a37fd-goog Subject: [PATCH V37 10/29] hibernate: Disable when the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, Josh Boyer , David Howells , Matthew Garrett , Kees Cook , rjw@rjwysocki.net, pavel@ucw.cz, linux-pm@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Josh Boyer There is currently no way to verify the resume image when returning from hibernate. This might compromise the signed modules trust model, so until we can work with signed hibernate images we disable it when the kernel is locked down. Signed-off-by: Josh Boyer Signed-off-by: David Howells Signed-off-by: Matthew Garrett Reviewed-by: Kees Cook Cc: rjw@rjwysocki.net Cc: pavel@ucw.cz cc: linux-pm@vger.kernel.org --- include/linux/security.h | 1 + kernel/power/hibernate.c | 3 ++- security/lockdown/lockdown.c | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/linux/security.h b/include/linux/security.h index 69c5de539e9a..304a155a5628 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -106,6 +106,7 @@ enum lockdown_reason { LOCKDOWN_MODULE_SIGNATURE, LOCKDOWN_DEV_MEM, LOCKDOWN_KEXEC, + LOCKDOWN_HIBERNATION, LOCKDOWN_INTEGRITY_MAX, LOCKDOWN_CONFIDENTIALITY_MAX, }; diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c index cd7434e6000d..3c0a5a8170b0 100644 --- a/kernel/power/hibernate.c +++ b/kernel/power/hibernate.c @@ -30,6 +30,7 @@ #include #include #include +#include #include #include "power.h" @@ -68,7 +69,7 @@ static const struct platform_hibernation_ops *hibernation_ops; bool hibernation_available(void) { - return (nohibernate == 0); + return nohibernate == 0 && !security_locked_down(LOCKDOWN_HIBERNATION); } /** diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c index 6f302c156bc8..a0996f75629f 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c @@ -21,6 +21,7 @@ static char *lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1] = { [LOCKDOWN_MODULE_SIGNATURE] = "unsigned module loading", [LOCKDOWN_DEV_MEM] = "/dev/mem,kmem,port", [LOCKDOWN_KEXEC] = "kexec of unsigned images", + [LOCKDOWN_HIBERNATION] = "hibernation", [LOCKDOWN_INTEGRITY_MAX] = "integrity", [LOCKDOWN_CONFIDENTIALITY_MAX] = "confidentiality", }; -- 2.22.0.770.g0f2c4a37fd-goog