Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp6088898ybh; Wed, 7 Aug 2019 17:08:58 -0700 (PDT) X-Google-Smtp-Source: APXvYqwXZJlaaw0q4uCvuO0ZX+BBPbuYqbhk4UCsTJGZ38VRzzHnjOQ2ECrjlkOrnKKK3DGqTPLY X-Received: by 2002:a62:1883:: with SMTP id 125mr12153485pfy.178.1565222937981; Wed, 07 Aug 2019 17:08:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565222937; cv=none; d=google.com; s=arc-20160816; b=dILg1rcp0MbPy1nXKGUYeZ/CghwSRm+vyl67jLGxDqUYvUV/dIaHstByg8D6xogQie 7t/y0H3uXpXzNnMSNVHO/Er0moMmVENaNjC/dYNsFdom5l9E+fI4JjusiTrYjlCCsQ9Y kddn0jtwwKCwqQJz5rtj0f0Kp4muiQ4DsYGFhtHzQrhocwphaxzUdjliX0BZiM25AccY hfmW/VorPNzcitgFjOf3kP54+KFA55/gkzWOsvJ5UPEnkeTsUXqHjFk92SHsj9ODsja/ nBxe9Tke2WWY40NP6PZsJXdoFM27ALUheSTQ1b/1gMFYjBRTPkcErvKYBPEj4gWgjW6k YyGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=gySahCCzgGb/Q58L8c20Lrjjix8qIZkrCOd+PLUQfB8=; b=MKDtpiai6dnc+8a3aUSp802nf32YWNfCvmrOLFMVDsRaa2IEtzIRLdi+pGQRiqSz9m eu2EBt4aLOsf69CQS2oLybT7qIw+cqlGVmwjX2cJ2YTTdKb6DMNWi+3hgnWuf9zHYJSZ 3/jsBNMIv1hsquZn1CEJlBBIRpnbL3qrbz7cHYe1Pfjg2EMihFMYA5Od6qNn2mjL7Vgk q8PPDgidO6w9TUWfC8+ompcoEx6iPNoO6OBaSMsvHr4yMvwWbTfFUQF2RhuPQYRapgRZ 9CMlhznLrCHvV7l6MYNpS70jAvCJkFP+U0GHrwvjWypxADIDgkhXjOMHehlmiNRP8X+T n/+Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="KUrK/PKB"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x9si47499609plo.98.2019.08.07.17.08.42; Wed, 07 Aug 2019 17:08:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="KUrK/PKB"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389567AbfHHAHv (ORCPT + 99 others); Wed, 7 Aug 2019 20:07:51 -0400 Received: from mail-pg1-f202.google.com ([209.85.215.202]:49510 "EHLO mail-pg1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389540AbfHHAHs (ORCPT ); Wed, 7 Aug 2019 20:07:48 -0400 Received: by mail-pg1-f202.google.com with SMTP id 30so56536242pgk.16 for ; Wed, 07 Aug 2019 17:07:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=gySahCCzgGb/Q58L8c20Lrjjix8qIZkrCOd+PLUQfB8=; b=KUrK/PKBvaP9/XDEYsuifyH8DFiozIFrCZLZ5Ezfns7BHlTH1+1PJfamzSxJu1NHyI 6ctpu4+uT8nJAWOBlOw5Ij7yVVB4PbtgL46p1TTpzX+B+CMrqDTNnSd/h/F0RIWkWGsT 5q7WQ9rlyhjvhuKYCctrkMxQv0iNTuIiOglGqYM3qvLt1eLw1DNoOfnxzsT0wE2V6P/k PVdLaBRuVUmR6hOfxG3BBT79ZSXTJI0zzhUfln6YL1sopyhMdgEIdbyDl96i9J9Tnpyf N6gPcQJzR7WNQRCkjuNE7N5fVtucOuzZnjpMi6Qgl5IEk5vzH4IRaVOse20R5VKES5jH 76XQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=gySahCCzgGb/Q58L8c20Lrjjix8qIZkrCOd+PLUQfB8=; b=OibRqAcc5RVAVtvHgXqfAEaF61SGqJuNUiizOy0nxH2G0OdoPPLuAz0+oSLtLYSGE4 dGcG3NY5MF/eVFbX4HdnIac9HAC4vj2aEkIEzva8n3kg3d+9NRgXkLbtguziPsUCxHDs uW3E4jTOnOKIeSSeso9L4qFLDKUO5cnUk1N9vKDy2J+9/9thjRIE33rtufQUfGaNnhH9 2ZxzeLJbe51Gv+0yRlXIGODnqSW1ZIxjuscH57iovtJQaMBc5G05d2NT9wbCzK8VbKAJ PaGRnyVvXdOiDSNLAc8aubHoYjsrB8nxM3xXWplDY4qCQCm/FeRF2YSG99wl4y3boqAE po5A== X-Gm-Message-State: APjAAAWHqCzt1dWBgjbTXP7fbqZG2TSyv5RUdxuaMlvTMYeBYDh0DvOu l0jfJNPWRZUSwhZzSw6xNLna2/9mI9jIcponTTcM0w== X-Received: by 2002:a65:64cf:: with SMTP id t15mr9782881pgv.88.1565222867491; Wed, 07 Aug 2019 17:07:47 -0700 (PDT) Date: Wed, 7 Aug 2019 17:07:01 -0700 In-Reply-To: <20190808000721.124691-1-matthewgarrett@google.com> Message-Id: <20190808000721.124691-10-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190808000721.124691-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.22.0.770.g0f2c4a37fd-goog Subject: [PATCH V38 09/29] kexec_file: Restrict at runtime if the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, Jiri Bohac , David Howells , Matthew Garrett , Kees Cook , kexec@lists.infradead.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jiri Bohac When KEXEC_SIG is not enabled, kernel should not load images through kexec_file systemcall if the kernel is locked down. [Modified by David Howells to fit with modifications to the previous patch and to return -EPERM if the kernel is locked down for consistency with other lockdowns. Modified by Matthew Garrett to remove the IMA integration, which will be replaced by integrating with the IMA architecture policy patches.] Signed-off-by: Jiri Bohac Signed-off-by: David Howells Signed-off-by: Matthew Garrett Reviewed-by: Jiri Bohac Reviewed-by: Kees Cook cc: kexec@lists.infradead.org --- kernel/kexec_file.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index 875482c34154..dd06f1070d66 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -228,7 +228,10 @@ kimage_file_prepare_segments(struct kimage *image, int kernel_fd, int initrd_fd, goto out; } - ret = 0; + ret = security_locked_down(LOCKDOWN_KEXEC); + if (ret) + goto out; + break; /* All other errors are fatal, including nomem, unparseable -- 2.22.0.770.g0f2c4a37fd-goog