Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp3353932ybl; Mon, 19 Aug 2019 17:20:26 -0700 (PDT) X-Google-Smtp-Source: APXvYqwkt3HDoUnq8VOK+unJVe3C/0QF9hjR6agV/ywCmTawljtgK00c/mkqcr6gD0TFyNu2fcCS X-Received: by 2002:a63:e44b:: with SMTP id i11mr21759038pgk.297.1566260426697; Mon, 19 Aug 2019 17:20:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1566260426; cv=none; d=google.com; s=arc-20160816; b=V2u8bVvbn07bmGC1CObdN2kSX4HE554snofp9GsW4kyy/eG2LpkCKO+AhXIAUgMyrL edRIFBKfI2fUSGnJVZ+m5+pHRsoXnkP3xGtWcC+bh68eZ5qN7I5E00tRXfRta9+l13jJ ay51EAXFJRzYrctkvDG2/cc7QY1oBlOx0bl9lm96FICAa3GpzrGmi75Y4pAhiNRcUL5R pvsR4sV5MCcFz56TVP3PEzhbkW34NB4Ly2ceE91aAKI8bIPpu9a8rLG6edSrGzo8RR05 rkrADvD8dDRF6Ga3KxC/P1gqvtLRWX87UvK/xJ0AAXajccddkEz20VC5DQjuUTnXGukf xgOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:from:subject:references :mime-version:message-id:in-reply-to:date:dkim-signature; bh=cMgjmtuBmfVa/CsXfb8uiBDSNgmdufQRbjNib4Tgcig=; b=zIxufw2GY3GFY3loBTIP9z+9WML/8yH/jujlroTA2PX8llFj1EEPEaJETGp6SV+v7i NWV0YF4WeGdmORqcB95QBcJbRtPAHzUMBg0pmC/kvztVS60ODaEoE4pGFZf3cQyV+HfU Dk5fDWvcCxTxa0H+W0QFKF8koT/MsAxecGWijzLgLmq5QvvTG4KwAQVNkVKzVvFVNdEn TUYP5zgXiHtEPZJi+PnsZHsCukFUgdu4sW94vKOhHHnUvWWnPLlgKtneh0YbK9ZDIg3r zEkQe6szuITPaXTgwgUzpf1f9S49sYUbctZm9xH61RvPyjId8yhr7sp9cQc20PvuWLgC /e3Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=tuuv3POp; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id y12si10697908pgp.195.2019.08.19.17.20.11; Mon, 19 Aug 2019 17:20:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=tuuv3POp; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728990AbfHTASh (ORCPT + 99 others); Mon, 19 Aug 2019 20:18:37 -0400 Received: from mail-ua1-f73.google.com ([209.85.222.73]:53168 "EHLO mail-ua1-f73.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728970AbfHTASf (ORCPT ); Mon, 19 Aug 2019 20:18:35 -0400 Received: by mail-ua1-f73.google.com with SMTP id u24so546871uah.19 for ; Mon, 19 Aug 2019 17:18:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=cMgjmtuBmfVa/CsXfb8uiBDSNgmdufQRbjNib4Tgcig=; b=tuuv3POpIuofzhNqZUKQoKR1Pan8nwWbDZbwkAoTf4UYx4zufPYGCTgfuOTsya6RGQ yhtHIODniLc3KhY4ZNrfLG5DMHIpncF400yxkZvzgcc3s6Rbw5nBUC+PtXubOVUvqxtW vOsCKrnFcVtFQv6TtLlXPOsSU/B9p5kp66ZWz/7m9TQYtAmW9PdPPao4btOAdtTn8IKG YrzMo2tEos2UTNJq9hQzUZhg2pZrv1T8fxHplMi75VM98FE7pqee6WC6llvC/03CIQ2D dRtXGSsQe7pfvMEIW5L5zL025IAA2sgUjgiBonoQXU87ScvIdQRI+pnoRzlL7QF1H4Dt dBYw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=cMgjmtuBmfVa/CsXfb8uiBDSNgmdufQRbjNib4Tgcig=; b=b/FugrbzImKFrn66bk+750uCnv7HvOlSLcwEPbRUAJdYREm/tMeYXvbB7xy1FPffjF pILjm8qRTV6W3qVuMmVumWQQPqrzee59G3+l1vUq4KAco+eaOMnK24ke3F/qO+L+cywe djFM/l4uKA02sEnbHSagclbW+ObDDv9UPCYkIeIy+F+74wqa3SoPfWSeARUe1L0VNS7V x+65gyHb3y0aMqBHcaB1JtcFhjkMLo/IbCCTpkbxL3MTbHIIYCgqD9rMKqmJAC+/3uMj GHENRvK0HWU04ZM4S5UzzgRMKTlep+qmoBOSfVUmsw6BeuJamM2g3NTJmwU46cOnNjiq GHnA== X-Gm-Message-State: APjAAAX7hQQFKvNpgY4yd7pWoB8BsqJ5x3ZerLDtxyjMmK3tou6r76BK x/rBF7rs7acrGmTKZJLA9oyoqXID/SQNhLdtHfRRjQ== X-Received: by 2002:a67:d02:: with SMTP id 2mr3153609vsn.43.1566260313925; Mon, 19 Aug 2019 17:18:33 -0700 (PDT) Date: Mon, 19 Aug 2019 17:17:45 -0700 In-Reply-To: <20190820001805.241928-1-matthewgarrett@google.com> Message-Id: <20190820001805.241928-10-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190820001805.241928-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.23.0.rc1.153.gdeed80330f-goog Subject: [PATCH V40 09/29] kexec_file: Restrict at runtime if the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-api@vger.kernel.org, Jiri Bohac , David Howells , Matthew Garrett , kexec@lists.infradead.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jiri Bohac When KEXEC_SIG is not enabled, kernel should not load images through kexec_file systemcall if the kernel is locked down. [Modified by David Howells to fit with modifications to the previous patch and to return -EPERM if the kernel is locked down for consistency with other lockdowns. Modified by Matthew Garrett to remove the IMA integration, which will be replaced by integrating with the IMA architecture policy patches.] Signed-off-by: Jiri Bohac Signed-off-by: David Howells Signed-off-by: Matthew Garrett cc: kexec@lists.infradead.org --- kernel/kexec_file.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/kexec_file.c b/kernel/kexec_file.c index 972931201995..43109ef4d6bf 100644 --- a/kernel/kexec_file.c +++ b/kernel/kexec_file.c @@ -208,7 +208,7 @@ kimage_validate_signature(struct kimage *image) return ret; } - return 0; + return security_locked_down(LOCKDOWN_KEXEC); /* All other errors are fatal, including nomem, unparseable * signatures and signature check failures - even if signatures -- 2.23.0.rc1.153.gdeed80330f-goog