Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp5671504imw; Wed, 20 Jul 2022 10:04:16 -0700 (PDT) X-Google-Smtp-Source: AGRyM1sNnle2NlasOBhep5/gH2PDuowJ5adtkKLKIWMw+LNsXMOPrPsCgY+0Ua5abc6uURm9GReu X-Received: by 2002:a05:6102:2907:b0:357:4c8b:6a43 with SMTP id cz7-20020a056102290700b003574c8b6a43mr14785584vsb.27.1658336655702; Wed, 20 Jul 2022 10:04:15 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1658336655; cv=pass; d=google.com; s=arc-20160816; b=YNSbOmfDQ4CC1K0/3hQJZw47X/ZPErGXwG4//jKXl0+TnFJap6E1aCfRBvMKtNaWhz W1X3qxZnn3wi24eNtQYLfbUFLwOd4/X37HxFcE3fgNzhmziePrlhBnRQ9J9h38zGrPcs kKBx7kGtecxNcJ65lajcQSc45bChZCMPnYX8q+MKlsVWOuUrwih3YDk9OXifQdqpTLRy iLznXKwAWLnJTappuZyqIyW8hc5Riv6XCqcgfiA89B2thEU/CKV8yhZdzvn7evWxJgEI jns51eLeHjlkK01j8gmvzUgOL95kmC/obhtIXY85F5Jzy3s8DXpyBOmsZk4i8oB1nQJp Qg4Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :message-id:date:subject:cc:to:from:dkim-signature:dkim-signature; bh=TGMcGJsbirpOY2qimXpRWfb6n7IerPm9vCCSQGA/2Po=; b=DJmWpFyrmIewWyvQ86P+aCBajHxMAYAgoqGy9FkmXvsHUJYDfqW3XDk0X0/79IlTlo msJ2q5VzsEAjKPONxvlK1UTB4IyLS1SyuhvCZTR4Tj03jRTy1lWkXZdi4sEDhQjLsPlm lRg3eYq+RxN4Gdk9McQCpLzCKu1j0EdwxEznvj9Iyz4pFVm/pJpQzRhj/SBP7BCwgZWp yylWszTBk+zB4jipb1+ulapLd0FKceFwKPLOMjb23NS7zGnYnCF7PCyQ8nN6OGrSoC7L lcl+fMsTUjtDlJD+q3IE9mWoiHTTey11ile5E5UM7LY+9FFHREwI1Kv1XH5eKAceBkHW cIJw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2022-7-12 header.b=MEyNJebX; dkim=pass header.i=@oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b=QZWWOd9l; arc=pass (i=1 spf=pass spfdomain=oracle.com dkim=pass dkdomain=oracle.com dmarc=pass fromdomain=oracle.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id w79-20020a1f9452000000b00375df798969si413522vkd.300.2022.07.20.10.04.00; Wed, 20 Jul 2022 10:04:15 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2022-7-12 header.b=MEyNJebX; dkim=pass header.i=@oracle.onmicrosoft.com header.s=selector2-oracle-onmicrosoft-com header.b=QZWWOd9l; arc=pass (i=1 spf=pass spfdomain=oracle.com dkim=pass dkdomain=oracle.com dmarc=pass fromdomain=oracle.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232629AbiGTQlC (ORCPT + 99 others); Wed, 20 Jul 2022 12:41:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40216 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232755AbiGTQkx (ORCPT ); Wed, 20 Jul 2022 12:40:53 -0400 Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 07C265B7B5; Wed, 20 Jul 2022 09:40:51 -0700 (PDT) Received: from pps.filterd (m0246630.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 26KGcxQI001728; Wed, 20 Jul 2022 16:40:41 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : content-transfer-encoding : content-type : mime-version; s=corp-2022-7-12; bh=TGMcGJsbirpOY2qimXpRWfb6n7IerPm9vCCSQGA/2Po=; b=MEyNJebX1O/UAzqAiFTvw3TBjHLk/l8TL+nkfpf/rmfD7OegZWKeB3r/XjufWLj5hTGE 2LTDKzoKYN/jQj6R1+CIy2JwhqHTBkJ3ZsFreMuJKrApfkqj05gEA9RjIMiCvaPHhBR1 igl2W9UklsPvzosamB997YaoPycoKKODYE2w71shjLu/yBpNUWXIj4vQCkWil2Ug512D BXCHiMhy7tCe6jOAL6lNyuR3Dxdsd4iQ3f3Nl56nmX2YrvOcPirHvFsHhxMI0hN6/JXF D/uC/YRnxPSLgVOa8q2XLRiQ+91V32+Klx+gb0NC+X9oqkdCk07voTYKeuGZHDFhMvI6 7g== Received: from phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta02.appoci.oracle.com [147.154.114.232]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3hbkrc9xed-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 Jul 2022 16:40:40 +0000 Received: from pps.filterd (phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.5/8.17.1.5) with ESMTP id 26KF8sr3009872; Wed, 20 Jul 2022 16:40:40 GMT Received: from nam10-bn7-obe.outbound.protection.outlook.com (mail-bn7nam10lp2107.outbound.protection.outlook.com [104.47.70.107]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3hc1ghjpdy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 20 Jul 2022 16:40:39 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=TcLLMuHJ2BHL75UalFh5Vs3EWonpwYiCAfH0slOMzLXjqavporJJxmUufc6ki3EU6DPiHbAezyMwotSM+8XGeLkO2sbpLdKhZcKZOSzAUeT2xdgikvwF+GbBqX7krBrycWOAdbffzuf3IkWXnBFsyv/k2sEcE5kvI6Tbe2N/LNs1CgDFZpe85Q8TdDreJTmnGkvdBjGAIQsa+4h9m+R7ZETi3uWlY3HcbCFR/SuCEPd4hoVKnIlAiLDXI11ZPeTbp1LiL/17UYvRan19cj4i+Lul82I7O5wTKRq+qU3EPEg7NtO0hH3iedEjiArdn/C9CVQSvskur/HmSAmjcVd2IQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TGMcGJsbirpOY2qimXpRWfb6n7IerPm9vCCSQGA/2Po=; b=bKOzmwSKHnhsVOON0IRGs137ut64EFCjdtkY5WAQs42iaIZqK0auew3iM+sEmfUzV6In9ubT2Gx3BzV3zSMQBkjDYodjBAPUumPqfgQSy8eX39xilNq8GPAk1sUT3Ta+93a0cfzyuWVM33unVPbDPy1rjCA+Zx9yyVe+f3I9EKV/C8BvUZ3lcC2Pb22vEgc7PRRUK0bZYCkFPxUBZLuzV9iS1OgGpJCsiETnqPphkG0ufkW0C8jeFE9LUCFznh3Amrx6PDhPKZYdCiyuHyphfx2YAKSFmj/YkOYsif5qAP/9eeE+CQEkLIb9pT+o+6W+cmUSuN+qmhL9sAQ2yDXEcw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com; dkim=pass header.d=oracle.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TGMcGJsbirpOY2qimXpRWfb6n7IerPm9vCCSQGA/2Po=; b=QZWWOd9lstsxilZaxwdRHRzZ710rJP/92OhEN/dxgyvtTaiY2k5RJFnCf5JIiC8DlDwSKAQHbXuj4kfqQvKI1vbHXHvEmRpboQEY8Yj1VMOBXqPQNZDfz/Zg5K+bdY9swJ4QMKFvSY6f/g7N2Zqn04uvfurKOebE21yEmPOgjY0= Received: from CH2PR10MB4150.namprd10.prod.outlook.com (2603:10b6:610:ac::13) by BLAPR10MB5169.namprd10.prod.outlook.com (2603:10b6:208:331::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5438.12; Wed, 20 Jul 2022 16:40:37 +0000 Received: from CH2PR10MB4150.namprd10.prod.outlook.com ([fe80::21ce:9dc9:abc2:dd08]) by CH2PR10MB4150.namprd10.prod.outlook.com ([fe80::21ce:9dc9:abc2:dd08%5]) with mapi id 15.20.5438.023; Wed, 20 Jul 2022 16:40:37 +0000 From: Eric Snowberg To: torvalds@linux-foundation.org Cc: linux-integrity@vger.kernel.org, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, jmorris@namei.org, serge@hallyn.com, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, john.haxby@oracle.com, eric.snowberg@oracle.com Subject: [PATCH v2 0/1] lockdown: Fix kexec lockdown bypass with ima policy Date: Wed, 20 Jul 2022 12:40:26 -0400 Message-Id: <20220720164027.3697950-1-eric.snowberg@oracle.com> X-Mailer: git-send-email 2.27.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-ClientProxiedBy: SA0PR12CA0027.namprd12.prod.outlook.com (2603:10b6:806:6f::32) To CH2PR10MB4150.namprd10.prod.outlook.com (2603:10b6:610:ac::13) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 611d9783-8776-40d7-4b39-08da6a6e9350 X-MS-TrafficTypeDiagnostic: BLAPR10MB5169:EE_ X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: LFVDz4DKVqGJ0UVHB4afbZdsqrBJpraBtFHLrNUirhzq/cccSLHQya2N5YBRGmLi07D3w4A0Q35Mfae16JfNa8TTxZX5PsCBWc7fuOudkLFDKwerGmYE6yMyH//XcRL9Xj2mdXZQAimpxioKzp+kasnidAhK8VshGjsog+5ecmxnFRqRHbvgl2dhgn0vW+jgplhHecXXU0Y346ZnBJyUTw6/2/nFGU9+HLZgzVsBR4B02FogM1+iGqHqWsaRcspc5Z7QxiXQEuJ5O3kinfd+gvu8qTaYDAwVvqzjs2niVGdTZ0t85Zd3hJy/pk0TXS3b1onIdcmE1+YN/VsidIgxXqPzKcFmUxKpqT0ZWP7c1zWNevrRXvNSnmJ3Un5nJaQ3YJr6rZWoH8BsaoluKCP6SU+pcsaR8M2iLCpQernlbWRbe08ZBAocA7kOly6Vz1NY6+fNpqq7mMsh39wC+1eYpmO5Mb6ZMHsHZWddJ8ghhx5aRQy71wkbD1WaB4CVXZtFNe85OIFBkVVFzA0a0B+Bi6mv0e1SMTkBpF161aIinBKLB+i6pd/y2+AD5A17wE7Bj/ojxS3de/wyjjitL4wPT/P12cHNoq0PuUmNiDj6Y2dQW0ReW783JJ8AXLv4seaQ8psT4rnC7FFE9DZ6qno/ms/V/aio8p4VcW4aSZtlKzUFdwFBh9r76maogWLNbvV6/lMkb6Ye1nWTqCNVZb2jsIhUauMy+EDtyxqaAINZQf7GU/LaRNnzK9mCfio6v4U4XV+1A4fScst0ZXgNfVHpcwAhAjoGG7iUwT9Lj3kGhio= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH2PR10MB4150.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230016)(396003)(136003)(346002)(366004)(376002)(39860400002)(38350700002)(107886003)(1076003)(83380400001)(2616005)(186003)(44832011)(316002)(66946007)(66556008)(66476007)(38100700002)(8676002)(4326008)(6916009)(36756003)(86362001)(6506007)(26005)(52116002)(6512007)(4744005)(8936002)(5660300002)(478600001)(2906002)(6486002)(41300700001)(6666004);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?86St5w6hjPXcTkFIW2N1zdNHB+MaXWtR2mxtQZSDIN14RJHzcuGHOqfHsXQi?= =?us-ascii?Q?/M85onk8QUYQANTif4Qxjnfv1juzJ1zDTxFe+05t6/vJ53YddNE6kztEeBlM?= =?us-ascii?Q?sFHbUKv0cKUaeTr3Nm5bX1yMPgcJzagMcim3WX6pOZt2CcvatuUmO15XVcSW?= =?us-ascii?Q?OmH/3K2Ev+ncaz56qvKZOqVQn6ydtLm5Gid1tnuBi+xtl7cwjh7qiR0VElWT?= =?us-ascii?Q?nwaSkNWtY/yti2i905rSUTK8OkBMgupwSjJiOafuvyrHbdxhH7FE7HWL+9UN?= =?us-ascii?Q?mDUb0zrJORBAYxqD+aDBXOVMgcCieaGDNLTjwnOWVGcTQ8a0Drp95TIO6bkX?= =?us-ascii?Q?YUXglzWUGGRuzd5Wqp1zBy2XE1Jl3P0QTUKjZ4Y8eYG9gKZJyPTVtJlbLkqu?= =?us-ascii?Q?Sbjwsto/uqJf+W/HtdWWIqsgHdbgQ8lH5xXVLGHQxGgN4siJPKbbUPeq2mtB?= =?us-ascii?Q?hKVyK4hUMkktkVZko94JoC+ROwhPML1XQIJfzY3XrQWoyF2zR19XGqGpGFAW?= =?us-ascii?Q?91x/SKWFKvplNemGFBNcNiDTZV9L3q8g/iYVCfv13ajN+Uw9hvDnstOXyUTR?= =?us-ascii?Q?uUwxRJxrtSX3+GMIi47g/k0eBBrlrP+DcucLBAVTs80IpABgQXkZ8okKlqv3?= =?us-ascii?Q?9jbG2xj5KtBCeJJENJ7MvECIkDCPaERZR86KLlkNTUTD/FZySdSIvwFIZwyd?= =?us-ascii?Q?siw9DikJ15kmAZsgkPSDcOCy/pNOaJi7ChmM2AWPNxohZc7pJ4HyW3VXulM0?= =?us-ascii?Q?ST4cvV76RWCq05YgbhxbrLB4LUaac9+7WP32QFdcHQtyxF+JmPKBDEpQYUVj?= =?us-ascii?Q?t9uMI2+nxjzTPdrDuGxEZ449LukC3BpYmLwLGRMyY6t5T4fU9Seyd9qgFXK4?= =?us-ascii?Q?sdtTnkXEEmXiZPcmB9Y7/x+nf1ZtrFPEfY8isnuKufY61tTcMwSspgefBijE?= =?us-ascii?Q?L7lhoPE4E/uYXYb5FdQBoIYWoR4Na6EDiv2IDKAFA08FmhbB4WxQdNdULzPc?= =?us-ascii?Q?ikUDOIJtf1Y4xnJ79Hg6eimcM4yDowekiLeFPE0Al89kHxYHaZAb5zd6zUTK?= =?us-ascii?Q?D2osBDh1Zu01bOrZd/dfR/5wB7RgRfsTXomGAxeJvDgmg7gou2iFOHcBF6hf?= =?us-ascii?Q?ox2YCubijd3DTgAoPvczkzS2ETFlfuROp85Ur2D2zJ5WcwSX/gX2mKTZ3kJW?= =?us-ascii?Q?5vrPj5q5WxAS4X3YcPgEWFDckO/yYrxP03YXhnys9oGnJYmYLgHrT3xQyBjC?= =?us-ascii?Q?NvfApY9Qb5choYL8L/FV7ToIvK3tB74gjc2tk7RkHIL+fERFoXhBWzRB972G?= =?us-ascii?Q?d208SiUlazbqH+3gllhDdeDOGg2i4IIXgoGKt0eoFp61IkdQRq55fqQCB+kC?= =?us-ascii?Q?Q0NNFR+D5NAwekQARDG/TwLrfC9Er/rQbEb6i22B3UX+1CV45mlxrH7/8JVd?= =?us-ascii?Q?tdwVlLbBGeKq8SMwjR+ULV4BAskDBTq+8KHwkMoQZXeJb7EFUUB+PQpvinjA?= =?us-ascii?Q?E3Mjs9emhE2PbwPUg5n/A6CdkWk7HmLejtD/5Pjzd7XCthbKrqiGiUzjNpee?= =?us-ascii?Q?VIX4s0tEQXr0Tcw0I+2zRI75bixIodjB6FXT94Ut?= X-OriginatorOrg: oracle.com X-MS-Exchange-CrossTenant-Network-Message-Id: 611d9783-8776-40d7-4b39-08da6a6e9350 X-MS-Exchange-CrossTenant-AuthSource: CH2PR10MB4150.namprd10.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jul 2022 16:40:37.8660 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: OG6zC40TKfP2buvgOBcamA53ionoolYTA0XJA8T6B3QP1mqrkV/jNOKCd5uPAKS7emE0DEEMgbMV/TECvqR7HiowTnTEmnl5Pn4rrbNWU2w= X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLAPR10MB5169 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-07-20_10,2022-07-20_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=890 spamscore=0 bulkscore=0 malwarescore=0 adultscore=0 mlxscore=0 phishscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2206140000 definitions=main-2207200068 X-Proofpoint-GUID: WZiXasiDYgfP7Uhlwpd4hx1MfF8GKg3p X-Proofpoint-ORIG-GUID: WZiXasiDYgfP7Uhlwpd4hx1MfF8GKg3p X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Linus, Please see this patch - which was under embargo until yesterday. Please commit it in your tree, or please let me know your preference. Thanks, Eric Snowberg (1): lockdown: Fix kexec lockdown bypass with ima policy security/integrity/ima/ima_policy.c | 4 ++++ 1 file changed, 4 insertions(+) -- 2.27.0