Received: by 10.223.164.221 with SMTP id h29csp42620wrb;
        Fri, 20 Oct 2017 16:27:48 -0700 (PDT)
X-Google-Smtp-Source: ABhQp+QvUfHCZmwf9nsfAiYs4Fptnu3FSpiisPpgmuV90Vjyi2viEf1ng0Va1nV3TXxsrKA51bI6
X-Received: by 10.84.244.140 with SMTP id h12mr5339980pll.110.1508542068008;
        Fri, 20 Oct 2017 16:27:48 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1508542067; cv=none;
        d=google.com; s=arc-20160816;
        b=i3gPumKTyjAOTuXX50dzjvecS+4b9ScOnG6GJJRzeKoyBtU8gIFsFKKzwqQatsLKlz
         5C3AOcrw6aniwyOYmf9qAan2wof32d7LxWQldrmbcNUnWfqPQ3vGQUVN+tb9tL70heAs
         v2LGaDoqeqrmhkLeYns5GCWs3023L1H9b2vzm3CID/ERi7T6VjAH8bCTXoXRauCchwMj
         FD7LcMMSk0WuBWbZPKwWP4+fskTQQiAzWwu5HSelLxN5iDI5sxejOOMw13i7RP3ZFVTK
         qt0RIo2qmW2ww4LDEJok2qDM0UJY+a8PZTHraDPS8qWPfIsJt813WPWnRsrI50S7CF2D
         3Bjw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :message-id:in-reply-to:subject:cc:to:from:date
         :arc-authentication-results;
        bh=GtYbOeJgbXm4iJHUodo9uz7hMDzdE2YuvCy3AG281WI=;
        b=KZhudCzIfcc72eZzDTI1LFdb7lz9EgA2oMIugEUFetK4G4dRBtJNd4SgfNfP010zCc
         qcnsM70t/RqP1Git+KR8Ubqy2XrQi/CPAlr+xMWw9V1jc1qAJN1B8Q0NFiyXOyEKrEfr
         9JZ4e7v5rjQKssfdMsb/NjagfNIOd5xulRhrpi2Vhzzdc9Zrqfo2eB32QRN/GC/9ODRd
         rl7wdIhFtqVWCbcksVm3IyNH5iLTI7Wpq2f9Q16fc9CNuD7EYb0hmkEJCaRLk3jlx+5N
         sZbRm4evycmA7+I6x+FH1lEwr33BIV3j/QBJUkqF7lm9nQLmZ+uZmmdy5HqLQ86I/Xnk
         kYgQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id i10si1295859pgr.706.2017.10.20.16.27.34;
        Fri, 20 Oct 2017 16:27:47 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753428AbdJTX0k (ORCPT <rfc822;learnos2017@gmail.com>
        + 99 others); Fri, 20 Oct 2017 19:26:40 -0400
Received: from aserp1040.oracle.com ([141.146.126.69]:20238 "EHLO
        aserp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1752498AbdJTX0h (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 20 Oct 2017 19:26:37 -0400
Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234])
        by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v9KNQURu026522
        (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Fri, 20 Oct 2017 23:26:30 GMT
Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72])
        by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id v9KNQTgQ011957
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
        Fri, 20 Oct 2017 23:26:30 GMT
Received: from abhmp0005.oracle.com (abhmp0005.oracle.com [141.146.116.11])
        by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id v9KNQTqe030874;
        Fri, 20 Oct 2017 23:26:29 GMT
Received: from t440 (/87.200.50.7)
        by default (Oracle Beehive Gateway v4.0)
        with ESMTP ; Fri, 20 Oct 2017 16:26:28 -0700
Date:   Sat, 21 Oct 2017 03:26:22 +0400 (+04)
From:   James Morris <james.l.morris@oracle.com>
X-X-Sender: james.l.morris@t440
To:     David Howells <dhowells@redhat.com>
cc:     linux-security-module@vger.kernel.org, gnomes@lxorguk.ukuu.org.uk,
        linux-efi@vger.kernel.org, matthew.garrett@nebula.com,
        gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org,
        jforbes@redhat.com
Subject: Re: [PATCH 07/27] kexec_file: Disable at runtime if securelevel has
 been set
In-Reply-To: <150842468754.7923.10037578333644594134.stgit@warthog.procyon.org.uk>
Message-ID: <alpine.LFD.2.20.1710210326100.9435@t440>
References: <150842463163.7923.11081723749106843698.stgit@warthog.procyon.org.uk> <150842468754.7923.10037578333644594134.stgit@warthog.procyon.org.uk>
User-Agent: Alpine 2.20 (LFD 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
X-Source-IP: aserv0022.oracle.com [141.146.126.234]
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, 19 Oct 2017, David Howells wrote:

> From: Chun-Yi Lee <joeyli.kernel@gmail.com>
> 
> When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image
> through kexec_file systemcall if securelevel has been set.
> 
> This code was showed in Matthew's patch but not in git:
> https://lkml.org/lkml/2015/3/13/778
> 


Reviewed-by: James Morris <james.l.morris@oracle.com>

-- 
James Morris
<james.l.morris@oracle.com>


From 1581706022474432608@xxx Thu Oct 19 17:00:09 +0000 2017
X-GM-THRID: 1581706022474432608
X-Gmail-Labels: Inbox,Category Forums