Received: by 10.223.164.221 with SMTP id h29csp42620wrb; Fri, 20 Oct 2017 16:27:48 -0700 (PDT) X-Google-Smtp-Source: ABhQp+QvUfHCZmwf9nsfAiYs4Fptnu3FSpiisPpgmuV90Vjyi2viEf1ng0Va1nV3TXxsrKA51bI6 X-Received: by 10.84.244.140 with SMTP id h12mr5339980pll.110.1508542068008; Fri, 20 Oct 2017 16:27:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1508542067; cv=none; d=google.com; s=arc-20160816; b=i3gPumKTyjAOTuXX50dzjvecS+4b9ScOnG6GJJRzeKoyBtU8gIFsFKKzwqQatsLKlz 5C3AOcrw6aniwyOYmf9qAan2wof32d7LxWQldrmbcNUnWfqPQ3vGQUVN+tb9tL70heAs v2LGaDoqeqrmhkLeYns5GCWs3023L1H9b2vzm3CID/ERi7T6VjAH8bCTXoXRauCchwMj FD7LcMMSk0WuBWbZPKwWP4+fskTQQiAzWwu5HSelLxN5iDI5sxejOOMw13i7RP3ZFVTK qt0RIo2qmW2ww4LDEJok2qDM0UJY+a8PZTHraDPS8qWPfIsJt813WPWnRsrI50S7CF2D 3Bjw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :message-id:in-reply-to:subject:cc:to:from:date :arc-authentication-results; bh=GtYbOeJgbXm4iJHUodo9uz7hMDzdE2YuvCy3AG281WI=; b=KZhudCzIfcc72eZzDTI1LFdb7lz9EgA2oMIugEUFetK4G4dRBtJNd4SgfNfP010zCc qcnsM70t/RqP1Git+KR8Ubqy2XrQi/CPAlr+xMWw9V1jc1qAJN1B8Q0NFiyXOyEKrEfr 9JZ4e7v5rjQKssfdMsb/NjagfNIOd5xulRhrpi2Vhzzdc9Zrqfo2eB32QRN/GC/9ODRd rl7wdIhFtqVWCbcksVm3IyNH5iLTI7Wpq2f9Q16fc9CNuD7EYb0hmkEJCaRLk3jlx+5N sZbRm4evycmA7+I6x+FH1lEwr33BIV3j/QBJUkqF7lm9nQLmZ+uZmmdy5HqLQ86I/Xnk kYgQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=oracle.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i10si1295859pgr.706.2017.10.20.16.27.34; Fri, 20 Oct 2017 16:27:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753428AbdJTX0k (ORCPT + 99 others); Fri, 20 Oct 2017 19:26:40 -0400 Received: from aserp1040.oracle.com ([141.146.126.69]:20238 "EHLO aserp1040.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752498AbdJTX0h (ORCPT ); Fri, 20 Oct 2017 19:26:37 -0400 Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by aserp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id v9KNQURu026522 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Oct 2017 23:26:30 GMT Received: from userv0121.oracle.com (userv0121.oracle.com [156.151.31.72]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id v9KNQTgQ011957 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 20 Oct 2017 23:26:30 GMT Received: from abhmp0005.oracle.com (abhmp0005.oracle.com [141.146.116.11]) by userv0121.oracle.com (8.14.4/8.13.8) with ESMTP id v9KNQTqe030874; Fri, 20 Oct 2017 23:26:29 GMT Received: from t440 (/87.200.50.7) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Fri, 20 Oct 2017 16:26:28 -0700 Date: Sat, 21 Oct 2017 03:26:22 +0400 (+04) From: James Morris X-X-Sender: james.l.morris@t440 To: David Howells cc: linux-security-module@vger.kernel.org, gnomes@lxorguk.ukuu.org.uk, linux-efi@vger.kernel.org, matthew.garrett@nebula.com, gregkh@linuxfoundation.org, linux-kernel@vger.kernel.org, jforbes@redhat.com Subject: Re: [PATCH 07/27] kexec_file: Disable at runtime if securelevel has been set In-Reply-To: <150842468754.7923.10037578333644594134.stgit@warthog.procyon.org.uk> Message-ID: References: <150842463163.7923.11081723749106843698.stgit@warthog.procyon.org.uk> <150842468754.7923.10037578333644594134.stgit@warthog.procyon.org.uk> User-Agent: Alpine 2.20 (LFD 67 2015-01-07) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Source-IP: aserv0022.oracle.com [141.146.126.234] Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 19 Oct 2017, David Howells wrote: > From: Chun-Yi Lee > > When KEXEC_VERIFY_SIG is not enabled, kernel should not loads image > through kexec_file systemcall if securelevel has been set. > > This code was showed in Matthew's patch but not in git: > https://lkml.org/lkml/2015/3/13/778 > Reviewed-by: James Morris -- James Morris From 1581706022474432608@xxx Thu Oct 19 17:00:09 +0000 2017 X-GM-THRID: 1581706022474432608 X-Gmail-Labels: Inbox,Category Forums