diff options
author | Matthew Garrett <mjg59@srcf.ucam.org> | 2019-08-20 02:17:42 +0200 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2019-08-20 06:54:15 +0200 |
commit | 7d31f4602f8d366072471ca138e4ea7b8edf9be0 (patch) | |
tree | d6c84bb75d5972c3c2ba086f6e7179d82f36393d /kernel | |
parent | lockdown: Restrict /dev/{mem,kmem,port} when the kernel is locked down (diff) | |
download | linux-7d31f4602f8d366072471ca138e4ea7b8edf9be0.tar.xz linux-7d31f4602f8d366072471ca138e4ea7b8edf9be0.zip |
kexec_load: Disable at runtime if the kernel is locked down
The kexec_load() syscall permits the loading and execution of arbitrary
code in ring 0, which is something that lock-down is meant to prevent. It
makes sense to disable kexec_load() in this situation.
This does not affect kexec_file_load() syscall which can check for a
signature on the image to be booted.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Matthew Garrett <mjg59@google.com>
Acked-by: Dave Young <dyoung@redhat.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
cc: kexec@lists.infradead.org
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/kexec.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/kernel/kexec.c b/kernel/kexec.c index 1b018f1a6e0d..bc933c0db9bf 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c @@ -206,6 +206,14 @@ static inline int kexec_load_check(unsigned long nr_segments, return result; /* + * kexec can be used to circumvent module loading restrictions, so + * prevent loading in that case + */ + result = security_locked_down(LOCKDOWN_KEXEC); + if (result) + return result; + + /* * Verify we have a legal set of flags * This leaves us room for future extensions. */ |