blob: 056936427d78796a12a02ff569fbb7edac8b51df (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
From: Chun-Yi Lee <joeyli.kernel@gmail.com>
Date: Wed, 8 Nov 2017 15:11:33 +0000
Subject: [08/29] kexec_file: Restrict at runtime if the kernel is locked down
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=eed4aca0409692d7d24bc64f5c98d346cd0506c4
When KEXEC_VERIFY_SIG is not enabled, kernel should not load images through
kexec_file systemcall if the kernel is locked down unless IMA can be used
to validate the image.
This code was showed in Matthew's patch but not in git:
https://lkml.org/lkml/2015/3/13/778
Cc: Matthew Garrett <mjg59@srcf.ucam.org>
Signed-off-by: Chun-Yi Lee <jlee@suse.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
cc: kexec@lists.infradead.org
---
kernel/kexec_file.c | 8 ++++++++
1 file changed, 8 insertions(+)
Index: linux/kernel/kexec_file.c
===================================================================
--- linux.orig/kernel/kexec_file.c
+++ linux/kernel/kexec_file.c
@@ -328,6 +328,14 @@ SYSCALL_DEFINE5(kexec_file_load, int, ke
if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
return -EPERM;
+ /* Don't permit images to be loaded into trusted kernels if we're not
+ * going to verify the signature on them
+ */
+ if (!IS_ENABLED(CONFIG_KEXEC_VERIFY_SIG) &&
+ !is_ima_appraise_enabled() &&
+ kernel_is_locked_down("kexec of unsigned images"))
+ return -EPERM;
+
/* Make sure we have a legal set of flags */
if (flags != (flags & KEXEC_FILE_FLAGS))
return -EINVAL;
|
