From b78557a6be3420c5bf72bae36b0ab5286075ce14 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@srcf.ucam.org>
Date: Fri, 9 Aug 2013 03:33:56 -0400
Subject: [PATCH 08/16] kexec: Disable at runtime if securelevel has been set.

Patch-mainline: Queued in subsystem maintainer repository
Git-repo: https://github.com/mjg59/linux
Git-commit: b78557a6be3420c5bf72bae36b0ab5286075ce14
References: fate#320387

kexec permits the loading and execution of arbitrary code in ring 0,
which permits the modification of the running kernel. Prevent this if
securelevel has been set.

Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Acked-by: Lee, Chun-Yi <jlee@suse.com>
---
 kernel/kexec.c      |    4 ++++
 kernel/kexec_file.c |   10 ++++++++++
 2 files changed, 14 insertions(+)

--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -17,6 +17,7 @@
 #include <linux/syscalls.h>
 #include <linux/vmalloc.h>
 #include <linux/slab.h>
+#include <linux/security.h>
 
 #include "kexec_internal.h"
 
@@ -134,6 +135,9 @@ SYSCALL_DEFINE4(kexec_load, unsigned lon
 	if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
 		return -EPERM;
 
+	if (get_securelevel() > 0)
+		return -EPERM;
+
 	/*
 	 * Verify we have a legal set of flags
 	 * This leaves us room for future extensions.
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -22,6 +22,7 @@
 #include <crypto/sha.h>
 #include <linux/syscalls.h>
 #include <linux/vmalloc.h>
+#include <linux/security.h>
 #include "kexec_internal.h"
 
 /*
@@ -317,6 +318,15 @@ SYSCALL_DEFINE5(kexec_file_load, int, ke
 	if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
 		return -EPERM;
 
+#ifndef CONFIG_KEXEC_VERIFY_SIG
+	/*
+	 * Don't permit images to be loaded into trusted kernels if we're not
+	 * going to verify the signature on them
+	 */
+	if (get_securelevel() > 0)
+		return -EPERM;
+#endif
+
 	/* Make sure we have a legal set of flags */
 	if (flags != (flags & KEXEC_FILE_FLAGS))
 		return -EINVAL;