From b78557a6be3420c5bf72bae36b0ab5286075ce14 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@srcf.ucam.org>
Date: Fri, 9 Aug 2013 03:33:56 -0400
Subject: [PATCH 08/16] kexec: Disable at runtime if securelevel has been set.
Patch-mainline: Queued in subsystem maintainer repository
Git-repo: https://github.com/mjg59/linux
Git-commit: b78557a6be3420c5bf72bae36b0ab5286075ce14
References: fate#320387
kexec permits the loading and execution of arbitrary code in ring 0,
which permits the modification of the running kernel. Prevent this if
securelevel has been set.
Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
Acked-by: Lee, Chun-Yi <jlee@suse.com>
---
kernel/kexec.c | 4 ++++
kernel/kexec_file.c | 10 ++++++++++
2 files changed, 14 insertions(+)
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -17,6 +17,7 @@
#include <linux/syscalls.h>
#include <linux/vmalloc.h>
#include <linux/slab.h>
+#include <linux/security.h>
#include "kexec_internal.h"
@@ -134,6 +135,9 @@ SYSCALL_DEFINE4(kexec_load, unsigned lon
if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
return -EPERM;
+ if (get_securelevel() > 0)
+ return -EPERM;
+
/*
* Verify we have a legal set of flags
* This leaves us room for future extensions.
--- a/kernel/kexec_file.c
+++ b/kernel/kexec_file.c
@@ -22,6 +22,7 @@
#include <crypto/sha.h>
#include <linux/syscalls.h>
#include <linux/vmalloc.h>
+#include <linux/security.h>
#include "kexec_internal.h"
/*
@@ -317,6 +318,15 @@ SYSCALL_DEFINE5(kexec_file_load, int, ke
if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
return -EPERM;
+#ifndef CONFIG_KEXEC_VERIFY_SIG
+ /*
+ * Don't permit images to be loaded into trusted kernels if we're not
+ * going to verify the signature on them
+ */
+ if (get_securelevel() > 0)
+ return -EPERM;
+#endif
+
/* Make sure we have a legal set of flags */
if (flags != (flags & KEXEC_FILE_FLAGS))
return -EINVAL;