From mboxrd@z Thu Jan 1 00:00:00 1970 Return-path: Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fJKE0-0001iy-3m for kexec@lists.infradead.org; Thu, 17 May 2018 14:49:50 +0000 Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w4HEj0Ks012673 for ; Thu, 17 May 2018 10:49:45 -0400 Received: from e06smtp13.uk.ibm.com (e06smtp13.uk.ibm.com [195.75.94.109]) by mx0a-001b2d01.pphosted.com with ESMTP id 2j1bf0scn5-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 17 May 2018 10:49:44 -0400 Received: from localhost by e06smtp13.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 17 May 2018 15:49:42 +0100 From: Mimi Zohar Subject: [PATCH v2 4/9] kexec: add call to LSM hook in original kexec_load syscall Date: Thu, 17 May 2018 10:48:45 -0400 In-Reply-To: <1526568530-9144-1-git-send-email-zohar@linux.vnet.ibm.com> References: <1526568530-9144-1-git-send-email-zohar@linux.vnet.ibm.com> Message-Id: <1526568530-9144-5-git-send-email-zohar@linux.vnet.ibm.com> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "kexec" Errors-To: kexec-bounces+dwmw2=infradead.org@lists.infradead.org To: linux-integrity@vger.kernel.org Cc: Andres Rodriguez , Kees Cook , Ard Biesheuvel , Greg Kroah-Hartman , kexec@lists.infradead.org, linux-kernel@vger.kernel.org, David Howells , linux-security-module@vger.kernel.org, Eric Biederman , Mimi Zohar , "Luis R . Rodriguez" In order for LSMs and IMA-appraisal to differentiate between the original and new syscalls, both the original and new syscalls must call an LSM hook. This patch adds a call to security_kernel_read_blob() in the original kexec syscall. Signed-off-by: Mimi Zohar Cc: Eric Biederman Cc: Luis R. Rodriguez Cc: Kees Cook Cc: David Howells --- kernel/kexec.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/kernel/kexec.c b/kernel/kexec.c index aed8fb2564b3..64cebe92a690 100644 --- a/kernel/kexec.c +++ b/kernel/kexec.c @@ -11,6 +11,7 @@ #include #include #include +#include #include #include #include @@ -195,11 +196,21 @@ static int do_kexec_load(unsigned long entry, unsigned long nr_segments, static inline int kexec_load_check(unsigned long nr_segments, unsigned long flags) { + int result; + /* We only trust the superuser with rebooting the system. */ if (!capable(CAP_SYS_BOOT) || kexec_load_disabled) return -EPERM; /* + * Allow LSMs and IMA to differentiate between kexec_load and + * kexec_file_load syscalls. + */ + result = security_kernel_read_blob(READING_KEXEC_IMAGE); + if (result < 0) + return result; + + /* * Verify we have a legal set of flags * This leaves us room for future extensions. */ -- 2.7.5 _______________________________________________ kexec mailing list kexec@lists.infradead.org http://lists.infradead.org/mailman/listinfo/kexec