From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1760979Ab3IDUKG (ORCPT ); Wed, 4 Sep 2013 16:10:06 -0400 Received: from g4t0017.houston.hp.com ([15.201.24.20]:36636 "EHLO g4t0017.houston.hp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753657Ab3IDUKD (ORCPT ); Wed, 4 Sep 2013 16:10:03 -0400 Date: Wed, 4 Sep 2013 14:09:59 -0600 From: jerry.hoemann@hp.com To: Matthew Garrett Cc: linux-kernel@vger.kernel.org, linux-efi@vger.kernel.org, keescook@chromium.org, hpa@zytor.com, kexec Subject: Re: [PATCH V3 08/11] kexec: Disable at runtime if the kernel enforces module loading restrictions Message-ID: <20130904200959.GE8540@anatevka.fc.hp.com> Reply-To: jerry.hoemann@hp.com References: <1378252218-18798-1-git-send-email-matthew.garrett@nebula.com> <1378252218-18798-9-git-send-email-matthew.garrett@nebula.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1378252218-18798-9-git-send-email-matthew.garrett@nebula.com> User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Sep 03, 2013 at 07:50:15PM -0400, Matthew Garrett wrote: > kexec permits the loading and execution of arbitrary code in ring 0, which > is something that module signing enforcement is meant to prevent. It makes > sense to disable kexec in this situation. > > Signed-off-by: Matthew Garrett Matthew, Disabling kexec will disable kdump, correct? Are there plans to enable kdump on a system where secure boot is enabled? thanks Jerry > --- > kernel/kexec.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/kernel/kexec.c b/kernel/kexec.c > index 59f7b55..3e2b63a 100644 > --- a/kernel/kexec.c > +++ b/kernel/kexec.c > @@ -32,6 +32,7 @@ > #include > #include > #include > +#include > > #include > #include > @@ -943,6 +944,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments, > return -EPERM; > > /* > + * kexec can be used to circumvent module loading restrictions, so > + * prevent loading in that case > + */ > + if (secure_modules()) > + return -EPERM; > + > + /* > * Verify we have a legal set of flags > * This leaves us room for future extensions. > */ > -- > 1.8.3.1 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-efi" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- ---------------------------------------------------------------------------- Jerry Hoemann Software Engineer Hewlett-Packard/MODL 3404 E Harmony Rd. MS 57 phone: (970) 898-1022 Ft. Collins, CO 80528 FAX: (970) 898-XXXX email: jerry.hoemann@hp.com ---------------------------------------------------------------------------- From mboxrd@z Thu Jan 1 00:00:00 1970 From: jerry.hoemann-VXdhtT5mjnY@public.gmane.org Subject: Re: [PATCH V3 08/11] kexec: Disable at runtime if the kernel enforces module loading restrictions Date: Wed, 4 Sep 2013 14:09:59 -0600 Message-ID: <20130904200959.GE8540@anatevka.fc.hp.com> References: <1378252218-18798-1-git-send-email-matthew.garrett@nebula.com> <1378252218-18798-9-git-send-email-matthew.garrett@nebula.com> Reply-To: jerry.hoemann-VXdhtT5mjnY@public.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: <1378252218-18798-9-git-send-email-matthew.garrett-05XSO3Yj/JvQT0dZR+AlfA@public.gmane.org> Sender: linux-efi-owner-u79uwXL29TY76Z2rM5mHXA@public.gmane.org To: Matthew Garrett Cc: linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-efi-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, keescook-F7+t8E8rja9g9hUCZPvPmw@public.gmane.org, hpa-YMNOUZJC4hwAvxtiuMwx3w@public.gmane.org, kexec List-Id: linux-efi@vger.kernel.org On Tue, Sep 03, 2013 at 07:50:15PM -0400, Matthew Garrett wrote: > kexec permits the loading and execution of arbitrary code in ring 0, which > is something that module signing enforcement is meant to prevent. It makes > sense to disable kexec in this situation. > > Signed-off-by: Matthew Garrett Matthew, Disabling kexec will disable kdump, correct? Are there plans to enable kdump on a system where secure boot is enabled? thanks Jerry > --- > kernel/kexec.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > > diff --git a/kernel/kexec.c b/kernel/kexec.c > index 59f7b55..3e2b63a 100644 > --- a/kernel/kexec.c > +++ b/kernel/kexec.c > @@ -32,6 +32,7 @@ > #include > #include > #include > +#include > > #include > #include > @@ -943,6 +944,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments, > return -EPERM; > > /* > + * kexec can be used to circumvent module loading restrictions, so > + * prevent loading in that case > + */ > + if (secure_modules()) > + return -EPERM; > + > + /* > * Verify we have a legal set of flags > * This leaves us room for future extensions. > */ > -- > 1.8.3.1 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-efi" in > the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- ---------------------------------------------------------------------------- Jerry Hoemann Software Engineer Hewlett-Packard/MODL 3404 E Harmony Rd. MS 57 phone: (970) 898-1022 Ft. Collins, CO 80528 FAX: (970) 898-XXXX email: jerry.hoemann-VXdhtT5mjnY@public.gmane.org ----------------------------------------------------------------------------