Modify sys_kexec() so that it allows only signed processes to execute
sys_kexec() when secureboot is enabled.
Signed-off-by: Vivek Goyal <vgoyal@xxxxxxxxxx>
---
kernel/kexec.c | 27 +++++++++++++++++++++++++++
1 file changed, 27 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 3e2b63a..f15e302 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -908,6 +908,29 @@ static int kimage_load_segment(struct kimage *image,
return result;
}
+static int check_task_signature(void)
+{
+ int ret = 0;
+ const struct cred *cred;
+
+ /* If secureboot is enabled, There are extra checks required */
+ if (!secure_modules())
+ return ret;
+
+ /*
+ * Calling process should be signed, memlocked.
+ */
+
+ if (!test_bit(MMF_VM_LOCKED, ¤t->mm->flags))
+ return -EPERM;
+
+ cred = current_cred();
+ if (!cred->proc_signed)
+ return -EPERM;
+
+ return ret;
+}
+
/*
* Exec Kernel system call: for obvious reasons only root may call it.
*
@@ -950,6 +973,10 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
if (secure_modules())
return -EPERM;
+ result = check_task_signature();
+ if (result)
+ return result;
+
/*
* Verify we have a legal set of flags
* This leaves us room for future extensions.
--
1.8.3.1
_______________________________________________
kernel mailing list
kernel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/kernel
