Modify sys_kexec() so that it allows only signed processes to execute
sys_kexec() when secureboot is enabled.
Signed-off-by: Vivek Goyal <vgoyal at redhat.com>
---
kernel/kexec.c | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 59f7b55..478566e 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -907,6 +907,31 @@ static int kimage_load_segment(struct kimage *image,
return result;
}
+static int check_task_signature(void)
+{
+ int ret = 0;
+ const struct cred *cred;
+
+ /* If secureboot is enabled, There are extra checks required */
+ /* TODO: Change it once secure_level patches stablize */
+/*
+ if (!secure_modules())
+ return ret;
+*/
+ /*
+ * Calling process should be signed, memlocked.
+ */
+
+ if (!test_bit(MMF_VM_LOCKED, ¤t->mm->flags))
+ return -EPERM;
+
+ cred = current_cred();
+ if (!cred->proc_signed)
+ return -EPERM;
+
+ return ret;
+}
+
/*
* Exec Kernel system call: for obvious reasons only root may call it.
*
@@ -942,6 +967,10 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
if (!capable(CAP_SYS_BOOT))
return -EPERM;
+ result = check_task_signature();
+ if (result)
+ return result;
+
/*
* Verify we have a legal set of flags
* This leaves us room for future extensions.
--
1.8.3.1
