| From: Matthew Garrett <matthew.garrett@nebula.com> |
| Date: Fri, 9 Aug 2013 03:33:56 -0400 |
| Subject: [PATCH] kexec: Disable at runtime if the kernel enforces module |
| loading restrictions |
| |
| kexec permits the loading and execution of arbitrary code in ring 0, which |
| is something that module signing enforcement is meant to prevent. It makes |
| sense to disable kexec in this situation. |
| |
| Signed-off-by: Matthew Garrett <matthew.garrett@nebula.com> |
| |
| kernel/kexec.c | 8 ++++++++ |
| 1 file changed, 8 insertions(+) |
| |
| diff --git a/kernel/kexec.c b/kernel/kexec.c |
| index 2bee072268d9..891477dbfee0 100644 |
| |
| |
| @@ -36,6 +36,7 @@ |
| #include <linux/syscore_ops.h> |
| #include <linux/compiler.h> |
| #include <linux/hugetlb.h> |
| +#include <linux/module.h> |
| |
| #include <asm/page.h> |
| #include <asm/uaccess.h> |
| @@ -1251,6 +1252,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments, |
| return -EPERM; |
| |
| /* |
| + * kexec can be used to circumvent module loading restrictions, so |
| + * prevent loading in that case |
| + */ |
| + if (secure_modules()) |
| + return -EPERM; |
| + |
| + /* |
| * Verify we have a legal set of flags |
| * This leaves us room for future extensions. |
| */ |
| -- |
| 2.1.0 |
| |