From patchwork Thu Apr 4 00:32:30 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Garrett X-Patchwork-Id: 10884687 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9CBBA922 for ; Thu, 4 Apr 2019 00:35:10 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8745E285A6 for ; Thu, 4 Apr 2019 00:35:10 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 7B9CA2897F; Thu, 4 Apr 2019 00:35:10 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0F716285A6 for ; Thu, 4 Apr 2019 00:35:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726805AbfDDAdS (ORCPT ); Wed, 3 Apr 2019 20:33:18 -0400 Received: from mail-vk1-f202.google.com ([209.85.221.202]:40735 "EHLO mail-vk1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726785AbfDDAdP (ORCPT ); Wed, 3 Apr 2019 20:33:15 -0400 Received: by mail-vk1-f202.google.com with SMTP id d64so437361vkg.7 for ; Wed, 03 Apr 2019 17:33:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=F7gwrLqBhitPmGCH3yDZVQC7NL1DApaJvsgcGKz9XZw=; b=sO21lW7sz/ns18hN7SlX/zr3jQmDJ3mtD+apq3GlD6ckhlTw4v2i3gXRCDm5Vs5mYJ LXfNtWylXdBIxsbGmj49dHEtJRQscclkifyUJzoI6tYiqt9G++U1u0mdT4UXu6GRsZrY nO9Xpph8Wlcubg6vFg0+ujbv4AIIyGkcFSBIu6hJLD1aFptXeunfoCHimJHu9ftuCjbj fHNRo8lSHZr1QTwAT2mMO1+TGOTMV08gr5UcjRCX0+XynqvJN1D2NJW1jGd2xgp96M7q YIOcYbi66upbn2IlI0Jyn8gqpwMLkYSB0ynJh9dN0VNKnzLvf6ke3qxidogrCkgeQbgh M0Cg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=F7gwrLqBhitPmGCH3yDZVQC7NL1DApaJvsgcGKz9XZw=; b=I5QmauOttGL/4FrLQSzrIEGqnnWfxJKqxi5/JON1syKplFfz9Rx4pVEG4UONjf/RpG FVfXpuubCVPfcDlJ2hj8xBEqqrD+u9D1IFDbyBvEgeeV16g99jMqiWjGHNwriOjv86Mc kaXW1AUPDKtQG69CR5dE+boSd4BMAvnXvINRu4IfpvnhOXk21SEc4A0ZJVYrK1QiTcZz zDSFnlaIMXZkeF7MZckwJWNX2GZP8HXSBVxPmnkayIjxJO1T1N41AxaKTJy+tz/bsJvW 3toro1NAYy/QtW3Lj2t4BJVVg9WxBfmntXnGpbw26jIFEy+F1hIqcB5s0iDEcY6cCwEL sovQ== X-Gm-Message-State: APjAAAVL68kUMQQpX+TMj+izNgjn0SSME5wBvOBatWOWwLelu004hjlh YxssHLkjk/4h9gQ4KZWxAd2ZrCC2J+rC3KkAnMIC9A== X-Google-Smtp-Source: APXvYqxLmuf70AXpG3iG6EAnmL96VT12fM4bfEXi3TJeEBqfuOYC0uB+zvU9Rtoi5NfBIV0Q26AsocD8JxxzMQZgEMeYHQ== X-Received: by 2002:ab0:2653:: with SMTP id q19mr418981uao.2.1554337994994; Wed, 03 Apr 2019 17:33:14 -0700 (PDT) Date: Wed, 3 Apr 2019 17:32:30 -0700 In-Reply-To: <20190404003249.14356-1-matthewgarrett@google.com> Message-Id: <20190404003249.14356-9-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190404003249.14356-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog Subject: [PATCH V32 08/27] hibernate: Disable when the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, linux-api@vger.kernel.org, luto@kernel.org, Josh Boyer , Matthew Garrett , rjw@rjwysocki.net, pavel@ucw.cz, linux-pm@vger.kernel.org Sender: linux-pm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-pm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Josh Boyer There is currently no way to verify the resume image when returning from hibernate. This might compromise the signed modules trust model, so until we can work with signed hibernate images we disable it when the kernel is locked down. Signed-off-by: Josh Boyer Signed-off-by: David Howells Signed-off-by: Matthew Garrett Cc: rjw@rjwysocki.net Cc: pavel@ucw.cz cc: linux-pm@vger.kernel.org --- kernel/power/hibernate.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c index abef759de7c8..928b198cfa26 100644 --- a/kernel/power/hibernate.c +++ b/kernel/power/hibernate.c @@ -70,7 +70,8 @@ static const struct platform_hibernation_ops *hibernation_ops; bool hibernation_available(void) { - return (nohibernate == 0); + return nohibernate == 0 && !kernel_is_locked_down("Hibernation", + LOCKDOWN_INTEGRITY); } /** From patchwork Thu Apr 4 00:32:31 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Garrett X-Patchwork-Id: 10884635 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 8452117E1 for ; Thu, 4 Apr 2019 00:33:21 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6CEE728913 for ; Thu, 4 Apr 2019 00:33:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 607452893D; Thu, 4 Apr 2019 00:33:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 9A3EB28913 for ; Thu, 4 Apr 2019 00:33:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726841AbfDDAdT (ORCPT ); Wed, 3 Apr 2019 20:33:19 -0400 Received: from mail-ot1-f73.google.com ([209.85.210.73]:34508 "EHLO mail-ot1-f73.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726796AbfDDAdS (ORCPT ); Wed, 3 Apr 2019 20:33:18 -0400 Received: by mail-ot1-f73.google.com with SMTP id 7so309768otj.1 for ; Wed, 03 Apr 2019 17:33:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=UWUYbOZniscPzPib57I8cPwH1j1zNPSziYufzU02lOY=; b=A2EFYZwEC5y58dctC8LWHsqA6qoE5h0LFuFYwP6Uwqnal/NFUhQVsKZ/0Ysr8bH//x FT17CqgqigWaJaw5c+416HEm1SOJ5orG1jO9WJ4kVGBoTxfe2sFF3NgIGiHr1ETJUCoC AGe5N/8cJDz2uObdp0e8WjGFpC8mGvo4d5ebbKSY9TuIQ8SyXWnil8fW2KzUZCt/aofk 8biDkpWIJeJyZnldpFA5lFAbH8dXFWs7Ho0n0l1twAexbAB/330nKb/6uAkKYGyTrW0N OJepi47SLo9FwbAlZUvw24949yhqGJ+zGZV7oTsTvqOH+6+6k01sIrImWHkw9JwsgDIu 28oA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=UWUYbOZniscPzPib57I8cPwH1j1zNPSziYufzU02lOY=; b=qKjRnpgJQZqtYirBPnEXooDYfVTFf4tsppGcKEQxl2khCGMbhBbSiCVknegPZLyRz0 X25S8o92kA9wI8cdvqAKgd8lXLfA4j7r9PwvEj3sxcUUnHp6bXGaGDdztqF8HzFor6EA aUfme4MR1e8SHqmYckG06R5vZksaNfsrARmFS+ELOd75B0zkf51Lee58e8TKeGPg+j1v BJRTfN+Zk/iWcNW1wgT3sFh+2zT4wQa97NZ3Oo5BCTSPFfYlh/GJ39bSE5Kv/9R9F8OA NHzcsLa+yMDNzifjNFtMs+r61fLxVrxBHLznPUcsEHj2miwct89b5HPNehanmU2pebc/ JZNA== X-Gm-Message-State: APjAAAV+xLihaffQna9ebP1fVnMY0AEH/Di4GCsJKgd9voS19AoJ57Eh NZ5JJKWEGMyZKATlxIo5tFki82ZlSMjA+xiAbDMsog== X-Google-Smtp-Source: APXvYqzL3jPDtiMeU77dXPt0+VSnZ8pBp/Uh79/K3V3E8HHlCSQfc9Fzun4Dp6GY5hR8FwEKn511hYcZ8i+fnLxtrC+4KQ== X-Received: by 2002:a9d:6343:: with SMTP id y3mr301853otk.38.1554337997827; Wed, 03 Apr 2019 17:33:17 -0700 (PDT) Date: Wed, 3 Apr 2019 17:32:31 -0700 In-Reply-To: <20190404003249.14356-1-matthewgarrett@google.com> Message-Id: <20190404003249.14356-10-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190404003249.14356-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog Subject: [PATCH V32 09/27] uswsusp: Disable when the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, linux-api@vger.kernel.org, luto@kernel.org, Matthew Garrett , Matthew Garrett , linux-pm@vger.kernel.org, pavel@ucw.cz, rjw@rjwysocki.net Sender: linux-pm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-pm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Matthew Garrett uswsusp allows a user process to dump and then restore kernel state, which makes it possible to modify the running kernel. Disable this if the kernel is locked down. Signed-off-by: David Howells Signed-off-by: Matthew Garrett cc: linux-pm@vger.kernel.org Cc: pavel@ucw.cz Cc: rjw@rjwysocki.net --- kernel/power/user.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/power/user.c b/kernel/power/user.c index 2d8b60a3c86b..99e13fd13237 100644 --- a/kernel/power/user.c +++ b/kernel/power/user.c @@ -52,6 +52,9 @@ static int snapshot_open(struct inode *inode, struct file *filp) if (!hibernation_available()) return -EPERM; + if (kernel_is_locked_down("/dev/snapshot", LOCKDOWN_INTEGRITY)) + return -EPERM; + lock_system_sleep(); if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {