From patchwork Mon Mar 25 22:09:35 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Garrett X-Patchwork-Id: 10870235 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id EB90814DE for ; Mon, 25 Mar 2019 22:12:29 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DC53E28C1D for ; Mon, 25 Mar 2019 22:12:29 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id D0B582908C; Mon, 25 Mar 2019 22:12:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 8348B28C1D for ; Mon, 25 Mar 2019 22:12:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730745AbfCYWM2 (ORCPT ); Mon, 25 Mar 2019 18:12:28 -0400 Received: from mail-ua1-f73.google.com ([209.85.222.73]:50104 "EHLO mail-ua1-f73.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730794AbfCYWKT (ORCPT ); Mon, 25 Mar 2019 18:10:19 -0400 Received: by mail-ua1-f73.google.com with SMTP id y1so1333185uaq.16 for ; Mon, 25 Mar 2019 15:10:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=uYemRAgVTJFGahU1zMfb1n2EMnLkr+SSlEuKQqgKmLY=; b=U9J1t3NxYbQMopyhw2GE3bLit1uMhrE4YcCM5dJ1VZEcPOPoJohS9muHLwrm4vQlDT 8XvcG/28ok21BF69yNbSQqCw3e6yjQAJUDrd2iaM/KgcHCo2BszrbFw8/6jMPHvtp/yf iWbLAQNCWBLdHGrn8i0OX9YYkOvt9fPMvh7laV3CW1NvPs5u0ovDE4DFMYQzJghhon6V bj6B9ZBfpvxXzkfjlaJuCbNMNi2Thezr5krapkJ9JEX32womUHt1rfjs8e8QB5aKcnQL DtOuGW6wgC0uGu7Lxs3FaIweVocdpEXRME7+Lfg6KE1hn5KohnaCb7igp2IE3uYR8ftF zagQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=uYemRAgVTJFGahU1zMfb1n2EMnLkr+SSlEuKQqgKmLY=; b=ouM4/iKv8LhBujO4bulyXo5psCWvxiRjDGT860N+ltf/mtFsHUL2m2pPqUFRvwae8S 2EbVCe/QIPSMNTCD54BGte6TfLVi7kUepvvVE1KJJhl7jOjiFJRHh+IbBZOgwG84iSbw XCPL9+9SGpAh5ruk7dF3+SKHBJI4meU2RoS9kF2A6q3Pj2nB3k/piA6mg+acnuKcR6L6 ShuyLnlx/ysyp/cjpE2ywvTu1sqm2vPJqImPOWV2NKCgZQqoLrWCwlTCHncoppiIwK69 2x2cHKwcsA7dFOXF+C7i+5agexTmBODYHQ0wfViEjEtC1xtIixNoGBqZ9Gc7lZJ+QFfq z9Ag== X-Gm-Message-State: APjAAAWhfSnP6sbd2Tc3uy7+ZqS5AlQGy/TnwoKXQaO8FaJ/jqkR29VP Z/YWucNVG9jU52PSHfwdvK10vJmaWQ+fgiUzlbiKEg== X-Google-Smtp-Source: APXvYqy7ER6okO+DXR1Hn9BcNwumz/DBgYufWQnxxDJBMiaFaOCwvLdckGZ0KGbfYqsKbYK+Droz0kzG4KKcv0gh0DEQqA== X-Received: by 2002:ab0:65c7:: with SMTP id n7mr16136307uaq.3.1553551818764; Mon, 25 Mar 2019 15:10:18 -0700 (PDT) Date: Mon, 25 Mar 2019 15:09:35 -0700 In-Reply-To: <20190325220954.29054-1-matthewgarrett@google.com> Message-Id: <20190325220954.29054-9-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190325220954.29054-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog Subject: [PATCH 08/27] hibernate: Disable when the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, Josh Boyer , rjw@rjwysocki.net, pavel@ucw.cz, linux-pm@vger.kernel.org, Matthew Garrett Sender: linux-pm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-pm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Josh Boyer There is currently no way to verify the resume image when returning from hibernate. This might compromise the signed modules trust model, so until we can work with signed hibernate images we disable it when the kernel is locked down. Signed-off-by: Josh Boyer Signed-off-by: David Howells Cc: rjw@rjwysocki.net Cc: pavel@ucw.cz cc: linux-pm@vger.kernel.org Signed-off-by: Matthew Garrett --- kernel/power/hibernate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c index abef759de7c8..802795becb88 100644 --- a/kernel/power/hibernate.c +++ b/kernel/power/hibernate.c @@ -70,7 +70,7 @@ static const struct platform_hibernation_ops *hibernation_ops; bool hibernation_available(void) { - return (nohibernate == 0); + return nohibernate == 0 && !kernel_is_locked_down("Hibernation"); } /** From patchwork Mon Mar 25 22:09:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Garrett X-Patchwork-Id: 10870237 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 7631B14DE for ; Mon, 25 Mar 2019 22:12:31 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 64DB728C1D for ; Mon, 25 Mar 2019 22:12:31 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 58ECE29053; Mon, 25 Mar 2019 22:12:31 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A3A542905C for ; Mon, 25 Mar 2019 22:12:29 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730273AbfCYWM2 (ORCPT ); Mon, 25 Mar 2019 18:12:28 -0400 Received: from mail-qk1-f201.google.com ([209.85.222.201]:38390 "EHLO mail-qk1-f201.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730821AbfCYWKW (ORCPT ); Mon, 25 Mar 2019 18:10:22 -0400 Received: by mail-qk1-f201.google.com with SMTP id c67so9960463qkg.5 for ; Mon, 25 Mar 2019 15:10:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=xS16JMOxZwcG/rVliMetOoh+ZZR4mUKe0/mNdxJ1B6I=; b=rFLwckKvnZaBZEGlLyTz4YcQ5TpfXquDDLFv8EpNBBi8bl0H0aSpKbKlPmFsmJzv88 3s6m1iSnNGuRtAX7+GNWd2g9ka8O638ik4FPSJBJV5pRYd6bDqXfhUVknENqAjwj4phg ZBeThTpXCyvDIvKExlijnHhU7emouiyrTRHxYNNujKIPbNen6HUgDtriMiWILJkoVwSA VVGV8s5Vdp2kHgLsYghn2sBzhcQ4djG3Mg4picl1KnN4fEcpD276WFgQ7ohf4Qa5elqa AgffeNZduS1YSvn0RL82wvaNQg89a0p0VKGWQ4w6kG9QkJsl5oAYX7uvYcn10rHNeQC/ FZkA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=xS16JMOxZwcG/rVliMetOoh+ZZR4mUKe0/mNdxJ1B6I=; b=mSrgYrz72TwOiAlmAcK/GneXe7Cs3MKNxK/W9QzIgGmQR14e7PjgkW1nVSMNz4Z877 EVDKM7An6r8MTvm2r43dgZcT1uQlQkikD16q9HVg01xV+2W9ppa/xvno6YTLlq1ITRyX 9YfR2d+7sKLCXMSgx6xo8wA5aUGFVRa5eU4fkGQZfKaF4w8Or3h7O0NiQxNHTVfCMAZ4 3T0y+11s2bxeLH/GBReMX6AClb8ZQqu35AGLoM4kmbf93qXOz4xDCZExD4LBV5ohDGEG r7IDzB512YccZiqBAC3vpYT325bLqGXbOnhbUowOdCU23nYx1iBoTcLvDsQVLJYJTRok yd1Q== X-Gm-Message-State: APjAAAUzS8vfBulMbgzf/WFnE9JH8dcSgN8QwHXjxTp4SnnIct//awHQ aus1Gymvx6GgaKyJPmX3sRn5QJP5ke6kiYkCwn/Z0g== X-Google-Smtp-Source: APXvYqzfwaoEvZ9qoFwlYj2A15EF/8fYD/EBKL5NEF9CZBOvMhdvlUypidpDWMgq04f0j1uGmMifcELa/DdB3HnIghzi7g== X-Received: by 2002:a0c:8aad:: with SMTP id 42mr23012965qvv.247.1553551821400; Mon, 25 Mar 2019 15:10:21 -0700 (PDT) Date: Mon, 25 Mar 2019 15:09:36 -0700 In-Reply-To: <20190325220954.29054-1-matthewgarrett@google.com> Message-Id: <20190325220954.29054-10-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190325220954.29054-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog Subject: [PATCH 09/27] uswsusp: Disable when the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, Matthew Garrett , James Morris , linux-pm@vger.kernel.org, pavel@ucw.cz, rjw@rjwysocki.net, Matthew Garrett Sender: linux-pm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-pm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Matthew Garrett uswsusp allows a user process to dump and then restore kernel state, which makes it possible to modify the running kernel. Disable this if the kernel is locked down. Signed-off-by: Matthew Garrett Signed-off-by: David Howells Reviewed-by: James Morris cc: linux-pm@vger.kernel.org Cc: pavel@ucw.cz Cc: rjw@rjwysocki.net Signed-off-by: Matthew Garrett --- kernel/power/user.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/power/user.c b/kernel/power/user.c index 2d8b60a3c86b..0305d513c274 100644 --- a/kernel/power/user.c +++ b/kernel/power/user.c @@ -52,6 +52,9 @@ static int snapshot_open(struct inode *inode, struct file *filp) if (!hibernation_available()) return -EPERM; + if (kernel_is_locked_down("/dev/snapshot")) + return -EPERM; + lock_system_sleep(); if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {