From patchwork Tue Mar 26 18:27:24 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Garrett X-Patchwork-Id: 10871935 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D070113B5 for ; Tue, 26 Mar 2019 18:28:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BD39328DD7 for ; Tue, 26 Mar 2019 18:28:19 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id B16D028DF9; Tue, 26 Mar 2019 18:28:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 040F928DD7 for ; Tue, 26 Mar 2019 18:28:19 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732654AbfCZS2Q (ORCPT ); Tue, 26 Mar 2019 14:28:16 -0400 Received: from mail-yw1-f73.google.com ([209.85.161.73]:46845 "EHLO mail-yw1-f73.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732648AbfCZS2Q (ORCPT ); Tue, 26 Mar 2019 14:28:16 -0400 Received: by mail-yw1-f73.google.com with SMTP id g6so19757422ywa.13 for ; Tue, 26 Mar 2019 11:28:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=F7gwrLqBhitPmGCH3yDZVQC7NL1DApaJvsgcGKz9XZw=; b=hd/qJI5pj21wdEXiN1GwGQHBvVWEtmSPOfLn12fiaFf2w7nNYsYJpe9u8ow9/Re1Kb FvKsZkCo/b0GsFfWFuz7eAQFgkAyaD1YtMu/MyusFUzAhdYBGkZWIj1S+E8fN9DnaUae L8FwSMa5O7X9SlCg7DEGpzVPkBfeq+h0Wz6MqDxvDPB424xtQc9WmiNTOO+jUGewUNHD lpCXH7AOi+wpEp3OI9bXgjF1sBIcv8UIJnzzt+rmTvkH36pdxeTNEvndnDJ1OpSY/cAA rOexpy+QRByAQot5nHETdAlDEtaJ3PrSaljT6cRrg+ws0ERdZzfzb5mmKZf2MqHgiBKm t7vA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=F7gwrLqBhitPmGCH3yDZVQC7NL1DApaJvsgcGKz9XZw=; b=WCKmp2yvDanatzbgpbUsmJMtwT+Ic/PupTJ6gxCGr5zGwmUgmnqLqc6CLa4fXKbyPE 6BuP0yKfsUhakNTdK4FFdUqnCALQm4QRFV9V6ZzHbLZx6x0Bs3agYLiHm+ZkxyiM8w2R iTnZl5aDbbaaC6KWETs+pXf5w5XaTn1jv0Il7CS+nzvkUwU5u/ubJOikR0+kBzrCCnp5 mnZNSaYMwwQin+PdCNnTvUCnIi0Sl+wpaGa/ezCbo2QOmAJoX0DYCRYAmsUBvdLldIEk eSl3oo74btgCTJw5slwyFwBNc/V46WtEkPXQuhoWnlxxub4RagyJqWjm4vCFRzwgjBLZ 4X7Q== X-Gm-Message-State: APjAAAXMWBX7WPT8sccuQmE/V9Pkmr3yZyEIxU9G/T20btAHP9JYJinw YHxMsSWFeLyLiQrKj+BC8pXHDPwG1sSkD3e25VoKAg== X-Google-Smtp-Source: APXvYqz53lg90CRAmq2n9UPcuRM+Zbwo5prjfkTYkHVgr5i0xCngmc0ofLZBkRfHjvHhL+zyIQ3AzU157vWcCX9jyM6hWw== X-Received: by 2002:a81:3c90:: with SMTP id j138mr27011505ywa.276.1553624895457; Tue, 26 Mar 2019 11:28:15 -0700 (PDT) Date: Tue, 26 Mar 2019 11:27:24 -0700 In-Reply-To: <20190326182742.16950-1-matthewgarrett@google.com> Message-Id: <20190326182742.16950-9-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190326182742.16950-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog Subject: [PATCH V31 08/25] hibernate: Disable when the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, linux-api@vger.kernel.org, luto@kernel.org, Josh Boyer , Matthew Garrett , rjw@rjwysocki.net, pavel@ucw.cz, linux-pm@vger.kernel.org Sender: linux-pm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-pm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Josh Boyer There is currently no way to verify the resume image when returning from hibernate. This might compromise the signed modules trust model, so until we can work with signed hibernate images we disable it when the kernel is locked down. Signed-off-by: Josh Boyer Signed-off-by: David Howells Signed-off-by: Matthew Garrett Cc: rjw@rjwysocki.net Cc: pavel@ucw.cz cc: linux-pm@vger.kernel.org --- kernel/power/hibernate.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/kernel/power/hibernate.c b/kernel/power/hibernate.c index abef759de7c8..928b198cfa26 100644 --- a/kernel/power/hibernate.c +++ b/kernel/power/hibernate.c @@ -70,7 +70,8 @@ static const struct platform_hibernation_ops *hibernation_ops; bool hibernation_available(void) { - return (nohibernate == 0); + return nohibernate == 0 && !kernel_is_locked_down("Hibernation", + LOCKDOWN_INTEGRITY); } /** From patchwork Tue Mar 26 18:27:25 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Matthew Garrett X-Patchwork-Id: 10871937 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id C0EEE13B5 for ; Tue, 26 Mar 2019 18:28:20 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AE2BB28DD7 for ; Tue, 26 Mar 2019 18:28:20 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A1F8E28DF9; Tue, 26 Mar 2019 18:28:20 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.5 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI, USER_IN_DEF_DKIM_WL autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4AD3C28DD7 for ; Tue, 26 Mar 2019 18:28:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732642AbfCZS2T (ORCPT ); Tue, 26 Mar 2019 14:28:19 -0400 Received: from mail-qt1-f202.google.com ([209.85.160.202]:50373 "EHLO mail-qt1-f202.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732664AbfCZS2T (ORCPT ); Tue, 26 Mar 2019 14:28:19 -0400 Received: by mail-qt1-f202.google.com with SMTP id g17so14394285qte.17 for ; Tue, 26 Mar 2019 11:28:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=UWUYbOZniscPzPib57I8cPwH1j1zNPSziYufzU02lOY=; b=Oz9kzY7d3lv55fVkI6Kb0Gzd3zJwJVSAVP1ulUaw9XyfUgwUTFQ69SW1TpPJkSkz4I 8NUL2BguYiSmd8NFIwTgZKd7UB7lU8F2hm+SV82c1BpjE00Nve3eEAV5dCvYM6U0Adft 8cHrLisTQIpYkEfVr7pSsB7vKPAWYQArSJSuLNv7EWxW+QmxHN7LZdgApdkQI107/Ow2 GZ3GQday6ZqELcHEK3ZUIq2VgMJhr6I6/cma2bxfcIUaCW826/CfZVTmkThJ3vczr5og R+xZyn2RY8eloJabWhb+3U23suPmtoBLFDiFAW2oz2cFDyDctnrk/MCbULdQ+P4rFbUa 32UQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=UWUYbOZniscPzPib57I8cPwH1j1zNPSziYufzU02lOY=; b=P2ZqNmkhQLwKksG4/ufHaXPF020YAYbxZU8YzkTUdskg41s7UR1R863qDBKdnfqjhY yxwHcxHG3MhbIp9BGIYnENOCCRz0FeiChBp5f0vGzcNpQLOKjhmnxVPyPsc2gxuoPKgZ hAM8lHggJ+cBIEpEu42Cw+QCJVlLRAczD363uDYJcqLcZXxpJ/J7cUS1nxzamTa1pRsj 59/vxWj/ANJm6ViwLg8l0D6MMYM4h4dsVeaEqkU6SQeMOAhXmWQOcoBXWBT+jaI0yYY8 Mzjb113JcP6qiwGaEYsrNIvqZWG5tmQ57oW3VeFKGVBKD7sSsMXFFucvsIuLR2UrR6ww UDJg== X-Gm-Message-State: APjAAAU109z9pb1xMWc/U4AtCkmtBkZeiS6w5bjJzcGouv0k3ygkInNu A6cdjYQEOrOlGIph/aSS8IWyYYH9Q04BVr84sIEqGw== X-Google-Smtp-Source: APXvYqy8T5iMSU8bRAJDeiOYdZ+vf7wI+oEKQds8Wx9UYe7VIOiL7DRxsniEJLG6jiM0ADBnIZ62Ujuch6uEFVoBA5UeiQ== X-Received: by 2002:ac8:1091:: with SMTP id a17mr25977158qtj.135.1553624898035; Tue, 26 Mar 2019 11:28:18 -0700 (PDT) Date: Tue, 26 Mar 2019 11:27:25 -0700 In-Reply-To: <20190326182742.16950-1-matthewgarrett@google.com> Message-Id: <20190326182742.16950-10-matthewgarrett@google.com> Mime-Version: 1.0 References: <20190326182742.16950-1-matthewgarrett@google.com> X-Mailer: git-send-email 2.21.0.392.gf8f6787159e-goog Subject: [PATCH V31 09/25] uswsusp: Disable when the kernel is locked down From: Matthew Garrett To: jmorris@namei.org Cc: linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, dhowells@redhat.com, linux-api@vger.kernel.org, luto@kernel.org, Matthew Garrett , Matthew Garrett , linux-pm@vger.kernel.org, pavel@ucw.cz, rjw@rjwysocki.net Sender: linux-pm-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-pm@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP From: Matthew Garrett uswsusp allows a user process to dump and then restore kernel state, which makes it possible to modify the running kernel. Disable this if the kernel is locked down. Signed-off-by: David Howells Signed-off-by: Matthew Garrett cc: linux-pm@vger.kernel.org Cc: pavel@ucw.cz Cc: rjw@rjwysocki.net --- kernel/power/user.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/power/user.c b/kernel/power/user.c index 2d8b60a3c86b..99e13fd13237 100644 --- a/kernel/power/user.c +++ b/kernel/power/user.c @@ -52,6 +52,9 @@ static int snapshot_open(struct inode *inode, struct file *filp) if (!hibernation_available()) return -EPERM; + if (kernel_is_locked_down("/dev/snapshot", LOCKDOWN_INTEGRITY)) + return -EPERM; + lock_system_sleep(); if (!atomic_add_unless(&snapshot_device_available, -1, 0)) {