From: Matthew Garrett <mjg59@srcf.ucam.org>
Date: Fri, 9 Aug 2013 07:33:56 +0000 (-0400)
Subject: kexec: Disable at runtime if securelevel has been set.
X-Git-Tag: archive/raspbian/4.9.82-1+deb9u3+rpi1_jessie~8^2~43
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=f6d1505f8f1f6437b9285064a9b8423ad23f9375;p=linux-4.9.git

kexec: Disable at runtime if securelevel has been set.

kexec permits the loading and execution of arbitrary code in ring 0, which
permits the modification of the running kernel. Prevent this if securelevel
has been set.

Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>

Gbp-Pq: Topic features/all/securelevel
Gbp-Pq: Name kexec-disable-at-runtime-if-securelevel-has-been-set.patch
---

diff --git a/kernel/kexec.c b/kernel/kexec.c
index 980936a90ee6..6f645e51c77e 100644
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -17,6 +17,7 @@
 #include <linux/syscalls.h>
 #include <linux/vmalloc.h>
 #include <linux/slab.h>
+#include <linux/security.h>
 
 #include "kexec_internal.h"
 
@@ -193,6 +194,9 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
 	if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
 		return -EPERM;
 
+	if (get_securelevel() > 0)
+		return -EPERM;
+
 	/*
 	 * Verify we have a legal set of flags
 	 * This leaves us room for future extensions.