On Mon, Aug 19, 2013 at 01:26:09PM -0400, Matthew Garrett wrote: > kexec permits the loading and execution of arbitrary code in ring 0, which > is something that module signing enforcement is meant to prevent. It makes > sense to disable kexec in this situation. > > Signed-off-by: Matthew Garrett <[email protected]> > --- > kernel/kexec.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/kernel/kexec.c b/kernel/kexec.c > index 59f7b55..1a7690f 100644 > --- a/kernel/kexec.c > +++ b/kernel/kexec.c > @@ -32,6 +32,7 @@ > #include <linux/vmalloc.h> > #include <linux/swap.h> > #include <linux/syscore_ops.h> > +#include <linux/module.h> > > #include <asm/page.h> > #include <asm/uaccess.h> > @@ -1645,6 +1646,9 @@ int kernel_kexec(void) > goto Unlock; > } > > + if (secure_modules()) > + return -EPERM; > +
Hi Matthew, Why do disallow this at run time. To me denying this at kexec_load() time sounds better. Otherwise a user will think that I loaded crash kernel successfully and when crash actually happens, we never capture the crash dump. Thanks Vivek -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
