kexec: Disable at runtime if securelevel has been set.

kexec permits the loading and execution of arbitrary code in ring 0, which permits the modification of the running kernel. Prevent this if securelevel has been set. Signed-off-by: Matthew Garrett <mjg59@srcf.ucam.org>
mjg59 · Apr 3, 2016 · ec87b6a · ec87b6a
1 parent 9524fad
commit ec87b6a
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/kernel/kexec.c b/kernel/kexec.c
@@ -17,6 +17,7 @@
 #include <linux/syscalls.h>
 #include <linux/vmalloc.h>
 #include <linux/slab.h>
+#include <linux/security.h>
 
 #include "kexec_internal.h"
 
@@ -134,6 +135,9 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
 	if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
 		return -EPERM;
 
+	if (get_securelevel() > 0)
+		return -EPERM;
+
 	/*
 	 * Verify we have a legal set of flags
 	 * This leaves us room for future extensions.