linux-stable/Documentation
Kees Cook 7984754b99 kexec: add sysctl to disable kexec_load
For general-purpose (i.e.  distro) kernel builds it makes sense to build
with CONFIG_KEXEC to allow end users to choose what kind of things they
want to do with kexec.  However, in the face of trying to lock down a
system with such a kernel, there needs to be a way to disable kexec_load
(much like module loading can be disabled).  Without this, it is too easy
for the root user to modify kernel memory even when CONFIG_STRICT_DEVMEM
and modules_disabled are set.  With this change, it is still possible to
load an image for use later, then disable kexec_load so the image (or lack
of image) can't be altered.

The intention is for using this in environments where "perfect"
enforcement is hard.  Without a verified boot, along with verified
modules, and along with verified kexec, this is trying to give a system a
better chance to defend itself (or at least grow the window of
discoverability) against attack in the face of a privilege escalation.

In my mind, I consider several boot scenarios:

1) Verified boot of read-only verified root fs loading fd-based
   verification of kexec images.
2) Secure boot of writable root fs loading signed kexec images.
3) Regular boot loading kexec (e.g. kcrash) image early and locking it.
4) Regular boot with no control of kexec image at all.

1 and 2 don't exist yet, but will soon once the verified kexec series has
landed.  4 is the state of things now.  The gap between 2 and 4 is too
large, so this change creates scenario 3, a middle-ground above 4 when 2
and 1 are not possible for a system.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Rik van Riel <riel@redhat.com>
Cc: Vivek Goyal <vgoyal@redhat.com>
Cc: Eric Biederman <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2014-01-23 16:37:03 -08:00
..
ABI f2fs updates for v3.14 2014-01-23 09:21:09 -08:00
accounting
acpi GPIO tree bulk changes for v3.14 2014-01-21 10:09:12 -08:00
aoe aoe: remove do-nothing NAME="%k" term from example udev rules 2013-09-11 15:59:28 -07:00
arm gpio: samsung: Update documentation 2014-01-07 19:00:59 +01:00
arm64 arm64: Use 42-bit address space with 64K pages 2013-11-05 17:23:52 +00:00
auxdisplay
backlight backlight: lp855x_bl: support new LP8555 device 2013-11-13 12:09:14 +09:00
blackfin
block null_blk: set use_per_node_hctx param to false 2013-12-21 09:30:33 -07:00
blockdev Documentation/blockdev/ramdisk.txt: updates 2014-01-23 16:37:01 -08:00
bus-devices
cdrom
cgroups doc: cgroups: Fix typo in doc/cgroups 2013-12-31 07:33:38 -05:00
connector connector - documentation: simplify netlink message length assignment 2013-10-02 16:03:51 -04:00
console
cpu-freq cpufreq: Implement light weight ->target_index() routine 2013-10-25 22:42:24 +02:00
cpuidle cpuidle: remove cpuidle_unregister_governor() 2013-10-30 01:21:24 +01:00
cris
crypto
development-process
device-mapper dm cache: add policy name to status output 2014-01-16 13:44:11 -05:00
devicetree dt-bindings: add hym8563 binding 2014-01-23 16:36:59 -08:00
DocBook Merge branch 'master' into for-next 2013-12-19 15:08:32 +01:00
driver-model Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-01-22 21:21:55 -08:00
dvb
early-userspace Documentation: remove reference to 2.7 kernel in early-userspace 2013-08-20 12:47:28 +02:00
EDID
extcon extcon: fix switch class porting guide (Documentation) 2014-01-07 11:54:28 +09:00
fault-injection
fb Documentation/fb/viafb.modes fix a typo 2013-08-20 12:41:11 +02:00
filesystems Documentation/filesystems/00-INDEX: updates 2014-01-23 16:37:01 -08:00
firmware_class
fmc doc: Fix typo "is is" in Documentations 2013-08-27 10:50:52 +02:00
frv
gpio gpiolib: return -ENOENT if no GPIO mapping exists 2013-12-12 19:33:59 +01:00
hid
hwmon Merge branch 'hwmon-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jdelvare/staging 2013-11-15 16:35:10 -08:00
i2c Documentation: i2c: Remove obsolete example 2014-01-09 23:02:46 +01:00
i2o
ia64
ide
infiniband
input Input: clarify gamepad API ABS values 2013-10-15 23:42:07 -07:00
ioctl ALSA: add DICE driver 2013-10-17 21:18:32 +02:00
isdn
ja_JP Documentation: ja_JP: Update broken link to tpp 2013-12-10 23:09:08 -08:00
kbuild Documentation/kbuild/kconfig.txt: 'make listnewconfig' replaces: yes "" | make oldconfig 2013-10-08 23:51:50 +02:00
kdump
kmsg/s390 s390/zcrypt: add support for EP11 coprocessor cards 2013-12-18 17:37:15 +01:00
ko_KR Documentation: HOWTO: Updates on subsystem trees, patchwork, -next (vs. -mm) in ko_KR 2014-01-08 15:32:51 -08:00
laptops Documentation: Fix size parameter for snprintf 2014-01-02 10:47:33 +01:00
leds Documentation: leds-lp5521,lp5523: update device attribute information 2013-08-26 17:22:13 -07:00
m68k
make
memory-devices
metag
mic misc: mic: Fix endianness issues. 2013-11-27 11:03:38 -08:00
mips
misc-devices Documentation/misc-devices/mei/mei-amt-version.c: remove unneeded call of mei_deinit() 2014-01-08 15:20:20 -08:00
mmc
mn10300
mtd doc: Fix typo "is is" in Documentations 2013-08-27 10:50:52 +02:00
namespaces
netlabel
networking ipv4: improve documentation of ip_no_pmtu_disc 2013-12-17 15:20:15 -05:00
nfc
parisc
PCI Merge branch 'pci/msi' into next 2014-01-07 17:34:39 -07:00
pcmcia
power More ACPI and power management updates for 3.13-rc1 2013-11-20 13:25:04 -08:00
powerpc powerpc: Update the 00-Index in Documentation/powerpc 2013-08-27 14:44:27 +10:00
pps USB: serial: invoke dcd_change ldisc's handler. 2013-09-26 09:45:40 -07:00
prctl
pti
ptp ptp: add the PTP_SYS_OFFSET ioctl to the testptp program 2013-09-23 16:46:17 -04:00
rapidio
RCU Merge branches 'doc.2013.12.03a', 'fixes.2013.12.12a', 'rcutorture.2013.12.03a' and 'sparse.2013.12.12a' into HEAD 2013-12-12 12:35:38 -08:00
s390 s390/s390dbf: add debug_level_enabled() function 2013-10-24 17:16:53 +02:00
scheduler H8/300 has been dead for several years, the kernel for it has 2013-11-12 14:13:14 +09:00
scsi [SCSI] Update documentation 2013-12-19 07:39:03 -08:00
security ima: update IMA-templates.txt documentation 2014-01-03 07:42:59 -05:00
serial serial: core: delete .set_wake() callback 2013-10-16 13:16:19 -07:00
sh
sound ASoC: docs: Update the Overview document 2014-01-07 17:56:32 +00:00
spi spi/documentation: Fix usage of __initdata 2013-08-20 12:52:28 +02:00
sysctl kexec: add sysctl to disable kexec_load 2014-01-23 16:37:03 -08:00
target target: Remove TF_CIT_TMPL macro 2013-10-16 13:35:02 -07:00
thermal thermal: thermal_core: allow binding with limits on bind_params 2013-09-03 09:10:24 -04:00
timers doc: add missing files to timers/00-INDEX 2013-10-27 21:55:50 +00:00
tpm
trace Documentation/trace/postprocess/trace-vmscan-postprocess.pl: fix the traceevent regex 2014-01-23 16:36:52 -08:00
usb doc: Fix typo in USB Gadget Documentation 2014-01-10 15:33:54 +01:00
vDSO
video4linux [media] V4L: Add support for integer menu controls with standard menu items 2013-08-18 07:12:59 -03:00
virtual Merge tag 'kvm-arm-for-3.14' of git://git.linaro.org/people/christoffer.dall/linux-kvm-arm into kvm-queue 2014-01-15 12:14:29 +01:00
vm mm: documentation: remove hopelessly out-of-date locking doc 2014-01-23 16:36:50 -08:00
w1
watchdog
wimax
x86 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-01-22 21:21:55 -08:00
xtensa
zh_CN Documentation: zh_CN: Update broken link to tpp 2013-12-10 23:09:08 -08:00
.gitignore
00-INDEX doc: fix a typo in Documentation/00-INDEX 2013-08-27 10:53:07 +02:00
applying-patches.txt
assoc_array.txt KEYS: Fix multiple key add into associative array 2013-12-02 11:24:18 +00:00
atomic_ops.txt
bad_memory.txt
basic_profiling.txt
bcache.txt
binfmt_misc.txt
braille-console.txt
bt8xxgpio.txt
btmrvl.txt
BUG-HUNTING
bus-virt-phys-mapping.txt
cachetlb.txt Documentation: fix typo and update version in cachetlb.txt 2013-08-20 12:46:52 +02:00
Changes remove obsolete references to powertweak 2013-11-27 20:34:32 -08:00
circular-buffers.txt documentation: Update circular buffer for load-acquire/store-release 2013-12-03 10:08:57 -08:00
clk.txt clk: add support for clock reparent on set_rate 2013-08-19 12:27:17 -07:00
coccinelle.txt
CodingStyle
cpu-hotplug.txt Documentation/cpu-hotplug.txt: fix a typo in example code 2014-01-23 16:37:01 -08:00
cpu-load.txt
cputopology.txt doc: Documentation/cputopology.txt fix typo 2013-09-04 12:59:47 +02:00
crc32.txt
dcdbas.txt
debugging-modules.txt
debugging-via-ohci1394.txt
dell_rbu.txt
devices.txt cuse: add fix minor number to /dev/cuse 2013-10-01 16:44:54 +02:00
digsig.txt
DMA-API-HOWTO.txt DMA-API: provide a helper to set both DMA and coherent DMA masks 2013-09-17 15:32:37 +01:00
DMA-API.txt DMA-API: provide a helper to set both DMA and coherent DMA masks 2013-09-17 15:32:37 +01:00
DMA-attributes.txt doc: Documentation/DMA-attributes.txt fix typo 2013-10-14 15:50:53 +02:00
dma-buf-sharing.txt dma-buf: Expose buffer size to userspace (v2) 2013-09-10 11:36:45 +05:30
DMA-ISA-LPC.txt
dmaengine.txt
dmatest.txt dmatest: add a 'wait' parameter 2013-11-14 11:04:40 -08:00
dontdiff
dynamic-debug-howto.txt dynamic-debug-howto.txt: update since new wildcard support 2014-01-23 16:36:55 -08:00
edac.txt
efi-stub.txt doc: Fix trivial spelling mistake in efi-stub.txt 2013-12-19 15:09:14 +01:00
eisa.txt
email-clients.txt doc: fix some typos 2013-12-02 14:48:28 +01:00
flexible-arrays.txt
futex-requeue-pi.txt
gcov.txt gcov: compile specific gcov implementation based on gcc version 2013-11-13 12:09:34 +09:00
highuid.txt
HOWTO Documentation: HOWTO: Update broken links to tpp 2013-12-10 23:09:08 -08:00
hw_random.txt
hwspinlock.txt doc: documentation/hwspinlock.txt fix typo 2013-08-27 10:46:02 +02:00
init.txt
initrd.txt
Intel-IOMMU.txt
intel_txt.txt
io-mapping.txt doc: fix some typos 2013-12-02 14:48:28 +01:00
io_ordering.txt
iostats.txt
IPMI.txt
IRQ-affinity.txt doc: fix a typo about irq affinity 2013-08-20 12:59:18 +02:00
IRQ-domain.txt doc: fix some typos 2013-12-02 14:48:28 +01:00
IRQ.txt
irqflags-tracing.txt
isapnp.txt
java.txt
kernel-doc-nano-HOWTO.txt
kernel-docs.txt
kernel-parameters.txt doc/kmemcheck: add kmemcheck to kernel-parameters 2014-01-23 16:36:53 -08:00
kernel-per-CPU-kthreads.txt kthread: Add pointer to vmstat-avoidance patch 2013-09-25 06:49:46 -07:00
kmemcheck.txt Documentation/kmemcheck: update kmemcheck documentation 2013-08-27 10:47:05 +02:00
kmemleak.txt
kobject.txt kobject: remove kset from sysfs immediately in kset_unregister() 2013-12-07 21:20:11 -08:00
kprobes.txt
kref.txt
ldm.txt
local_ops.txt
lockdep-design.txt
lockstat.txt lockstat: Report avg wait and hold times 2013-10-09 08:19:08 +02:00
lockup-watchdogs.txt
logo.gif
logo.txt
magic-number.txt
Makefile
ManagementStyle
md.txt doc: fix some typos in documentations 2013-12-02 14:45:19 +01:00
media-framework.txt
memory-barriers.txt locking/doc: Rename LOCK/UNLOCK to ACQUIRE/RELEASE 2014-01-12 10:37:13 +01:00
memory-hotplug.txt Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-09-06 09:36:28 -07:00
module-signing.txt Add Documentation/module-signing.txt file 2013-12-13 15:59:11 +00:00
mono.txt
mutex-design.txt locking/doc: Update references to kernel/mutex.c 2013-11-11 12:41:33 +01:00
nommu-mmap.txt
numastat.txt
oops-tracing.txt
padata.txt
parport-lowlevel.txt
parport.txt
percpu-rw-semaphore.txt
phy.txt drivers: phy: add generic PHY framework 2013-09-27 17:35:41 -07:00
pi-futex.txt
pinctrl.txt pinctrl: Fix some typos and grammar issues in the documentation 2014-01-15 13:59:50 +01:00
pnp.txt
preempt-locking.txt
printk-formats.txt vsprintf: add %pad extension for dma_addr_t use 2014-01-23 16:36:56 -08:00
pwm.txt Documentation/pwm: Fix trivial typos 2013-10-24 10:51:33 +02:00
ramoops.txt
rbtree.txt
remoteproc.txt
rfkill.txt doc: fix some typos in documentations 2013-12-02 14:45:19 +01:00
robust-futex-ABI.txt Documentation/robust-futex-API: Count properly to 4 2013-11-30 14:08:28 +01:00
robust-futexes.txt
rpmsg.txt
rt-mutex-design.txt doc: fix some typos in documentations 2013-12-02 14:45:19 +01:00
rt-mutex.txt
rtc.txt
SAK.txt
SecurityBugs
serial-console.txt
sgi-ioc4.txt
sgi-visws.txt
SM501.txt
smsc_ece1099.txt
sparse.txt
spinlocks.txt
stable_api_nonsense.txt
stable_kernel_rules.txt
static-keys.txt doc: fix some typos in documentations 2013-12-02 14:45:19 +01:00
SubmitChecklist
SubmittingDrivers
SubmittingPatches Documentation/SubmittingPatches: Request summaries for commit references 2013-08-20 12:58:15 +02:00
svga.txt
sysfs-rules.txt
sysrq.txt sysrq: Allow magic SysRq key functions to be disabled through Kconfig 2013-10-16 13:01:44 -07:00
this_cpu_ops.txt
unaligned-memory-access.txt
unicode.txt
unshare.txt
vfio.txt vfio: fix documentation 2013-09-05 16:36:21 -06:00
VGA-softcursor.txt
vgaarbiter.txt
video-output.txt
vme_api.txt VME: Rename vme_slot_get to avoid confusion with reference counting 2013-12-03 11:15:58 -08:00
volatile-considered-harmful.txt
workqueue.txt workqueue: Correct/Drop references to gcwq in Documentation 2013-08-21 10:32:09 -04:00
ww-mutex-design.txt
xz.txt
zorro.txt zorro/UAPI: Disintegrate include/linux/zorro*.h 2013-11-26 11:09:08 +01:00