Page MenuHomeFreeBSD
Differential D56580

kexec: Disallow kexec_load if securelevel > 0
ClosedPublic
Actions

Authored by jhibbits on Wed, Apr 22, 3:52 PM.
Tags
None
Referenced Files
F154532417: D56580.diff
Tue, Apr 28, 8:29 PM
Unknown Object (File)
Mon, Apr 27, 5:17 PM
Unknown Object (File)
Mon, Apr 27, 4:59 PM
Unknown Object (File)
Mon, Apr 27, 8:37 AM
Unknown Object (File)
Sat, Apr 25, 6:11 AM
Unknown Object (File)
Sat, Apr 25, 6:02 AM
Unknown Object (File)
Fri, Apr 24, 5:41 AM
Unknown Object (File)
Wed, Apr 22, 4:01 PM
Subscribers
imp
olce

Details

Reviewers
markj
Commits
rGe3e8ec2ab620: kexec: Disallow kexec_load if securelevel > 0
Summary

kexec_load() + reboot is intended to be equivalent to a system reboot.
However kexec_load() can load arbitrary data as the target kernel,
leading to execution of arbitrary code, even though it's effectively in
a new context. Rather than being equivalent to a system reboot, it's
also equivalent to kldload(), which loads arbitrary code into the
running kernel. Since kldload() is blocked at securelevel 1, also block
kexec_load().

Reported by: markj
Fixes: e02c57ff3 ("kern: Introduce kexec system feature (MI)")
MFC after: 2 weeks
Sponsored by: Hewlett Packard Enterprise

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhibbits created this revision.Wed, Apr 22, 3:52 PM
Herald added subscribers: olce, imp. · View Herald TranscriptWed, Apr 22, 3:52 PM
jhibbits requested review of this revision.Wed, Apr 22, 3:52 PM
Harbormaster completed remote builds in B72448: Diff 176118.Wed, Apr 22, 3:52 PM
markj accepted this revision.Wed, Apr 22, 4:05 PM

MFC after: 2 weeks

It looks like kexec was never MFCed?

This revision is now accepted and ready to land.Wed, Apr 22, 4:05 PM
jhibbits added a comment.Wed, Apr 22, 4:26 PM
In D56580#1295238, @markj wrote:

MFC after: 2 weeks

It looks like kexec was never MFCed?

Oops, I thought I had gotten kexec_load in just before stable/15 branched, but guess not. No need to MFC, then.

Closed by commit rGe3e8ec2ab620: kexec: Disallow kexec_load if securelevel > 0 (authored by jhibbits). · Explain WhyWed, Apr 22, 4:30 PM
This revision was automatically updated to reflect the committed changes.
jhibbits added a commit: rGe3e8ec2ab620: kexec: Disallow kexec_load if securelevel > 0.

Revision Contents
Changeset List

PathSize
sys/
kern/
3 lines

Diff 176119

View Options

sys/kern/kern_kexec.c

Loading...