Page MenuHomeFreeBSD
Differential D56580

kexec: Disallow kexec_load if securelevel > 0
ClosedPublic
Actions

Authored by jhibbits on Apr 22 2026, 3:52 PM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Jun 22, 5:45 PM
Unknown Object (File)
Mon, Jun 22, 3:53 AM
Unknown Object (File)
Sun, Jun 21, 4:04 PM
Unknown Object (File)
Sat, Jun 20, 2:47 AM
Unknown Object (File)
Sun, Jun 14, 10:05 PM
Unknown Object (File)
Fri, Jun 12, 8:10 PM
Unknown Object (File)
Fri, May 29, 11:43 PM
Unknown Object (File)
Fri, May 29, 3:02 AM
View All 32 Files
Subscribers
imp
olce

Details

Reviewers
markj
Commits
rGe3e8ec2ab620: kexec: Disallow kexec_load if securelevel > 0
Summary

kexec_load() + reboot is intended to be equivalent to a system reboot.
However kexec_load() can load arbitrary data as the target kernel,
leading to execution of arbitrary code, even though it's effectively in
a new context. Rather than being equivalent to a system reboot, it's
also equivalent to kldload(), which loads arbitrary code into the
running kernel. Since kldload() is blocked at securelevel 1, also block
kexec_load().

Reported by: markj
Fixes: e02c57ff3 ("kern: Introduce kexec system feature (MI)")
MFC after: 2 weeks
Sponsored by: Hewlett Packard Enterprise

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhibbits created this revision.Apr 22 2026, 3:52 PM
Herald added subscribers: olce, imp. · View Herald TranscriptApr 22 2026, 3:52 PM
jhibbits requested review of this revision.Apr 22 2026, 3:52 PM
Harbormaster completed remote builds in B72448: Diff 176118.Apr 22 2026, 3:52 PM
markj accepted this revision.Apr 22 2026, 4:05 PM

MFC after: 2 weeks

It looks like kexec was never MFCed?

This revision is now accepted and ready to land.Apr 22 2026, 4:05 PM
jhibbits added a comment.Apr 22 2026, 4:26 PM
In D56580#1295238, @markj wrote:

MFC after: 2 weeks

It looks like kexec was never MFCed?

Oops, I thought I had gotten kexec_load in just before stable/15 branched, but guess not. No need to MFC, then.

Closed by commit rGe3e8ec2ab620: kexec: Disallow kexec_load if securelevel > 0 (authored by jhibbits). · Explain WhyApr 22 2026, 4:30 PM
This revision was automatically updated to reflect the committed changes.
jhibbits added a commit: rGe3e8ec2ab620: kexec: Disallow kexec_load if securelevel > 0.

Revision Contents
Changeset List

PathSize
sys/
kern/
3 lines

Diff 176119

View Options

sys/kern/kern_kexec.c

Loading...