Page MenuHomeFreeBSD
Differential D56580

kexec: Disallow kexec_load if securelevel > 0
ClosedPublic
Actions

Authored by jhibbits on Apr 22 2026, 3:52 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, May 15, 7:28 AM
Unknown Object (File)
Thu, May 14, 2:56 PM
Unknown Object (File)
Thu, May 14, 11:47 AM
Unknown Object (File)
Thu, May 14, 5:48 AM
Unknown Object (File)
Tue, May 12, 2:06 PM
Unknown Object (File)
Mon, May 11, 6:28 AM
Unknown Object (File)
Mon, May 11, 2:41 AM
Unknown Object (File)
Fri, May 8, 10:38 AM
View All 22 Files
Subscribers
imp
olce

Details

Reviewers
markj
Commits
rGe3e8ec2ab620: kexec: Disallow kexec_load if securelevel > 0
Summary

kexec_load() + reboot is intended to be equivalent to a system reboot.
However kexec_load() can load arbitrary data as the target kernel,
leading to execution of arbitrary code, even though it's effectively in
a new context. Rather than being equivalent to a system reboot, it's
also equivalent to kldload(), which loads arbitrary code into the
running kernel. Since kldload() is blocked at securelevel 1, also block
kexec_load().

Reported by: markj
Fixes: e02c57ff3 ("kern: Introduce kexec system feature (MI)")
MFC after: 2 weeks
Sponsored by: Hewlett Packard Enterprise

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhibbits created this revision.Apr 22 2026, 3:52 PM
Herald added subscribers: olce, imp. · View Herald TranscriptApr 22 2026, 3:52 PM
jhibbits requested review of this revision.Apr 22 2026, 3:52 PM
Harbormaster completed remote builds in B72448: Diff 176118.Apr 22 2026, 3:52 PM
markj accepted this revision.Apr 22 2026, 4:05 PM

MFC after: 2 weeks

It looks like kexec was never MFCed?

This revision is now accepted and ready to land.Apr 22 2026, 4:05 PM
jhibbits added a comment.Apr 22 2026, 4:26 PM
In D56580#1295238, @markj wrote:

MFC after: 2 weeks

It looks like kexec was never MFCed?

Oops, I thought I had gotten kexec_load in just before stable/15 branched, but guess not. No need to MFC, then.

Closed by commit rGe3e8ec2ab620: kexec: Disallow kexec_load if securelevel > 0 (authored by jhibbits). · Explain WhyApr 22 2026, 4:30 PM
This revision was automatically updated to reflect the committed changes.
jhibbits added a commit: rGe3e8ec2ab620: kexec: Disallow kexec_load if securelevel > 0.

Revision Contents
Changeset List

PathSize
sys/
kern/
3 lines

Diff 176119

View Options

sys/kern/kern_kexec.c

Loading...