]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blobdiff - kernel/kexec.c
projects / mirror_ubuntu-zesty-kernel.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
KVM: PPC: Use preregistered memory API to access TCE list
[mirror_ubuntu-zesty-kernel.git] / kernel / kexec.c
diff --git a/kernel/kexec.c b/kernel/kexec.c
index 980936a90ee6ea0a9f83c195277a7c0705a8bbaa..fce28bf7d5d7eb5db1f5060e78bfaa49bd6970e9 100644 (file)
--- a/kernel/kexec.c
+++ b/kernel/kexec.c
@@ -12,6 +12,7 @@
 #include <linux/mm.h>
 #include <linux/file.h>
 #include <linux/kexec.h>
+#include <linux/module.h>
 #include <linux/mutex.h>
 #include <linux/list.h>
 #include <linux/syscalls.h>
@@ -193,6 +194,13 @@ SYSCALL_DEFINE4(kexec_load, unsigned long, entry, unsigned long, nr_segments,
        if (!capable(CAP_SYS_BOOT) || kexec_load_disabled)
                return -EPERM;
 
+       /*
+        * kexec can be used to circumvent module loading restrictions, so
+        * prevent loading in that case
+        */
+       if (secure_modules())
+               return -EPERM;
+
        /*
         * Verify we have a legal set of flags
         * This leaves us room for future extensions.
ubuntu-zesty-kernel mirror