From: anton.vorontsov@linaro.org (Anton Vorontsov)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 0/6] KGDB/KDB FIQ (NMI) debugger
Date: Fri, 13 Jul 2012 15:08:49 -0700 [thread overview]
Message-ID: <20120713220849.GA1778@lizard> (raw)
In-Reply-To: <CAMbhsRR6AU2MhX9MO1tV7-Py=sM7jOQdbFP-_WeBhsCL3wGS0A@mail.gmail.com>
On Fri, Jul 13, 2012 at 09:43:45AM -0700, Colin Cross wrote:
[...]
> I was referring to the security implications, not size. Leaving KDB
> on is effectively instant root access over the serial console.
Oh, I see. Yes, for this we'd need to disable all modification commands.
[...]
> > The thing is, we even have a standard sequence for entering KDB,
> > it is GDB-protocol command $3#33, so it actually makes sense to
> > implement this. This would be the only async command, and it doesn't
> > affect anything but the new code. I prepared a separate patch for this.
>
> I would suggest making the sequence longer than just return. A single
> character is not that unlikely to be generated by random noise - I've
> seen multiple devices reboot when the serial console was connected
> because it received a SysRq-Crash (a break is all zeroes, which is
> very common while shorting the lines as the console is plugged in, and
> then random noise sent a 'c').
No no, it's not just return. It is either return or the longer '$3#33'
escape sequence. Default is $3#33, so it should be pretty safe (but of
course we can make it even longer, or even configurable).
Thanks,
--
Anton Vorontsov
Email: cbouatmailru at gmail.com
WARNING: multiple messages have this Message-ID (diff)
From: Anton Vorontsov <anton.vorontsov@linaro.org>
To: Colin Cross <ccross@android.com>
Cc: "Russell King" <linux@arm.linux.org.uk>,
"Jason Wessel" <jason.wessel@windriver.com>,
"Arve Hjønnevåg" <arve@android.com>,
"John Stultz" <john.stultz@linaro.org>,
linux-kernel@vger.kernel.org,
linux-arm-kernel@lists.infradead.org,
linaro-kernel@lists.linaro.org, patches@linaro.org,
kernel-team@android.com, kgdb-bugreport@lists.sourceforge.net
Subject: Re: [PATCH 0/6] KGDB/KDB FIQ (NMI) debugger
Date: Fri, 13 Jul 2012 15:08:49 -0700 [thread overview]
Message-ID: <20120713220849.GA1778@lizard> (raw)
In-Reply-To: <CAMbhsRR6AU2MhX9MO1tV7-Py=sM7jOQdbFP-_WeBhsCL3wGS0A@mail.gmail.com>
On Fri, Jul 13, 2012 at 09:43:45AM -0700, Colin Cross wrote:
[...]
> I was referring to the security implications, not size. Leaving KDB
> on is effectively instant root access over the serial console.
Oh, I see. Yes, for this we'd need to disable all modification commands.
[...]
> > The thing is, we even have a standard sequence for entering KDB,
> > it is GDB-protocol command $3#33, so it actually makes sense to
> > implement this. This would be the only async command, and it doesn't
> > affect anything but the new code. I prepared a separate patch for this.
>
> I would suggest making the sequence longer than just return. A single
> character is not that unlikely to be generated by random noise - I've
> seen multiple devices reboot when the serial console was connected
> because it received a SysRq-Crash (a break is all zeroes, which is
> very common while shorting the lines as the console is plugged in, and
> then random noise sent a 'c').
No no, it's not just return. It is either return or the longer '$3#33'
escape sequence. Default is $3#33, so it should be pretty safe (but of
course we can make it even longer, or even configurable).
Thanks,
--
Anton Vorontsov
Email: cbouatmailru@gmail.com
next prev parent reply other threads:[~2012-07-13 22:08 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-05 23:10 [PATCH 0/6] KGDB/KDB FIQ (NMI) debugger Anton Vorontsov
2012-07-05 23:10 ` Anton Vorontsov
2012-07-05 23:12 ` [PATCH 1/6] kernel/debug: Make use of KGDB_REASON_NMI Anton Vorontsov
2012-07-05 23:12 ` Anton Vorontsov
2012-07-05 23:12 ` [PATCH 2/6] kernel/debug: Mask KGDB NMI upon entry Anton Vorontsov
2012-07-05 23:12 ` Anton Vorontsov
2012-07-05 23:12 ` [PATCH 3/6] ARM: Move some macros from entry-armv to entry-header Anton Vorontsov
2012-07-05 23:12 ` Anton Vorontsov
2012-07-05 23:12 ` [PATCH 4/6] ARM: Add KGDB/KDB FIQ debugger generic code Anton Vorontsov
2012-07-05 23:12 ` Anton Vorontsov
2012-07-05 23:12 ` [PATCH 5/6] ARM: VIC: Add a couple of low-level FIQ management helpers Anton Vorontsov
2012-07-05 23:12 ` Anton Vorontsov
2012-07-05 23:12 ` [PATCH 6/6] ARM: versatile: Make able to use UART ports for KGDB FIQ debugger Anton Vorontsov
2012-07-05 23:12 ` Anton Vorontsov
2012-07-06 0:02 ` [PATCH 0/6] KGDB/KDB FIQ (NMI) debugger Colin Cross
2012-07-06 0:02 ` Colin Cross
2012-07-13 9:49 ` Anton Vorontsov
2012-07-13 9:49 ` Anton Vorontsov
2012-07-13 16:43 ` Colin Cross
2012-07-13 16:43 ` Colin Cross
2012-07-13 22:08 ` Anton Vorontsov [this message]
2012-07-13 22:08 ` Anton Vorontsov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120713220849.GA1778@lizard \
--to=anton.vorontsov@linaro.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.