From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1BBE8C433FE for ; Wed, 25 May 2022 14:07:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S242353AbiEYOHl (ORCPT ); Wed, 25 May 2022 10:07:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35052 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S243948AbiEYOH1 (ORCPT ); Wed, 25 May 2022 10:07:27 -0400 Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 925DBAB0CD for ; Wed, 25 May 2022 07:07:09 -0700 (PDT) Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id F12FB5C016C; Wed, 25 May 2022 10:07:08 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Wed, 25 May 2022 10:07:08 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kroah.com; h=cc :cc:content-type:date:date:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:sender:subject :subject:to:to; s=fm1; t=1653487628; x=1653574028; bh=RTanVjdOt6 B7TY1l35UYbSRcLK4clrYoICGHFSKQusM=; b=I3kEtyHKWcdOvAU7Yt1WRZJPAK +5HHzSMvqpD+mU3qMvr5Mw9BKPcnLPVVH7uIPEQQjUTxRboL7TFA7CPVy0srqjXD pTtY4fp386cfmB0irEK5wQCSRg2A6JHeQ0LE4Z58eMhN04afHaEIjuzzNPQ1ou5F k7JD0fpo+FfmtgPNIkRrOmjPa4zGBoOMaYLXdFmzMHvBMSOEtwkUHgWywLY1xoIC MzyW8AzhnhaOJ/mPxVhvGlYcphxXRjsSq3dXAp3+zpWoxORU68t1bCjVYTrmml5a nItIE97sDrgCQVRyksxhQW6TWpHExN7x/Z9IVRMFehjtJXI9NCl5SA4LfxIg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:date:date:feedback-id :feedback-id:from:from:in-reply-to:in-reply-to:message-id :mime-version:references:reply-to:sender:subject:subject:to:to :x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm1; t=1653487628; x=1653574028; bh=RTanVjdOt6B7TY1l35UYbSRcLK4c lrYoICGHFSKQusM=; b=aB811JCR5XvFkV/yvVe44c9mRJnTWNXBJN3q3h9LEXDe oOuZAIdAwMK+kPgwoAq8jojfKIMBYdt/wS9TgPKlRn2w6YycPYffucOkNhnVUvtB fj3LbapkUpz+STo98XeHkmsdWzcOxOlnfHgW2zwxwPmlPvAx2Eg/z723Kf13tmVo Mj5OOWcijsjCtUPQenRaSS+SP1TkOVrnvbL4Uokw6TL8l9YkGUMrMNvGG/T1Q0s7 Rnr2oQSY9WErX1LM7lwp1MVEjPaQKNG/d2dvOqHRUp5u1yuCuW1k/OuPS2xZCkKU 8jd5KBGklc8RxF2l6/h5n5bZ0neYTu+A1JlC9dOatA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrjeehgdejtdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpeffhffvvefukfhfgggtuggjsehttdertddttddvnecuhfhrohhmpefirhgvghcu mffjuceoghhrvghgsehkrhhorghhrdgtohhmqeenucggtffrrghtthgvrhhnpeehgedvve dvleejuefgtdduudfhkeeltdeihfevjeekjeeuhfdtueefhffgheekteenucevlhhushht vghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehgrhgvgheskhhrohgrhh drtghomh X-ME-Proxy: Feedback-ID: i787e41f1:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 25 May 2022 10:07:07 -0400 (EDT) Date: Wed, 25 May 2022 15:51:13 +0200 From: Greg KH To: Daniel Thompson Cc: stable@vger.kernel.org, Jason Wessel , Douglas Anderson , Stephen Brennan , Konrad Wilk Subject: Re: [PATCH v5.4] lockdown: also lock down previous kgdb use Message-ID: References: <20220525133107.204183-1-daniel.thompson@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20220525133107.204183-1-daniel.thompson@linaro.org> Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org On Wed, May 25, 2022 at 02:31:07PM +0100, Daniel Thompson wrote: > commit eadb2f47a3ced5c64b23b90fd2a3463f63726066 upstream. > > KGDB and KDB allow read and write access to kernel memory, and thus > should be restricted during lockdown. An attacker with access to a > serial port (for example, via a hypervisor console, which some cloud > vendors provide over the network) could trigger the debugger so it is > important that the debugger respect the lockdown mode when/if it is > triggered. > > Fix this by integrating lockdown into kdb's existing permissions > mechanism. Unfortunately kgdb does not have any permissions mechanism > (although it certainly could be added later) so, for now, kgdb is simply > and brutally disabled by immediately exiting the gdb stub without taking > any action. > > For lockdowns established early in the boot (e.g. the normal case) then > this should be fine but on systems where kgdb has set breakpoints before > the lockdown is enacted than "bad things" will happen. > > CVE: CVE-2022-21499 > Co-developed-by: Stephen Brennan > Signed-off-by: Stephen Brennan > Reviewed-by: Douglas Anderson > Signed-off-by: Daniel Thompson > Signed-off-by: Linus Torvalds > --- > > Notes: > Original patch did not backport cleanly. This backport is fixed up, > compile tested (on arm64) and side-by-side compared against the > original. > Now queued up, thanks. greg k-h