Re: [PATCH v2 2/3] Add lockdown mode - Marek Marczykowski-Górecki

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Marek Marczykowski-Górecki" <marmarek@invisiblethingslab.com>
To: Kevin Lampis <kevin.lampis@cloud.com>
Cc: xen-devel@lists.xenproject.org,
	Ross Lagerwall <ross.lagerwall@citrix.com>
Subject: Re: [PATCH v2 2/3] Add lockdown mode
Date: Mon, 2 Jun 2025 16:20:26 +0200	[thread overview]
Message-ID: <aD2zKsIcsQt-LQlt@mail-itl> (raw)
In-Reply-To: <20250602134656.3836280-3-kevin.lampis@cloud.com>

[-- Attachment #1: Type: text/plain, Size: 2275 bytes --]

On Mon, Jun 02, 2025 at 02:46:55PM +0100, Kevin Lampis wrote:
> From: Ross Lagerwall <ross.lagerwall@citrix.com>
> 
> The intention of lockdown mode is to prevent attacks from a rogue dom0
> userspace from compromising the system. Lockdown mode can be controlled by a
> Kconfig option and a command-line parameter. It is also enabled automatically
> when Secure Boot is enabled and it cannot be disabled in that case.
> 
> If enabled from the command-line then it is required to be first in the
> list otherwise Xen may process some insecure parameters before reaching
> the lockdown parameter.
> 
> Signed-off-by: Ross Lagerwall <ross.lagerwall@citrix.com>
> Signed-off-by: Kevin Lampis <kevin.lampis@cloud.com>
> ---
> Changes in v2:
> - Remove custom command line parsing
> - Print warning if lockdown is not first on command line
> ---
...

> diff --git a/xen/common/lockdown.c b/xen/common/lockdown.c
> new file mode 100644
> index 0000000000..84eabe9c83
> --- /dev/null
> +++ b/xen/common/lockdown.c
> @@ -0,0 +1,54 @@
> +/* SPDX-License-Identifier: GPL-2.0-or-later */
> +
> +#include <xen/efi.h>
> +#include <xen/lockdown.h>
> +#include <xen/param.h>
> +
> +#define FIRST_ARG_FLAG 2
> +
> +static int __ro_after_init lockdown = IS_ENABLED(CONFIG_LOCKDOWN_DEFAULT);
> +
> +void __init lockdown_set_first_flag(void)
> +{
> +    lockdown |= FIRST_ARG_FLAG;
> +}
> +
> +void __init lockdown_clear_first_flag(void)
> +{
> +    lockdown &= ~FIRST_ARG_FLAG;
> +}
> +
> +static int __init parse_lockdown_opt(const char *s)
> +{
> +    if ( strncmp("no", s, 2) == 0 )

This is rather inconsistent with other bool options. I think you want to
use parse_bool() here.

> +        if ( efi_secure_boot )
> +            printk("lockdown can't be disabled because Xen booted in Secure Boot mode\n");
> +        else
> +            lockdown = 0;
> +    else
> +    {
> +        if ( !(lockdown & FIRST_ARG_FLAG) )
> +            printk("lockdown was not the first argument, unsafe arguments may have been already processed\n");
> +
> +        lockdown = 1;
> +    }
> +
> +    return 0;
> +}
> +custom_param("lockdown", parse_lockdown_opt);

-- 
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

next prev parent reply	other threads:[~2025-06-02 14:20 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-06-02 13:46 [PATCH v2 0/3] Add lockdown mode Kevin Lampis
2025-06-02 13:46 ` [PATCH v2 1/3] efi: Add a function to check if Secure Boot mode is enabled Kevin Lampis
2025-06-03 12:06   ` Andrew Cooper
2025-06-02 13:46 ` [PATCH v2 2/3] Add lockdown mode Kevin Lampis
2025-06-02 14:20   ` Marek Marczykowski-Górecki [this message]
2025-06-02 15:31     ` Kevin Lampis
2025-06-03 16:29   ` Andrew Cooper
2025-06-03 16:38     ` Ross Lagerwall
2025-06-02 13:46 ` [PATCH v2 3/3] Disallow most command-line options when lockdown mode is enabled Kevin Lampis
2025-06-02 14:16   ` Marek Marczykowski-Górecki
2025-06-02 14:22     ` Jan Beulich
2025-06-03 13:09       ` Marek Marczykowski-Górecki
2025-06-10 15:56   ` Jan Beulich
2025-06-11  8:56     ` Kevin Lampis
  -- strict thread matches above, loose matches on Subject: below --
2025-05-12 19:56 [PATCH 2/3] Add lockdown mode Kevin Lampis
2025-05-20 11:57 ` [PATCH v2 " Kevin Lampis
2025-05-20 14:23   ` Jan Beulich
2025-05-20 14:33     ` Kevin Lampis

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=aD2zKsIcsQt-LQlt@mail-itl \
    --to=marmarek@invisiblethingslab.com \
    --cc=kevin.lampis@cloud.com \
    --cc=ross.lagerwall@citrix.com \
    --cc=xen-devel@lists.xenproject.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.