From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 28E5DC43219 for ; Mon, 29 Apr 2019 04:56:12 +0000 (UTC) Received: from lists.ozlabs.org (lists.ozlabs.org [203.11.71.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 98E272087B for ; Mon, 29 Apr 2019 04:56:11 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=axtens.net header.i=@axtens.net header.b="MT3mzMT7" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 98E272087B Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=axtens.net Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Received: from lists.ozlabs.org (lists.ozlabs.org [IPv6:2401:3900:2:1::3]) by lists.ozlabs.org (Postfix) with ESMTP id 44ssn55jYWzDqNm for ; Mon, 29 Apr 2019 14:56:09 +1000 (AEST) Authentication-Results: lists.ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=axtens.net (client-ip=2607:f8b0:4864:20::441; helo=mail-pf1-x441.google.com; envelope-from=dja@axtens.net; receiver=) Authentication-Results: lists.ozlabs.org; dmarc=none (p=none dis=none) header.from=axtens.net Authentication-Results: lists.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=axtens.net header.i=@axtens.net header.b="MT3mzMT7"; dkim-atps=neutral Received: from mail-pf1-x441.google.com (mail-pf1-x441.google.com [IPv6:2607:f8b0:4864:20::441]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 44ssks4KYgzDqNB for ; Mon, 29 Apr 2019 14:54:12 +1000 (AEST) Received: by mail-pf1-x441.google.com with SMTP id 188so4697107pfd.8 for ; Sun, 28 Apr 2019 21:54:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=axtens.net; s=google; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version; bh=CXY8NMI+MMoFwyd5a0U3G9swoqWap2mhzcLLts/Z+iE=; b=MT3mzMT76800YDXvDZ5HeHvywukXbF/p5hE0jBqJpGYZZg1bhMX2UHmZ1HU1dvIheR 9V3fe+IwApl8EGbBqr2IZkMENTIoZrC2hLsTBul7PX4wqT1iG/MuEFlYgfUtMUoSToFc 7CbzrSVAtGB1V9nsEgm59WhrmtIFGM7bhpw1w= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version; bh=CXY8NMI+MMoFwyd5a0U3G9swoqWap2mhzcLLts/Z+iE=; b=qQ7VZqQOU0FUJiimI3ETlc2UYQeoQJrxnItA++f7Ps3dU5dJApfIqp224WslUo6e42 vzC6tCxn6skC14Sn5AzSpL90JPmbacHBkWr0PKg1gcVpnAKO+QS0JDk5f/eZSnR3v7Z2 YH+bmDQlgPDbZMhrtITh19PG66svmCPeBrVdANfiIeaYT/8Z4kx9OiB76Cv1ag7TrZbd H8xpEBo1dR6erCPyK73e42WmhSH5mj8R8YNbQ+VVxxNVOcA8dPrFBPkU3HyjMzqFAQBT 80nlZrNiUUdTj8gQbQmuLJYc3ERbHf6b7A31ATIN8AWR0u3PNTYwkJqp/ZKmc3QyfwiU ZR+A== X-Gm-Message-State: APjAAAUqZS0KzCgv8F/oGfNJ6GD/wr8RbrCsMufdaJOqjrwZxESrmEC3 A3J+g89JGpR3KF8E07u0I+nXLw== X-Google-Smtp-Source: APXvYqxOmKGuDu957cqrxEQ+1VImzuI7N1RjWAr+p16Qnie6ZNUhOIBHM3h6IhCgt1zC9o45e1De9A== X-Received: by 2002:a63:7d03:: with SMTP id y3mr55014550pgc.8.1556513648514; Sun, 28 Apr 2019 21:54:08 -0700 (PDT) Received: from localhost (ppp121-45-207-92.bras1.cbr1.internode.on.net. [121.45.207.92]) by smtp.gmail.com with ESMTPSA id j67sm74431179pfc.72.2019.04.28.21.54.06 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 28 Apr 2019 21:54:07 -0700 (PDT) From: Daniel Axtens To: Matthew Garrett , Andrew Donnellan Subject: Re: [PATCH V32 01/27] Add the ability to lock down access to the running kernel image In-Reply-To: <87wojdy8ro.fsf@dja-thinkpad.axtens.net> References: <20190404003249.14356-1-matthewgarrett@google.com> <20190404003249.14356-2-matthewgarrett@google.com> <059c523e-926c-24ee-0935-198031712145@au1.ibm.com> <87wojdy8ro.fsf@dja-thinkpad.axtens.net> Date: Mon, 29 Apr 2019 14:54:03 +1000 Message-ID: <87tvehxvh0.fsf@dja-thinkpad.axtens.net> MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: linuxppc-dev@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Linux on PowerPC Developers Mail List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Linux API , cmr , James Morris , Linux Kernel Mailing List , David Howells , LSM List , Andy Lutomirski , linuxppc-dev Errors-To: linuxppc-dev-bounces+linuxppc-dev=archiver.kernel.org@lists.ozlabs.org Sender: "Linuxppc-dev" Hi, >>> I'm thinking about whether we should lock down the powerpc xmon debug >>> monitor - intuitively, I think the answer is yes if for no other reason >>> than Least Astonishment, when lockdown is enabled you probably don't >>> expect xmon to keep letting you access kernel memory. >> >> The original patchset contained a sysrq hotkey to allow physically >> present users to disable lockdown, so I'm not super concerned about >> this case - I could definitely be convinced otherwise, though. So Mimi contacted me offlist and very helpfully provided me with a much better and less confused justification for disabling xmon in lockdown: On x86, physical presence (== console access) is a trigger to disable/enable lockdown mode. In lockdown mode, you're not supposed to be able to modify memory. xmon allows you to modify memory, and therefore shouldn't be allowed in lockdown. So, if you can disable lockdown on the console that's probably OK, but it should be specifically disabling lockdown, not randomly editing memory with xmon. Regards, Daniel