Re: [PATCH V32 01/27] Add the ability to lock down access to the running kernel image

[Andrew Donnellan]

On 29/4/19 2:54 pm, Daniel Axtens wrote:
> Hi,
>
> > > > I'm thinking about whether we should lock down the powerpc xmon debug
> > > > monitor - intuitively, I think the answer is yes if for no other reason
> > > > than Least Astonishment, when lockdown is enabled you probably don't
> > > > expect xmon to keep letting you access kernel memory.
> > >
> > > The original patchset contained a sysrq hotkey to allow physically
> > > present users to disable lockdown, so I'm not super concerned about
> > > this case - I could definitely be convinced otherwise, though.
>
> So Mimi contacted me offlist and very helpfully provided me with a much
> better and less confused justification for disabling xmon in lockdown:
>
> On x86, physical presence (== console access) is a trigger to
> disable/enable lockdown mode.
>
> In lockdown mode, you're not supposed to be able to modify memory. xmon
> allows you to modify memory, and therefore shouldn't be allowed in
> lockdown.
>
> So, if you can disable lockdown on the console that's probably OK, but
> it should be specifically disabling lockdown, not randomly editing
> memory with xmon.

That makes sense.

--
Andrew Donnellan              OzLabs, ADL Canberra
andrew.donnellan@xxxxxxxxxxx  IBM Australia Limited