[RFC PATCH v2] powerpc/xmon: restrict when kernel is locked down
Andrew Donnellan
ajd at linux.ibm.com
Tue Jun 4 13:28:13 AEST 2019
On 4/6/19 1:05 pm, Christopher M Riedl wrote:>>> + if (!xmon_is_ro) {
>>> + xmon_is_ro = kernel_is_locked_down("Using xmon write-access",
>>> + LOCKDOWN_INTEGRITY);
>>> + if (xmon_is_ro) {
>>> + printf("xmon: Read-only due to kernel lockdown\n");
>>> + clear_all_bpt();
>>
>> Remind me again why we need to clear breakpoints in integrity mode?
>>
>>
>> Andrew
>>
>
> I interpreted "integrity" mode as meaning that any changes made by xmon should
> be reversed. This also covers the case when a user creates some breakpoint(s)
> in xmon, exits xmon, and then elevates the lockdown state. Upon hitting the
> first breakpoint and (re-)entering xmon, xmon will clear all breakpoints.
>
> Xmon can only take action in response to dynamic lockdown level changes when
> xmon is invoked in some manner - if there is a better way I am all ears :)
>
Integrity mode merely means we are aiming to prevent modifications to
kernel memory. IMHO leaving existing breakpoints in place is fine as
long as when we hit the breakpoint xmon is in read-only mode.
(dja/mpe might have opinions on this)
--
Andrew Donnellan OzLabs, ADL Canberra
ajd at linux.ibm.com IBM Australia Limited
More information about the Linuxppc-dev
mailing list