Re: [RFC PATCH v2] powerpc/xmon: restrict when kernel is locked down

[RFC PATCH v2] powerpc/xmon: restrict when kernel is locked down · Christopher M. Riedl <hidden> · 2019-05-24
Re: [RFC PATCH v2] powerpc/xmon: restrict when kernel is locked down · Andrew Donnellan <hidden> · 2019-06-03
Re: [RFC PATCH v2] powerpc/xmon: restrict when kernel is locked down · Christopher M Riedl <hidden> · 2019-06-04
Re: [RFC PATCH v2] powerpc/xmon: restrict when kernel is locked down · Andrew Donnellan <hidden> · 2019-06-04
Re: [RFC PATCH v2] powerpc/xmon: restrict when kernel is locked down · Daniel Axtens <hidden> · 2019-06-19
Re: [RFC PATCH v2] powerpc/xmon: restrict when kernel is locked down · Daniel Axtens <hidden> · 2019-07-29
Re: [RFC PATCH v2] powerpc/xmon: restrict when kernel is locked down · Christopher M Riedl <hidden> · 2019-08-03

From: Daniel Axtens <hidden>
Date: 2019-07-29 07:03:26

Hi Chris,

quoted

Remind me again why we need to clear breakpoints in integrity mode?

...

quoted

Integrity mode merely means we are aiming to prevent modifications to 
kernel memory. IMHO leaving existing breakpoints in place is fine as 
long as when we hit the breakpoint xmon is in read-only mode.

...

I think ajd is right. 

I think about it like this. There are 2 transitions:

 - into integrity mode

   Here, we need to go into r/o, but do not need to clear breakpoints.
   You can still insert breakpoints in readonly mode, so clearing them
   just makes things more irritating rather than safer.

 - into confidentiality mode

   Here we need to purge breakpoints and disable xmon completely.

Would you be able to send a v2 with these changes? (that is, not purging
breakpoints when entering integrity mode)

Regards,
Daniel

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help