Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp964106yba; Thu, 18 Apr 2019 12:36:56 -0700 (PDT) X-Google-Smtp-Source: APXvYqx3aC9KMwk/rJRl3tbAAJ+SlODQOsGGXyeAggrvlrqo2bkmKvlqviUJKmZRtyAJJ9U4wyCj X-Received: by 2002:a63:f218:: with SMTP id v24mr91898372pgh.326.1555616216597; Thu, 18 Apr 2019 12:36:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555616216; cv=none; d=google.com; s=arc-20160816; b=rBH31ca+ywd00VgDTpxZc7eu0UV7e3j0xdOWftoTpew3CRvn2vup6QBJcroYvXcU5b Ov2qTUyy/XxbRerfG3c82z16zsP/0f3zq8UqhjzUPpXGyfXXDpaQak7BcIQIvRQXeog0 G4opPZ2rIE81Uzp0QzxRc/Sv92eoDNkhaNNm5Q98OOwn8mJH+bvqJUc8mErGejSnu4wa 3ASc+FuDB4hUprN/6r7U1Cci8ptS2gBVQO7ewY1C9lMfR63zzK5azNJF0Ooz4P6YDmBa kjRkMNHZ2yiigfbCFN3iwcbjEeSO6KMsA7/+6O+eOOCwB+XQvms3yWYoDMDZsgcCte1o W1OQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=mRy99qz2AMkYVZFv425R2doBAop8CHsZxNlVLtfW3eQ=; b=AIWVbjlsAA26dh20KVEIfjLPNqnc+ywBVHauj8v6XDtEsCanxTR1nl3He0xiblwSl3 DYlcJGVjTU+6b7JpXGVrW1npX9EkBSI+I+saROue6843Bm4clWW9osgHt6ww89CXfzT5 1mm5tFyYX4btsFfTchvnYe5o0IkiaN+sHbik33whIdaBFNOl/if5mqtTWpbZHrfwdst6 OrPahWQY30c71uS6o0B9xtxWcsZHdAEtZ/mYruJxZoErJiqwhgx+ulR8ciCsDaB5Dqq2 iWC0s5jStdLczZI8KOvuLIsvtYWOeLJmFrgZ+yTtDetTyKQG0ZxJVGlAI+xUJozjPp6F 9e3g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="eVAFhku/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p9si2893070plo.49.2019.04.18.12.36.41; Thu, 18 Apr 2019 12:36:56 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="eVAFhku/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389888AbfDRTft (ORCPT + 99 others); Thu, 18 Apr 2019 15:35:49 -0400 Received: from mail-it1-f194.google.com ([209.85.166.194]:38186 "EHLO mail-it1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389734AbfDRTfs (ORCPT ); Thu, 18 Apr 2019 15:35:48 -0400 Received: by mail-it1-f194.google.com with SMTP id f22so5096892ita.3 for ; Thu, 18 Apr 2019 12:35:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=mRy99qz2AMkYVZFv425R2doBAop8CHsZxNlVLtfW3eQ=; b=eVAFhku/XdVgMCLGF1pWwGePMOzh4kN+765FPgQ5wWCskNuETlJ/ljtK04DZ8DAMYA 6KirlgWILO8UcOP7+VAIZfQY9YhW+mMFNpgTqK/s89RNKQNChTyEsMd5znxj6hEuLrDF F+LGCwhNW0tI+wknP6IPzs1pf5uJv4qR3elhxX+g4+NxUhKPVjc3+4GA7cPWKPaj0TFy l/WBggm3UjrrQI21FfbCJQWzBnfMvL8/xYW7aRcgkJK/CiH4WRIefhST2cUZ75EJXuM7 x2MmFIi/peTST374MP6ex5Ys97JTlVh5hzQhWqhtH9IPGYcZMTZvdDEovy2VgyFVtyri Tn4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=mRy99qz2AMkYVZFv425R2doBAop8CHsZxNlVLtfW3eQ=; b=deOkoZ2iZW/LtaSxaWrk1gPCKGR+xcs8LfNM+UPYi/8HnD+t0ck+7AcrRjSKQxRveW UjNZ0ec/ouBOSmcBzv32nwUSn9LcfEpjP2T1eiOwfBk/0ZJPeUrpI2hOP7KL1Ing+gUY Tje9VLRz7br/4t2p3TFqpYjmSoF48RFJ+t0/MHMrI6sWIHv0fpPgvdUnd0P8SEhW7eJn TK2pY4iiLHDQfF4VxzNfZcq0mBAPhyiWjO1sB0EV/uE/K16HEKl8ExpXsN3QgShoeQoM 9ZsYeyZWz/+uM1ZkZG4PNcrDnuLkf5yFEiMExlpyobeoFa5qjn1l1D61+sLRceuD550Z Z49g== X-Gm-Message-State: APjAAAU1ooYNkOqCNFB0nva7z203ZroVs1xtDXjK5e3KqT/hEpDCB0aw t0/GWlFu0ID/KBNZOkcKPxf8AsY+2rNi7+sWNIWLeg== X-Received: by 2002:a02:b38f:: with SMTP id p15mr9719050jan.103.1555616147577; Thu, 18 Apr 2019 12:35:47 -0700 (PDT) MIME-Version: 1.0 References: <20190404003249.14356-1-matthewgarrett@google.com> <20190404003249.14356-2-matthewgarrett@google.com> <059c523e-926c-24ee-0935-198031712145@au1.ibm.com> In-Reply-To: <059c523e-926c-24ee-0935-198031712145@au1.ibm.com> From: Matthew Garrett Date: Thu, 18 Apr 2019 12:35:36 -0700 Message-ID: Subject: Re: [PATCH V32 01/27] Add the ability to lock down access to the running kernel image To: Andrew Donnellan Cc: James Morris , LSM List , Linux Kernel Mailing List , David Howells , Linux API , Andy Lutomirski , linuxppc-dev , Michael Ellerman , Daniel Axtens , cmr Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Apr 16, 2019 at 1:40 AM Andrew Donnellan wrote: > I'm thinking about whether we should lock down the powerpc xmon debug > monitor - intuitively, I think the answer is yes if for no other reason > than Least Astonishment, when lockdown is enabled you probably don't > expect xmon to keep letting you access kernel memory. The original patchset contained a sysrq hotkey to allow physically present users to disable lockdown, so I'm not super concerned about this case - I could definitely be convinced otherwise, though.