Re: [PATCH V32 01/27] Add the ability to lock down access to the running kernel image

From: Matthew Garrett
Date: Thu Apr 18 2019 - 15:35:51 EST

Next message: Rafael J. Wysocki: "Re: [PATCH] x86: tsc: Rework time_cpufreq_notifier()"
Previous message: Rafael J. Wysocki: "Re: [PATCH] driver core: Clarify which counterparts to use to device_add()"
In reply to: Daniel Axtens: "Re: [PATCH V32 01/27] Add the ability to lock down access to the running kernel image"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 16, 2019 at 1:40 AM Andrew Donnellan
<andrew.donnellan@xxxxxxxxxxx> wrote:
> I'm thinking about whether we should lock down the powerpc xmon debug
> monitor - intuitively, I think the answer is yes if for no other reason
> than Least Astonishment, when lockdown is enabled you probably don't
> expect xmon to keep letting you access kernel memory.

The original patchset contained a sysrq hotkey to allow physically
present users to disable lockdown, so I'm not super concerned about
this case - I could definitely be convinced otherwise, though.

Next message: Rafael J. Wysocki: "Re: [PATCH] x86: tsc: Rework time_cpufreq_notifier()"
Previous message: Rafael J. Wysocki: "Re: [PATCH] driver core: Clarify which counterparts to use to device_add()"
In reply to: Daniel Axtens: "Re: [PATCH V32 01/27] Add the ability to lock down access to the running kernel image"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]