redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/security/lockdown
History
Christopher M. Riedl 99c63ba21d powerpc/xmon: Restrict when kernel is locked down 
[ Upstream commit 69393cb03c ]

Xmon should be either fully or partially disabled depending on the
kernel lockdown state.

Put xmon into read-only mode for lockdown=integrity and prevent user
entry into xmon when lockdown=confidentiality. Xmon checks the lockdown
state on every attempted entry:

 (1) during early xmon'ing

 (2) when triggered via sysrq

 (3) when toggled via debugfs

 (4) when triggered via a previously enabled breakpoint

The following lockdown state transitions are handled:

 (1) lockdown=none -> lockdown=integrity
     set xmon read-only mode

 (2) lockdown=none -> lockdown=confidentiality
     clear all breakpoints, set xmon read-only mode,
     prevent user re-entry into xmon

 (3) lockdown=integrity -> lockdown=confidentiality
     clear all breakpoints, set xmon read-only mode,
     prevent user re-entry into xmon

Suggested-by: Andrew Donnellan <ajd@linux.ibm.com>
Signed-off-by: Christopher M. Riedl <cmr@informatik.wtf>
Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
Link: https://lore.kernel.org/r/20190907061124.1947-3-cmr@informatik.wtf
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2020-06-07 13:18:49 +02:00
..
Kconfig lockdown: Enforce module signatures if the kernel is locked down 2019-08-19 21:54:15 -07:00
Makefile
lockdown.c powerpc/xmon: Restrict when kernel is locked down 2020-06-07 13:18:49 +02:00