From: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
To: "Christopher M. Riedl" <cmr@informatik.wtf>, linuxppc-dev@ozlabs.org
Cc: oohall@gmail.com
Subject: Re: [PATCH v4] powerpc/xmon: add read-only mode
Date: Tue, 16 Apr 2019 13:27:04 +1000 [thread overview]
Message-ID: <58829b89-a589-db40-326f-e681f25b4aa0@au1.ibm.com> (raw)
In-Reply-To: <20190416032638.3588-1-cmr@informatik.wtf>
Reviewed-by: Andrew Donnellan <andrew.donnellan@au1.ibm.com>
On 16/4/19 1:26 pm, Christopher M. Riedl wrote:
> Operations which write to memory and special purpose registers should be
> restricted on systems with integrity guarantees (such as Secure Boot)
> and, optionally, to avoid self-destructive behaviors.
>
> Add a config option, XMON_DEFAULT_RO_MODE, to set default xmon behavior.
> The kernel cmdline options xmon=ro and xmon=rw override this default.
>
> The following xmon operations are affected:
> memops:
> disable memmove
> disable memset
> disable memzcan
> memex:
> no-op'd mwrite
> super_regs:
> no-op'd write_spr
> bpt_cmds:
> disable
> proc_call:
> disable
>
> Signed-off-by: Christopher M. Riedl <cmr@informatik.wtf>
> Reviewed-by: Oliver O'Halloran <oohall@gmail.com>
> ---
>
> v3->v4:
> Address Andrew's nitpick.
>
> arch/powerpc/Kconfig.debug | 8 ++++++++
> arch/powerpc/xmon/xmon.c | 42 ++++++++++++++++++++++++++++++++++++++
> 2 files changed, 50 insertions(+)
>
> diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug
> index 4e00cb0a5464..326ac5ea3f72 100644
> --- a/arch/powerpc/Kconfig.debug
> +++ b/arch/powerpc/Kconfig.debug
> @@ -117,6 +117,14 @@ config XMON_DISASSEMBLY
> to say Y here, unless you're building for a memory-constrained
> system.
>
> +config XMON_DEFAULT_RO_MODE
> + bool "Restrict xmon to read-only operations by default"
> + depends on XMON
> + default y
> + help
> + Operate xmon in read-only mode. The cmdline options 'xmon=rw' and
> + 'xmon=ro' override this default.
> +
> config DEBUGGER
> bool
> depends on KGDB || XMON
> diff --git a/arch/powerpc/xmon/xmon.c b/arch/powerpc/xmon/xmon.c
> index a0f44f992360..ce98c8049eb6 100644
> --- a/arch/powerpc/xmon/xmon.c
> +++ b/arch/powerpc/xmon/xmon.c
> @@ -80,6 +80,7 @@ static int set_indicator_token = RTAS_UNKNOWN_SERVICE;
> #endif
> static unsigned long in_xmon __read_mostly = 0;
> static int xmon_on = IS_ENABLED(CONFIG_XMON_DEFAULT);
> +static bool xmon_is_ro = IS_ENABLED(CONFIG_XMON_DEFAULT_RO_MODE);
>
> static unsigned long adrs;
> static int size = 1;
> @@ -202,6 +203,8 @@ static void dump_tlb_book3e(void);
> #define GETWORD(v) (((v)[0] << 24) + ((v)[1] << 16) + ((v)[2] << 8) + (v)[3])
> #endif
>
> +static const char *xmon_ro_msg = "Operation disabled: xmon in read-only mode\n";
> +
> static char *help_string = "\
> Commands:\n\
> b show breakpoints\n\
> @@ -989,6 +992,10 @@ cmds(struct pt_regs *excp)
> memlocate();
> break;
> case 'z':
> + if (xmon_is_ro) {
> + printf(xmon_ro_msg);
> + break;
> + }
> memzcan();
> break;
> case 'i':
> @@ -1042,6 +1049,10 @@ cmds(struct pt_regs *excp)
> set_lpp_cmd();
> break;
> case 'b':
> + if (xmon_is_ro) {
> + printf(xmon_ro_msg);
> + break;
> + }
> bpt_cmds();
> break;
> case 'C':
> @@ -1055,6 +1066,10 @@ cmds(struct pt_regs *excp)
> bootcmds();
> break;
> case 'p':
> + if (xmon_is_ro) {
> + printf(xmon_ro_msg);
> + break;
> + }
> proccall();
> break;
> case 'P':
> @@ -1777,6 +1792,11 @@ read_spr(int n, unsigned long *vp)
> static void
> write_spr(int n, unsigned long val)
> {
> + if (xmon_is_ro) {
> + printf(xmon_ro_msg);
> + return;
> + }
> +
> if (setjmp(bus_error_jmp) == 0) {
> catch_spr_faults = 1;
> sync();
> @@ -2016,6 +2036,12 @@ mwrite(unsigned long adrs, void *buf, int size)
> char *p, *q;
>
> n = 0;
> +
> + if (xmon_is_ro) {
> + printf(xmon_ro_msg);
> + return n;
> + }
> +
> if (setjmp(bus_error_jmp) == 0) {
> catch_memory_errors = 1;
> sync();
> @@ -2884,9 +2910,17 @@ memops(int cmd)
> scanhex((void *)&mcount);
> switch( cmd ){
> case 'm':
> + if (xmon_is_ro) {
> + printf(xmon_ro_msg);
> + break;
> + }
> memmove((void *)mdest, (void *)msrc, mcount);
> break;
> case 's':
> + if (xmon_is_ro) {
> + printf(xmon_ro_msg);
> + break;
> + }
> memset((void *)mdest, mval, mcount);
> break;
> case 'd':
> @@ -3796,6 +3830,14 @@ static int __init early_parse_xmon(char *p)
> } else if (strncmp(p, "on", 2) == 0) {
> xmon_init(1);
> xmon_on = 1;
> + } else if (strncmp(p, "rw", 2) == 0) {
> + xmon_init(1);
> + xmon_on = 1;
> + xmon_is_ro = false;
> + } else if (strncmp(p, "ro", 2) == 0) {
> + xmon_init(1);
> + xmon_on = 1;
> + xmon_is_ro = true;
> } else if (strncmp(p, "off", 3) == 0)
> xmon_on = 0;
> else
>
--
Andrew Donnellan OzLabs, ADL Canberra
andrew.donnellan@au1.ibm.com IBM Australia Limited
next prev parent reply other threads:[~2019-04-16 3:28 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-16 3:26 [PATCH v4] powerpc/xmon: add read-only mode Christopher M. Riedl
2019-04-16 3:27 ` Andrew Donnellan [this message]
2019-05-03 6:59 ` Michael Ellerman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=58829b89-a589-db40-326f-e681f25b4aa0@au1.ibm.com \
--to=andrew.donnellan@au1.ibm.com \
--cc=cmr@informatik.wtf \
--cc=linuxppc-dev@ozlabs.org \
--cc=oohall@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.