> On March 29, 2019 at 12:49 AM Andrew Donnellan <andrew.donnel...@au1.ibm.com> > wrote: > > > On 29/3/19 3:21 pm, cmr wrote: > > Operations which write to memory should be restricted on secure systems > > and optionally to avoid self-destructive behaviors. > > For reference: > - https://github.com/linuxppc/issues/issues/219 > - https://github.com/linuxppc/issues/issues/232 > > Perhaps clarify what is meant here by "secure systems". > > Otherwise commit message looks good. >
I will reword this for the next patch to reflect the verbiage in the referenced github issue -- ie. Secure Boot and not violating secure boot integrity by using xmon. > > > --- > > arch/powerpc/Kconfig.debug | 7 +++++++ > > arch/powerpc/xmon/xmon.c | 24 ++++++++++++++++++++++++ > > 2 files changed, 31 insertions(+) > > > > diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug > > index 4e00cb0a5464..33cc01adf4cb 100644 > > --- a/arch/powerpc/Kconfig.debug > > +++ b/arch/powerpc/Kconfig.debug > > @@ -117,6 +117,13 @@ config XMON_DISASSEMBLY > > to say Y here, unless you're building for a memory-constrained > > system. > > > > +config XMON_RO > > + bool "Set xmon read-only mode" > > + depends on XMON > > + default y > > + help > > + Disable state- and memory-altering write operations in xmon. > > The meaning of this option is a bit unclear. > > From the code - it looks like what this option actually does is enable > RO mode *by default*. In which case it should probably be called > XMON_RO_DEFAULT and the description should note that RW mode can still > be enabled via a cmdline option. > Based on Christophe's feedback the default will change for this option in the next patch. I will also add the cmdline options to the description for clarity. > > > + > > config DEBUGGER > > bool > > depends on KGDB || XMON > > diff --git a/arch/powerpc/xmon/xmon.c b/arch/powerpc/xmon/xmon.c > > index a0f44f992360..c13ee73cdfd4 100644 > > --- a/arch/powerpc/xmon/xmon.c > > +++ b/arch/powerpc/xmon/xmon.c > > @@ -80,6 +80,7 @@ static int set_indicator_token = RTAS_UNKNOWN_SERVICE; > > #endif > > static unsigned long in_xmon __read_mostly = 0; > > static int xmon_on = IS_ENABLED(CONFIG_XMON_DEFAULT); > > +static int xmon_ro = IS_ENABLED(CONFIG_XMON_RO); > > > > static unsigned long adrs; > > static int size = 1; > > @@ -1042,6 +1043,8 @@ cmds(struct pt_regs *excp) > > set_lpp_cmd(); > > break; > > case 'b': > > + if (xmon_ro == 1) > > + break; > > For all these cases - it would be much better to print an error message > somewhere when we abort due to read-only mode. > I included print messages initially but then thought about how xmon is intended for "power" users. I can add print statements to avoid confusion and frustration since the operations are just "silently" dropped -- *if* that aligns with xmon's "philosophy".