From patchwork Wed Apr  2 15:44:00 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Daniel Thompson <daniel.thompson@linaro.org>
X-Patchwork-Id: 27643
Return-Path: <patchwork-forward+bncBCAPDLF44QLBBYHA6CMQKGQEYVBD52Q@linaro.org>
X-Original-To: linaro@patches.linaro.org
Delivered-To: linaro@patches.linaro.org
Received: from mail-ig0-f199.google.com (mail-ig0-f199.google.com
 [209.85.213.199])
 by ip-10-151-82-157.ec2.internal (Postfix) with ESMTPS id DAC8920341
 for <linaro@patches.linaro.org>; Wed,  2 Apr 2014 15:44:32 +0000 (UTC)
Received: by mail-ig0-f199.google.com with SMTP id c1sf1306649igq.6
 for <linaro@patches.linaro.org>; Wed, 02 Apr 2014 08:44:32 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:delivered-to:from:to:cc:subject
 :date:message-id:in-reply-to:references:x-original-sender
 :x-original-authentication-results:precedence:mailing-list:list-id
 :list-post:list-help:list-archive:list-unsubscribe;
 bh=LcKAY/HNyGmopwIZ/Pj2jSW4/g9vuFHPwjNDgs44WC4=;
 b=eOuGm5eStj2VsA6g7zwS13a4o0yTa2ceH0AgGRhbfmEpd6qE6pZpOqY3ICpOk5PQnV
 DVDGWdUXCbC54TkYTKf8sugL9veo+dgFq+tmcFg9C+PsHasrLoJ1j6bmHem1hpq3WDUL
 xwjo5nGxBsYJlGxE7+Efw+vLfG0WmHZ+6nikv7mu4s2BxBKakBPOXue9czX6M/7W6XsT
 0V59toJoKH48bIbiYongND+eV+vvtaasbwU0iQBEUUeyMi508TW0sP9J9so8GZevxGB1
 G3GYBNz8cBySL4bHFgEfBo7E2x/DQOO/zBgo1DKfGrBcsc1vKyfKMd6Mh/CzyDIK+NRk
 EVOg==
X-Gm-Message-State: ALoCoQkRIE+kJSmr9BZQ1hKg6Z1ZSkVEoXOsD6urNTJM42JjjFKUg3GsOJr7mhlCXJxgYV7ONT3a
X-Received: by 10.182.95.68 with SMTP id di4mr532342obb.4.1396453472327;
 Wed, 02 Apr 2014 08:44:32 -0700 (PDT)
MIME-Version: 1.0
X-BeenThere: patchwork-forward@linaro.org
Received: by 10.140.35.208 with SMTP id n74ls362397qgn.65.gmail; Wed, 02 Apr
 2014 08:44:32 -0700 (PDT)
X-Received: by 10.52.65.132 with SMTP id x4mr1289581vds.36.1396453472127;
 Wed, 02 Apr 2014 08:44:32 -0700 (PDT)
Received: from mail-vc0-f171.google.com (mail-vc0-f171.google.com
 [209.85.220.171]) by mx.google.com with ESMTPS id
 tx7si628399vcb.116.2014.04.02.08.44.32
 for <patchwork-forward@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Wed, 02 Apr 2014 08:44:32 -0700 (PDT)
Received-SPF: neutral (google.com: 209.85.220.171 is neither permitted nor
 denied by best guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 client-ip=209.85.220.171; 
Received: by mail-vc0-f171.google.com with SMTP id lg15so569617vcb.16
 for <patchwork-forward@linaro.org>;
 Wed, 02 Apr 2014 08:44:32 -0700 (PDT)
X-Received: by 10.52.23.97 with SMTP id l1mr1224227vdf.11.1396453472033;
 Wed, 02 Apr 2014 08:44:32 -0700 (PDT)
X-Forwarded-To: patchwork-forward@linaro.org
X-Forwarded-For: patch@linaro.org patchwork-forward@linaro.org
Delivered-To: patches@linaro.org
Received: by 10.220.12.8 with SMTP id v8csp334266vcv;
 Wed, 2 Apr 2014 08:44:31 -0700 (PDT)
X-Received: by 10.180.149.240 with SMTP id ud16mr3033096wib.23.1396453471274; 
 Wed, 02 Apr 2014 08:44:31 -0700 (PDT)
Received: from mail-wi0-f172.google.com (mail-wi0-f172.google.com
 [209.85.212.172])
 by mx.google.com with ESMTPS id l8si1061978wjy.86.2014.04.02.08.44.30
 for <patches@linaro.org>
 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
 Wed, 02 Apr 2014 08:44:31 -0700 (PDT)
Received-SPF: neutral (google.com: 209.85.212.172 is neither permitted nor
 denied by best guess record for domain of
 daniel.thompson@linaro.org) client-ip=209.85.212.172; 
Received: by mail-wi0-f172.google.com with SMTP id hi2so5993363wib.17
 for <patches@linaro.org>; Wed, 02 Apr 2014 08:44:30 -0700 (PDT)
X-Received: by 10.194.9.8 with SMTP id v8mr1729406wja.53.1396453470578;
 Wed, 02 Apr 2014 08:44:30 -0700 (PDT)
Received: from sundance.lan (cpc4-aztw19-0-0-cust157.18-1.cable.virginm.net.
 [82.33.25.158]) by mx.google.com with ESMTPSA id
 dg7sm3450581wjc.4.2014.04.02.08.44.28 for <multiple recipients>
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Wed, 02 Apr 2014 08:44:29 -0700 (PDT)
From: Daniel Thompson <daniel.thompson@linaro.org>
To: kgdb-bugreport@lists.sourceforge.net,
 Jason Wessel <jason.wessel@windriver.com>
Cc: patches@linaro.org, linaro-kernel@lists.linaro.org,
 Daniel Thompson <daniel.thompson@linaro.org>, linux-kernel@vger.kernel.org,
 Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
 Jiri Slaby <jslaby@suse.cz>, Steven Rostedt <rostedt@goodmis.org>,
 Frederic Weisbecker <fweisbec@gmail.com>, Ingo Molnar <mingo@redhat.com>,
 John Stultz <john.stultz@linaro.org>,
 Anton Vorontsov <anton.vorontsov@linaro.org>,
 Colin Cross <ccross@android.com>, kernel-team@android.com
Subject: [RFC v2 10/10] kdb: Allow access to sensitive commands to be
 restricted by default
Date: Wed,  2 Apr 2014 16:44:00 +0100
Message-Id: <1396453440-16445-11-git-send-email-daniel.thompson@linaro.org>
X-Mailer: git-send-email 1.9.0
In-Reply-To: <1396453440-16445-1-git-send-email-daniel.thompson@linaro.org>
References: <1396453440-16445-1-git-send-email-daniel.thompson@linaro.org>
X-Removed-Original-Auth: Dkim didn't pass.
X-Original-Sender: daniel.thompson@linaro.org
X-Original-Authentication-Results: mx.google.com;       spf=neutral
 (google.com: 209.85.220.171 is neither permitted nor denied by best
 guess record for domain of
 patch+caf_=patchwork-forward=linaro.org@linaro.org)
 smtp.mail=patch+caf_=patchwork-forward=linaro.org@linaro.org
Precedence: list
Mailing-list: list patchwork-forward@linaro.org;
 contact patchwork-forward+owners@linaro.org
List-ID: <patchwork-forward.linaro.org>
X-Google-Group-Id: 836684582541
List-Post: <http://groups.google.com/a/linaro.org/group/patchwork-forward/post>, 
 <mailto:patchwork-forward@linaro.org>
List-Help: <http://support.google.com/a/linaro.org/bin/topic.py?topic=25838>, 
 <mailto:patchwork-forward+help@linaro.org>
List-Archive: <http://groups.google.com/a/linaro.org/group/patchwork-forward/>
List-Unsubscribe: <http://groups.google.com/a/linaro.org/group/patchwork-forward/subscribe>, 
 <mailto:googlegroups-manage+836684582541+unsubscribe@googlegroups.com>

Currently kiosk mode must be explicitly requested by the bootloader or
userspace. It is convenient to be able to change the default value in a
similar manner to CONFIG_MAGIC_SYSRQ_DEFAULT_MASK.

Signed-off-by: Daniel Thompson <daniel.thompson@linaro.org>
---
 kernel/debug/kdb/kdb_main.c |  2 +-
 lib/Kconfig.kgdb            | 21 +++++++++++++++++++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/kernel/debug/kdb/kdb_main.c b/kernel/debug/kdb/kdb_main.c
index 77b6e61..34f0989 100644
--- a/kernel/debug/kdb/kdb_main.c
+++ b/kernel/debug/kdb/kdb_main.c
@@ -47,7 +47,7 @@
 #undef	MODULE_PARAM_PREFIX
 #define	MODULE_PARAM_PREFIX "kdb."
 
-static bool kdb_kiosk;
+static bool kdb_kiosk = CONFIG_KDB_KIOSK_DEFAULT_ENABLE;
 module_param_named(kiosk, kdb_kiosk, bool, 0600);
 
 #define GREP_LEN 256
diff --git a/lib/Kconfig.kgdb b/lib/Kconfig.kgdb
index 358eb81..a284327 100644
--- a/lib/Kconfig.kgdb
+++ b/lib/Kconfig.kgdb
@@ -73,6 +73,27 @@ config KGDB_KDB
 	help
 	  KDB frontend for kernel
 
+config KDB_KIOSK_DEFAULT_ENABLE
+	bool "KDB: enable kiosk mode at kernel boot time"
+	depends on KGDB_KDB
+	default n
+	help
+	  Kiosk mode disables kdb commands that can be trivially used to
+	  escalate privilege or dump sensitive data. Those commands that
+	  remain are sufficient for certain types of fault diagnosis but
+	  not fully fledged debugging.
+
+	  Note that it is assumed that neither the process list, the
+	  kernel log buffer nor the (kernel) backtrace of running
+	  processes contain sensitive information.
+
+	  The config option merely sets the default at boot time. Both
+	  issuing 'echo X > /sys/module/kdb/parameters/kiosk' or
+          booting with kdb.kiosk=X kernel command line option will override
+	  the default settings.
+
+	  If unsure, say N.
+
 config KDB_KEYBOARD
 	bool "KGDB_KDB: keyboard as input device"
 	depends on VT && KGDB_KDB