[PATCH] powerpc/mm: add devmem_is_allowed() for STRICT_DEVMEM checking

Scott Wood scottwood at freescale.com
Wed Feb 2 05:35:56 EST 2011


On Tue, 1 Feb 2011 12:21:45 -0500
Steve Best <sfbest at us.ibm.com> wrote:

> 
> On Mon, 2011-01-31 at 13:40 -0600, Scott Wood wrote:
> > I don't see how this is a sane thing to turn on by default (you're not
> > restricting it, BTW -- you're completely disabling it with that
> > implementation of devmem_is_allowed).  It will break anything that
> > uses /dev/mem to access I/O, 
> 
> could you expand on what I/O depends on /dev/mem, so I can take
> that into account?

It could be anything.  You're shutting off, by default, a
longstanding userspace interface, that already has adequate security
protection.

Even x86 doesn't default it to yes (though it does say "if in doubt
say Y"), and when enabled x86 only restricts access to memory, not I/O.

> > possibly including desktoppy stuff like X
> > servers, 
> 
> you are right just found out that X needs to access it. will 
> take that into account
> > as well as lots of stuff that goes on in embedded setups.
> 
> could you explain more about what needs access to /dev/mem in 
> the embedded setups?

All sorts of custom stuff -- userspace drivers, special memory regions
reserved at boot, etc.

If you really want this, I suggest prohibiting access only when it's an
actual RAM page tracked by the kernel (maybe only when PageReserved
is unset as well?), or when iomem_is_exclusive returns true.

-Scott



More information about the Linuxppc-dev mailing list