[PATCH linux dev-4.18] /dev/mem: add a devmem kernel parameter to activate the device

Cédric Le Goater clg at kaod.org
Wed Nov 14 00:03:05 AEDT 2018


On 11/8/18 2:11 AM, Andrew Jeffery wrote:
> On Mon, 22 Oct 2018, at 08:54, Joel Stanley wrote:
>> On Fri, 12 Oct 2018 at 18:37, Cédric Le Goater <clg at kaod.org> wrote:
>>>
>>> For security reasons, some configuration needs to run without /dev/mem
>>> but on some occasions, to debug HW for instance, it's still useful to
>>> be able to reboot the system with access to physical memory.
>>>
>>> Add a kernel parameter which activates the /dev/mem device only when
>>> 'mem.devmem' is enabled.
>>>
>>> Signed-off-by: Cédric Le Goater <clg at kaod.org>
>>
>> Thanks Cédric. I've put this in the 4.18 tree.
>>
>> Can you submit this upstream too please?
> 
> Have this been done? Just following up out of interest.

no. 

> I do wonder about it though. /dev/mem is accessible if you're root, but given
>  pretty much everything runs as root on the BMC we turn it off. But if it's just
> a kernel commandline parameter away, it's also just a
> `fw_setenv ... && reboot` away, at which point all the security is gone? If
> you're somehow not root on the BMC then you wouldn't have access even if
> it were present, and you can't change the u-boot environment either.

You seem to be suggesting that we should reactivate /dev/mem ? 

C. 


More information about the openbmc mailing list