From: mingo@kernel.org (Ingo Molnar)
To: linux-arm-kernel@lists.infradead.org
Subject: [RFC PATCH] restrict /dev/mem to idle io memory ranges
Date: Mon, 23 Nov 2015 10:38:12 +0100 [thread overview]
Message-ID: <20151123093812.GA28212@gmail.com> (raw)
In-Reply-To: <CAPcyv4hagUwc3AJuDHvBy+YR1Khv+5uUL0HZawO9R0r-EZLVHg@mail.gmail.com>
* Dan Williams <dan.j.williams@intel.com> wrote:
> On Fri, Nov 20, 2015 at 12:12 PM, Russell King - ARM Linux
> <linux@arm.linux.org.uk> wrote:
> > On Fri, Nov 20, 2015 at 09:31:33AM -0800, Dan Williams wrote:
> >> This effectively promotes IORESOURCE_BUSY to IORESOURCE_EXCLUSIVE
> >> semantics by default. If userspace really believes it is safe to access
> >> the memory region it can also perform the extra step of disabling an
> >> active driver. This protects device address ranges with read side
> >> effects and otherwise directs userspace to use the driver.
> >
> > I'm happy with this as long as we retain the option to disable this
> > new behaviour.
> >
> > The reason being, when developing a driver, it is _very_ useful to
> > be able to poke around in the device's (and system memory) address
> > spaces with tools like devmem2 to work out what's going on when
> > things go wrong.
> >
> > To put it another way, I think it's a good idea to disable access to
> > these regions on production systems, but for driver development, we
> > want to retain the ability to poke around in physical address space
> > in any way we so desire.
> >
>
> Sounds ok to me, but I do think it's a good idea to default it to the
> same value as STRICT_DEVMEM. Perhaps:
>
> bool "Filter I/O access to /dev/mem" if EXPERT
> default STRICT_DEVMEM
Agreed, STRICT_DEVMEM=y should grandfather in this new (and very sensible)
restriction.
Thanks,
Ingo
WARNING: multiple messages have this Message-ID (diff)
From: Ingo Molnar <mingo@kernel.org>
To: Dan Williams <dan.j.williams@intel.com>
Cc: Russell King - ARM Linux <linux@arm.linux.org.uk>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Kees Cook <keescook@chromium.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Catalin Marinas <catalin.marinas@arm.com>,
linux-nvdimm <linux-nvdimm@ml01.01.org>,
Heiko Carstens <heiko.carstens@de.ibm.com>,
Will Deacon <will.deacon@arm.com>, Ingo Molnar <mingo@redhat.com>,
Benjamin Herrenschmidt <benh@kernel.crashing.org>,
"H. Peter Anvin" <hpa@zytor.com>,
Martin Schwidefsky <schwidefsky@de.ibm.com>,
Thomas Gleixner <tglx@linutronix.de>,
Andrew Morton <akpm@linux-foundation.org>,
"linux-arm-kernel@lists.infradead.org"
<linux-arm-kernel@lists.infradead.org>
Subject: Re: [RFC PATCH] restrict /dev/mem to idle io memory ranges
Date: Mon, 23 Nov 2015 10:38:12 +0100 [thread overview]
Message-ID: <20151123093812.GA28212@gmail.com> (raw)
In-Reply-To: <CAPcyv4hagUwc3AJuDHvBy+YR1Khv+5uUL0HZawO9R0r-EZLVHg@mail.gmail.com>
* Dan Williams <dan.j.williams@intel.com> wrote:
> On Fri, Nov 20, 2015 at 12:12 PM, Russell King - ARM Linux
> <linux@arm.linux.org.uk> wrote:
> > On Fri, Nov 20, 2015 at 09:31:33AM -0800, Dan Williams wrote:
> >> This effectively promotes IORESOURCE_BUSY to IORESOURCE_EXCLUSIVE
> >> semantics by default. If userspace really believes it is safe to access
> >> the memory region it can also perform the extra step of disabling an
> >> active driver. This protects device address ranges with read side
> >> effects and otherwise directs userspace to use the driver.
> >
> > I'm happy with this as long as we retain the option to disable this
> > new behaviour.
> >
> > The reason being, when developing a driver, it is _very_ useful to
> > be able to poke around in the device's (and system memory) address
> > spaces with tools like devmem2 to work out what's going on when
> > things go wrong.
> >
> > To put it another way, I think it's a good idea to disable access to
> > these regions on production systems, but for driver development, we
> > want to retain the ability to poke around in physical address space
> > in any way we so desire.
> >
>
> Sounds ok to me, but I do think it's a good idea to default it to the
> same value as STRICT_DEVMEM. Perhaps:
>
> bool "Filter I/O access to /dev/mem" if EXPERT
> default STRICT_DEVMEM
Agreed, STRICT_DEVMEM=y should grandfather in this new (and very sensible)
restriction.
Thanks,
Ingo
next prev parent reply other threads:[~2015-11-23 9:38 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-20 17:31 [RFC PATCH] restrict /dev/mem to idle io memory ranges Dan Williams
2015-11-20 17:31 ` Dan Williams
2015-11-20 17:31 ` Dan Williams
2015-11-20 20:00 ` Arnd Bergmann
2015-11-20 20:00 ` Arnd Bergmann
2015-11-20 20:00 ` Arnd Bergmann
2015-11-20 20:07 ` Kees Cook
2015-11-20 20:07 ` Kees Cook
2015-11-20 20:07 ` Kees Cook
2015-11-20 20:12 ` Russell King - ARM Linux
2015-11-20 20:12 ` Russell King - ARM Linux
2015-11-20 20:26 ` Dan Williams
2015-11-20 20:26 ` Dan Williams
2015-11-20 20:45 ` Kees Cook
2015-11-20 20:45 ` Kees Cook
2015-11-23 9:38 ` Ingo Molnar [this message]
2015-11-23 9:38 ` Ingo Molnar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151123093812.GA28212@gmail.com \
--to=mingo@kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.