From: Prarit Bhargava <prarit@redhat.com>
To: Clemens Ladisch <clemens@ladisch.de>
Cc: linux-kernel@vger.kernel.org
Subject: Re: [PATCH] hpet, allow user controlled mmap for user processes
Date: Tue, 19 Mar 2013 10:21:48 -0400 [thread overview]
Message-ID: <5148747C.9020803@redhat.com> (raw)
In-Reply-To: <5148171D.10807@ladisch.de>
On 03/19/2013 03:43 AM, Clemens Ladisch wrote:
> Prarit Bhargava wrote:
>> The CONFIG_HPET_MMAP Kconfig option exposes the memory map of the HPET
>> registers to userspace. The Kconfig help points out that in some cases this
>> can be a security risk as some systems may erroneously configure the map such
>> that additional data is exposed to userspace.
>>
>> This is a problem for distributions -- some users want the MMAP functionality
>> but it comes with a significant security risk. In an effort to mitigate this
>> risk, and due to the low number of users of the MMAP functionality, I've
>> introduced a kernel parameter, hpet_mmap_enable, that is required in order
>> to actually have the HPET MMAP exposed.
>>
>> [v2]: Clemens suggested modifying the Kconfig help text and making the
>> default setting configurable.
>>
>> Signed-off-by: Prarit Bhargava <prarit@redhat.com>
>> Cc: Clemens Ladisch <clemens@ladisch.de>
>
>> +++ b/Documentation/kernel-parameters.txt
>> + hpet_mmap_enable [X86, HPET_MMAP] option to expose HPET MMAP to
>> + userspace. By default this is disabled.
>
> This now takes a value.
>
>> + int "Enable HPET MMAP access by default"
>> + range 0 1
>
> Shouldn't this be bool?
I'll fix those in v3.
>
>> + default 0
>
> This breaks backwards compatibility.
Does backwards compatibility matter for something like? I have no problem
setting it to 1 but I'm more curious from a general kernel point of view.
I'll change this in v3 as well.
P.
P.
>
>
> Regards,
> Clemens
next prev parent reply other threads:[~2013-03-19 14:21 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-15 20:00 [PATCH] hpet, allow user controlled mmap for user processes Prarit Bhargava
2013-03-16 9:54 ` Clemens Ladisch
2013-03-18 12:24 ` Prarit Bhargava
2013-03-19 7:43 ` Clemens Ladisch
2013-03-19 14:21 ` Prarit Bhargava [this message]
2013-03-19 14:51 ` Clemens Ladisch
2013-03-22 13:32 ` Prarit Bhargava
2013-08-29 6:01 ` Matt Wilson
2013-09-13 0:00 ` Prarit Bhargava
2013-09-29 20:28 ` [PATCH] hpet: " Clemens Ladisch
2013-03-19 14:49 ` [PATCH] hpet, " Prarit Bhargava
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5148747C.9020803@redhat.com \
--to=prarit@redhat.com \
--cc=clemens@ladisch.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.