From: ptesarik@suse.cz (Petr Tesarik)
To: linux-arm-kernel@lists.infradead.org
Subject: [PATCH 00/10] Enhance /dev/mem to allow read/write of arbitrary physical addresses
Date: Fri, 1 Jul 2011 21:34:45 +0200 [thread overview]
Message-ID: <201107012134.45881.ptesarik@suse.cz> (raw)
In-Reply-To: <20110701161345.GA29775@elte.hu>
Dne P? 1. ?ervence 2011 18:13:45 Ingo Molnar napsal(a):
> * H. Peter Anvin <hpa@zytor.com> wrote:
> > On 07/01/2011 08:36 AM, Ingo Molnar wrote:
> > > So we could kill multiple birds with the same stone here:
> > > - remove various ugly uses of /dev/mem (including the rootkit usage),
> > >
> > > with or without strict-devmem
> > >
> > > - extending it to above-4G for inspection purposes
> > >
> > > - allowing to kill /dev/mem access runtime similar to the
> > >
> > > disable_modules lock-down killswitch, for the so inclined.
> > >
> > > Would you be interested in modifying your patch-set in such a
> > > fashion?
Yes, this works for me. How persistent should the kill-switch be? I assume it
doesn't make much sense to make a sysfs toggle, because then it would still be
open to abuse. I'd rather see it specified on boot and never changed. Agreed?
Something like "enable_dev_mem" on the kenrel command line (default is
disabled).
On a similar note, I should probably rip off write_mem() completely and
disallow PROT_WRITE mmapping of the device. Right?
> > There is another use that I have looked at, as well: for testing
> > purposes, it would be extremely good to be able to dirty and/or
> > flush an arbitrary physical cache line for testing purposes.
> >
> > This is very very similar to /dev/mem usage -- access to an
> > arbitrary chunk of memory -- and a fully enabled /dev/mem can of
> > course support this use (just mmap the page with the relevant cache
> > line). However, it could also be a separate device which could
> > have looser permissions than /dev/mem; or a set of ioctls on
> > /dev/mem with a separate kill switch, because no data would ever be
> > have modified or returned to user space.
> >
> > Either way, though, we found that it would share a lot of code with
> > the /dev/mem implementation, and as such fixing up the underlying
> > machinery is the sanest way to upstream this.
>
> To me that cache flush thing sounds obscure (but still useful) enough
> to justify a new ioctl over /dev/mem.
>
> Not sure it even needs a killswitch, unless there's some real
> security problem related to it.
It can be used for DoS, but if you have permission for the ioctl(), then you
probably also have easier ways to kill the system.
Petr
next prev parent reply other threads:[~2011-07-01 19:34 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-06-17 8:38 [PATCH 00/10] Enhance /dev/mem to allow read/write of arbitrary physical addresses Petr Tesarik
2011-06-17 8:46 ` [PATCH 07/10] arm: change valid_phys_addr_range's @addr param to phys_addr_t Petr Tesarik
2011-06-17 9:30 ` [PATCH 00/10] Enhance /dev/mem to allow read/write of arbitrary physical addresses Ingo Molnar
2011-06-17 9:41 ` Russell King - ARM Linux
2011-06-17 9:55 ` Petr Tesarik
2011-06-20 2:42 ` Américo Wang
2011-06-27 7:46 ` Petr Tesarik
2011-06-19 23:02 ` Ryan Mallon
2011-06-19 23:44 ` H. Peter Anvin
2011-06-20 7:41 ` Ingo Molnar
2011-06-20 15:59 ` H. Peter Anvin
2011-06-20 16:40 ` Ingo Molnar
2011-06-20 16:44 ` H. Peter Anvin
2011-06-21 6:55 ` Srivatsa Vaddagiri
2011-06-20 0:42 ` Matthew Wilcox
2011-06-20 0:46 ` Ryan Mallon
2011-06-20 0:52 ` Matthew Wilcox
2011-06-20 1:02 ` Ryan Mallon
2011-06-20 7:31 ` Ingo Molnar
2011-06-20 8:03 ` Ryan Mallon
2011-06-20 17:10 ` Ray Lee
2011-06-29 9:05 ` Petr Tesarik
2011-07-01 12:58 ` Ingo Molnar
2011-07-01 13:43 ` Petr Tesarik
2011-07-01 13:47 ` Christoph Hellwig
2011-07-01 14:37 ` Ingo Molnar
2011-07-01 14:41 ` Christoph Hellwig
2011-07-01 14:46 ` Ingo Molnar
2011-07-01 14:54 ` Petr Tesarik
2011-07-01 15:36 ` Ingo Molnar
2011-07-01 16:00 ` H. Peter Anvin
2011-07-01 16:13 ` Ingo Molnar
2011-07-01 19:34 ` Petr Tesarik [this message]
2011-07-01 19:56 ` Ingo Molnar
2011-07-01 20:44 ` Petr Tesarik
2011-07-03 19:46 ` Ingo Molnar
2011-07-05 17:49 ` Matthew Garrett
2011-07-05 17:56 ` H. Peter Anvin
2011-07-05 22:34 ` H. Peter Anvin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201107012134.45881.ptesarik@suse.cz \
--to=ptesarik@suse.cz \
--cc=linux-arm-kernel@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).