From: Krzysztof Halasa <khc@pm.waw.pl>
To: "Henrique de Moraes Holschuh" <hmh@hmh.eng.br>
Cc: "Andi Kleen" <andi@firstfloor.org>,
"Robert Hancock" <hancockrwd@gmail.com>,
"Anton D. Kachalov" <mouse@mayc.ru>,
linux-kernel@vger.kernel.org
Subject: Re: Reading /dev/mem by dd
Date: Thu, 12 Nov 2009 22:07:22 +0100 [thread overview]
Message-ID: <m3639flaet.fsf@intrepid.localdomain> (raw)
In-Reply-To: <1258047454.16197.1344913359@webmail.messagingengine.com> (Henrique de Moraes Holschuh's message of "Thu, 12 Nov 2009 15:37:34 -0200")
"Henrique de Moraes Holschuh" <hmh@hmh.eng.br> writes:
> In this case, the problem seems to be access over /dev/mem to stuff the
> kernel is already taking care of.
Not sure if local APIC counts as "PCI space and the BIOS code and data
regions" but:
$ grep STRICT_DEVMEM -A 15 arch/x86/Kconfig.debug
config STRICT_DEVMEM
bool "Filter access to /dev/mem"
---help---
If this option is disabled, you allow userspace (root) access to all
of memory, including kernel and userspace memory. Accidental
access to this is obviously disastrous, but specific access can
be used by people debugging the kernel. Note that with PAT support
enabled, even in this case there are restrictions on /dev/mem
use due to the cache aliasing requirements.
If this option is switched on, the /dev/mem file only allows
userspace access to PCI space and the BIOS code and data regions.
This is sufficient for dosemu and X and all common users of
/dev/mem.
If in doubt, say Y.
> Certainly "as safe as possible" does
> not have to mean making /dev/mem useless for whatever good uses it has.
For debugging you need absolutely full access to whole address space(s).
One mistake (or intentional action) and the system is dead, this is by
design. It's BTW not very dangerous, compared to accessing flash
ROM/EEPROM/"fuses"/FPGA/CPLD/etc.
--
Krzysztof Halasa
next prev parent reply other threads:[~2009-11-12 21:07 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-11 14:36 Reading /dev/mem by dd Anton D. Kachalov
2009-11-11 16:20 ` Américo Wang
2009-11-12 15:46 ` Anton D. Kachalov
2009-11-11 21:09 ` Robert Hancock
2009-11-12 2:12 ` Henrique de Moraes Holschuh
2009-11-12 11:09 ` Alan Cox
2009-11-12 16:06 ` Henrique de Moraes Holschuh
2009-11-12 17:52 ` Alan Cox
2009-11-12 16:44 ` Andi Kleen
2009-11-12 17:37 ` Henrique de Moraes Holschuh
2009-11-12 17:49 ` Alan Cox
2009-11-12 17:57 ` Henrique de Moraes Holschuh
2009-11-12 18:13 ` Alan Cox
2009-11-12 20:02 ` Henrique de Moraes Holschuh
2009-11-12 20:06 ` Alan Cox
2009-11-12 21:07 ` Krzysztof Halasa [this message]
2009-11-12 21:29 ` Cyrill Gorcunov
-- strict thread matches above, loose matches on Subject: below --
2010-02-16 8:35 Nameer Yarkon
2010-02-16 8:41 ` Andi Kleen
2010-02-16 9:03 ` Nameer Yarkon
2010-02-16 12:31 ` Alan Cox
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m3639flaet.fsf@intrepid.localdomain \
--to=khc@pm.waw.pl \
--cc=andi@firstfloor.org \
--cc=hancockrwd@gmail.com \
--cc=hmh@hmh.eng.br \
--cc=linux-kernel@vger.kernel.org \
--cc=mouse@mayc.ru \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox