lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110620164045.GB10815@elte.hu>
Date:	Mon, 20 Jun 2011 18:40:45 +0200
From:	Ingo Molnar <mingo@...e.hu>
To:	"H. Peter Anvin" <hpa@...or.com>
Cc:	Ryan Mallon <rmallon@...il.com>, Petr Tesarik <ptesarik@...e.cz>,
	Andrew Morton <akpm@...ux-foundation.org>,
	Fenghua Yu <fenghua.yu@...el.com>,
	Ingo Molnar <mingo@...hat.com>,
	Paul Mundt <lethal@...ux-sh.org>,
	Russell King <linux@....linux.org.uk>,
	Thomas Gleixner <tglx@...utronix.de>,
	Tony Luck <tony.luck@...el.com>, x86@...nel.org,
	linux-arm-kernel@...ts.infradead.org, linux-ia64@...r.kernel.org,
	linux-sh@...r.kernel.org, linux-kernel@...r.kernel.org,
	Arjan van de Ven <arjan@...radead.org>,
	Dave Jones <davej@...hat.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH 00/10] Enhance /dev/mem to allow read/write of arbitrary
 physical addresses


* H. Peter Anvin <hpa@...or.com> wrote:

> On 06/20/2011 12:41 AM, Ingo Molnar wrote:
> > 
> > * H. Peter Anvin <hpa@...or.com> wrote:
> > 
> >> There are some test drivers which really want /dev/mem to work.
> > 
> > Test drivers and test hardware with zero enumeration can use below 4G 
> > addresses just fine.
> >
> > Also, debugging is not an issue and some non-default kernel or boot 
> > option can enable any sort of device i guess, so my main worry isnt 
> > really security but that we should stand in the way of the apparent 
> > practice of *shipping* user-space drivers that use /dev/mem ...
> > 
> 
> We should either fix /dev/mem to work according to its 
> specification or rip it out.  The issue with test drivers is not 
> spurious... I ran into this one myself a few weeks ago while trying 
> to do a memory test (by limiting the amount of memory available to 
> the kernel).  This is something that is typically done on factory 
> floors, and it would be nice to be able to get those environments 
> over to using Linux.

There is no reason why they couldnt use a .config option or a boot 
option to get their weird stuff going, which weird stuff also happens 
to be useful.

What i'm somewhat against is having this enabled by default for weird 
stuff that also happens to be harmful - and the fact that it never 
worked over 4G physical gives us the perfect opportunity to do just 
that.

Thanks,

	Ingo
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ