lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 24 Nov 2015 16:50:41 -0800 From: Kees Cook <keescook@...omium.org> To: Andrew Morton <akpm@...ux-foundation.org> Cc: Dan Williams <dan.j.williams@...el.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, linux-arch <linux-arch@...r.kernel.org>, Russell King <linux@....linux.org.uk>, Arnd Bergmann <arnd@...db.de>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, Ingo Molnar <mingo@...hat.com>, "linux-arm-kernel@...ts.infradead.org" <linux-arm-kernel@...ts.infradead.org> Subject: Re: [PATCH v2 2/2] restrict /dev/mem to idle io memory ranges On Tue, Nov 24, 2015 at 4:47 PM, Andrew Morton <akpm@...ux-foundation.org> wrote: > On Tue, 24 Nov 2015 16:34:19 -0800 Dan Williams <dan.j.williams@...el.com> wrote: > >> > IOW, a very good description of the problem-being-solved would help out >> > a lot here... >> >> I'll fold the eventual result of this discussion into the changelog if >> I can convince you it's worth moving forward. > > I'm easily convinced ;) Please let's get all the info into the right > place, make sure it answers the thus-far-asked questions (at least) and > we'll take it from there. > > And please do have a think about switching as much as possible over to > runtime-configurability. Because "please echo foo > /proc" is a heck > of a lot nicer than "please reboot with iomem=" which is a heck of a lot > nicer than "please ask vendor for a new kernel". I think run-time config for this should be an as-needed case. Nothing should be fiddling with this memory from userspace anyway -- a driver covering it should be unloaded first. And, with my dosemu maintainer hat on, If you're using dosemu in a mode where this will cause a problem, you are already running a custom kernel. :) And that said, if someone can actually produce a case where we need this runtime configurable, I'm all for it. I just don't think we need to design it in right now. -Kees -- Kees Cook Chrome OS & Brillo Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists