| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200710055124.GA30265@infradead.org>
Date: Fri, 10 Jul 2020 06:51:24 +0100
From: Christoph Hellwig <hch@...radead.org>
To: Nick Kossifidis <mick@....forth.gr>
Cc: Christoph Hellwig <hch@...radead.org>,
Mike Rapoport <rppt@...ux.ibm.com>, mark.rutland@....com,
steve@....org, gregory.0xf0@...il.com, catalin.marinas@....com,
linus.walleij@...aro.org,
Palmer Dabbelt <palmerdabbelt@...gle.com>,
zaslonko@...ux.ibm.com, glider@...gle.com, krzk@...nel.org,
zong.li@...ive.com, mchehab+samsung@...nel.org,
linux-riscv@...ts.infradead.org, alex.shi@...ux.alibaba.com,
will@...nel.org, ardb@...nel.org, linux-arch@...r.kernel.org,
paulmck@...nel.org, alex@...ti.fr, bgolaszewski@...libre.com,
masahiroy@...nel.org, linux@...linux.org.uk, willy@...radead.org,
takahiro.akashi@...aro.org, james.morse@....com,
kernel-team@...roid.com, Arnd Bergmann <arnd@...db.de>,
pmladek@...e.com, elver@...gle.com, aou@...s.berkeley.edu,
keescook@...omium.org, uwe@...ine-koenig.org, rostedt@...dmis.org,
broonie@...nel.org, davidgow@...gle.com,
Paul Walmsley <paul.walmsley@...ive.com>,
dan.j.williams@...el.com, andriy.shevchenko@...ux.intel.com,
gxt@....edu.cn, linux-arm-kernel@...ts.infradead.org,
Nick Desaulniers <ndesaulniers@...gle.com>, tglx@...utronix.de,
rdunlap@...radead.org, matti.vaittinen@...rohmeurope.com,
linux-kernel@...r.kernel.org, mcgrof@...nel.org,
Palmer Dabbelt <palmer@...belt.com>, mhiramat@...nel.org,
akpm@...ux-foundation.org, davem@...emloft.net
Subject: Re: [PATCH 1/5] lib: Add a generic version of devmem_is_allowed()
On Fri, Jul 10, 2020 at 08:48:17AM +0300, Nick Kossifidis wrote:
> ???????? 2020-07-10 08:38, Christoph Hellwig ????????????:
> > On Thu, Jul 09, 2020 at 11:49:21PM +0300, Mike Rapoport wrote:
> > > > +#ifndef CONFIG_GENERIC_DEVMEM_IS_ALLOWED
> > > > +extern int devmem_is_allowed(unsigned long pfn);
> > > > +#endif
> >
> > Nit: no need for the extern here.
> >
> > > > +config GENERIC_LIB_DEVMEM_IS_ALLOWED
> > > > + bool
> > > > + select ARCH_HAS_DEVMEM_IS_ALLOWED
> > >
> > > This seems to work the other way around from the usual Kconfig chains.
> > > In the most cases ARCH_HAS_SOMETHING selects GENERIC_SOMETHING.
> > >
> > > I believe nicer way would be to make
> > >
> > > config STRICT_DEVMEM
> > > bool "Filter access to /dev/mem"
> > > depends on MMU && DEVMEM
> > > depends on ARCH_HAS_DEVMEM_IS_ALLOWED ||
> > > GENERIC_LIB_DEVMEM_IS_ALLOWED
> > >
> > > config GENERIC_LIB_DEVMEM_IS_ALLOWED
> > > bool
> > >
> > > and then s/select ARCH_HAS_DEVMEM_IS_ALLOWED/select
> > > GENERIC_LIB_DEVMEM_IS_ALLOWED/
> > > in the arch Kconfigs and drop ARCH_HAS_DEVMEM_IS_ALLOWED in the end.
> >
> > To take a step back: Is there any reason to not just always
> > STRICT_DEVMEM? Maybe for a few architectures that don't currently
> > support a strict /dev/mem the generic version isn't quite correct, but
> > someone selecting the option and finding the issue is the best way to
> > figure that out..
> >
>
> During prototyping / testing having full access to all physical memory
> through /dev/mem is very useful. We should have it enabled by default but
> leave the config option there so that users / developers can disable it if
> needed IMHO.
I did not suggest to take the config option away. Just to
unconditionally allow enabling the option on all architectures.
Powered by blists - more mailing lists