Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1d54cf2b authored by sukadev@linux.vnet.ibm.com's avatar sukadev@linux.vnet.ibm.com Committed by Benjamin Herrenschmidt
Browse files

powerpc: Implement CONFIG_STRICT_DEVMEM 



As described in the help text in the patch, this token restricts general
access to /dev/mem as a way of increasing the security. Specifically, access
to exclusive IOMEM and kernel RAM is denied unless CONFIG_STRICT_DEVMEM is
set to 'n'.

Implement the 'devmem_is_allowed()' interface for Powerpc. It will be
called from range_is_allowed() when userpsace attempts to access /dev/mem.

This patch is based on an earlier patch from Steve Best and with input from
Paul Mackerras and Scott Wood.

[BenH] Fixed a typo or two and removed the generic change which should
       be submitted as a separate patch

Signed-off-by: default avatarSukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Signed-off-by: default avatarBenjamin Herrenschmidt <benh@kernel.crashing.org>
parent 56368797

arch/powerpc/Kconfig.debug

+12 −0
Original line number Diff line number Diff line
@@ -336,4 +336,16 @@ config PPC_EARLY_DEBUG_CPM_ADDR 
	  platform probing is done, all platforms selected must

	  share the same address.



config STRICT_DEVMEM

	def_bool y

	prompt "Filter access to /dev/mem"

	help

	  This option restricts access to /dev/mem.  If this option is

	  disabled, you allow userspace access to all memory, including

	  kernel and userspace memory. Accidental memory access is likely

	  to be disastrous.

	  Memory access is required for experts who want to debug the kernel.



	  If you are unsure, say Y.



endmenu

arch/powerpc/include/asm/page.h

+1 −0
Original line number Diff line number Diff line
@@ -290,6 +290,7 @@ extern void clear_user_page(void *page, unsigned long vaddr, struct page *pg); 
extern void copy_user_page(void *to, void *from, unsigned long vaddr,

		struct page *p);

extern int page_is_ram(unsigned long pfn);

extern int devmem_is_allowed(unsigned long pfn);



#ifdef CONFIG_PPC_SMLPAR

void arch_free_page(struct page *page, int order);

arch/powerpc/mm/mem.c

+18 −0
Original line number Diff line number Diff line
@@ -585,3 +585,21 @@ static int add_system_ram_resources(void) 
	return 0;

}

subsys_initcall(add_system_ram_resources);



#ifdef CONFIG_STRICT_DEVMEM

/*

 * devmem_is_allowed(): check to see if /dev/mem access to a certain address

 * is valid. The argument is a physical page number.

 *

 * Access has to be given to non-kernel-ram areas as well, these contain the

 * PCI mmio resources as well as potential bios/acpi data regions.

 */

int devmem_is_allowed(unsigned long pfn)

{

	if (iomem_is_exclusive(pfn << PAGE_SHIFT))

		return 0;

	if (!page_is_ram(pfn))

		return 1;

	return 0;

}

#endif /* CONFIG_STRICT_DEVMEM */