x86: introduce /dev/mem restrictions with a config option

source "lib/Kconfig.debug"

config NONPROMISC_DEVMEM

	bool "Disable promiscuous /dev/mem"

	default y

	help

	  The /dev/mem file by default only allows userspace access to PCI

	  space and the BIOS code and data regions. This is sufficient for

	  dosemu and X and all common users of /dev/mem. With this config

	  option, you allow userspace access to all of memory, including

	  kernel and userspace memory. Accidental access to this is

	  obviously disasterous, but specific access can be used by people

	  debugging the kernel.

config EARLY_PRINTK

	bool "Early printk" if EMBEDDED

	default y

	return 0;

}

/*

 * devmem_is_allowed() checks to see if /dev/mem access to a certain address

 * is valid. The argument is a physical page number.

 *

 *

 * On x86, access has to be given to the first megabyte of ram because that area

 * contains bios code and data regions used by X and dosemu and similar apps.

 * Access has to be given to non-kernel-ram areas as well, these contain the PCI

 * mmio resources as well as potential bios/acpi data regions.

 */

int devmem_is_allowed(unsigned long pagenr)

{

	if (pagenr <= 256)

		return 1;

	if (!page_is_ram(pagenr))

		return 1;

	return 0;

}

#ifdef CONFIG_HIGHMEM

pte_t *kmap_pte;

pgprot_t kmap_prot;

#endif /* CONFIG_MEMORY_HOTPLUG */

/*

 * devmem_is_allowed() checks to see if /dev/mem access to a certain address

 * is valid. The argument is a physical page number.

 *

 *

 * On x86, access has to be given to the first megabyte of ram because that area

 * contains bios code and data regions used by X and dosemu and similar apps.

 * Access has to be given to non-kernel-ram areas as well, these contain the PCI

 * mmio resources as well as potential bios/acpi data regions.

 */

int devmem_is_allowed(unsigned long pagenr)

{

	if (pagenr <= 256)

		return 1;

	if (!page_is_ram(pagenr))

		return 1;

	return 0;

}

static struct kcore_list kcore_mem, kcore_vmalloc, kcore_kernel,

			 kcore_modules, kcore_vsyscall;

}

#endif

#ifdef CONFIG_NONPROMISC_DEVMEM

static inline int range_is_allowed(unsigned long from, unsigned long to)

{

	unsigned long cursor;

	cursor = from >> PAGE_SHIFT;

	while ((cursor << PAGE_SHIFT) < to) {

		if (!devmem_is_allowed(cursor)) {

			printk(KERN_INFO "Program %s tried to read /dev/mem "

				"between %lx->%lx.\n",

				current->comm, from, to);

			return 0;

		}

		cursor++;

	}

	return 1;

}

#else

static inline int range_is_allowed(unsigned long from, unsigned long to)

{

	return 1;

}

#endif

/*

 * This funcion reads the *physical* memory. The f_pos points directly to the 

 * memory location. 

		 */

		ptr = xlate_dev_mem_ptr(p);

		if (!range_is_allowed(p, p+count))

			return -EPERM;

		if (copy_to_user(buf, ptr, sz))

			return -EFAULT;

		buf += sz;

		 */

		ptr = xlate_dev_mem_ptr(p);

		if (!range_is_allowed(p, p+sz))

			return -EPERM;

		copied = copy_from_user(ptr, buf, sz);

		if (copied) {

			written += sz - copied;

#ifndef __ASSEMBLY__

extern int page_is_ram(unsigned long pagenr);

extern int devmem_is_allowed(unsigned long pagenr);

extern unsigned long max_pfn_mapped;