| Message ID | 20151122035702.9313.52457.stgit@dwillia2-desk3.jf.intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
* Dan Williams <dan.j.williams@intel.com> wrote: > Let all the archs that implement CONFIG_STRICT_DEVM use a common > definition in lib/Kconfig.debug. For the x86 bit: Acked-by: Ingo Molnar <mingo@kernel.org> > Note, the 'depends on !SPARC' is due to sparc not implementing > devmem_is_allowed(). Maybe that should be converted into a helper Kconfig switch for architectures to opt in to /dev/mem restrictions? Thanks, Ingo
On Sat, Nov 21, 2015 at 07:57:02PM -0800, Dan Williams wrote: > Let all the archs that implement CONFIG_STRICT_DEVM use a common > definition in lib/Kconfig.debug. > > Note, the 'depends on !SPARC' is due to sparc not implementing > devmem_is_allowed(). > > Cc: Kees Cook <keescook@chromium.org> > Cc: Russell King <linux@arm.linux.org.uk> > Cc: Catalin Marinas <catalin.marinas@arm.com> > Cc: Will Deacon <will.deacon@arm.com> > Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> > Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> > Cc: Heiko Carstens <heiko.carstens@de.ibm.com> > Cc: Thomas Gleixner <tglx@linutronix.de> > Cc: Ingo Molnar <mingo@redhat.com> > Cc: "H. Peter Anvin" <hpa@zytor.com> > Cc: Andrew Morton <akpm@linux-foundation.org> > Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> > Cc: "David S. Miller" <davem@davemloft.net> > Suggested-by: Arnd Bergmann <arnd@arndb.de> > Signed-off-by: Dan Williams <dan.j.williams@intel.com> > --- > arch/arm/Kconfig.debug | 14 -------------- > arch/arm64/Kconfig.debug | 14 -------------- > arch/powerpc/Kconfig.debug | 12 ------------ > arch/s390/Kconfig.debug | 12 ------------ > arch/tile/Kconfig | 3 --- > arch/unicore32/Kconfig.debug | 14 -------------- > arch/x86/Kconfig.debug | 17 ----------------- > lib/Kconfig.debug | 19 +++++++++++++++++++ > 8 files changed, 19 insertions(+), 86 deletions(-) For s390 Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com> > diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug > index 8c15b29d5adc..ad85145d0047 100644 > --- a/lib/Kconfig.debug > +++ b/lib/Kconfig.debug > @@ -1853,3 +1853,22 @@ source "samples/Kconfig" > > source "lib/Kconfig.kgdb" > > +config STRICT_DEVMEM > + bool "Filter access to /dev/mem" > + depends on MMU > + depends on !SPARC > + default y if TILE || PPC || S390 I wouldn't mind if you would remove s390 from this list.
On Sat, Nov 21, 2015 at 07:57:02PM -0800, Dan Williams wrote: > diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug > index 04fb73b973f1..e13c4bf84d9e 100644 > --- a/arch/arm64/Kconfig.debug > +++ b/arch/arm64/Kconfig.debug > @@ -14,20 +14,6 @@ config ARM64_PTDUMP > kernel. > If in doubt, say "N" > > -config STRICT_DEVMEM > - bool "Filter access to /dev/mem" > - depends on MMU > - help > - If this option is disabled, you allow userspace (root) access to all > - of memory, including kernel and userspace memory. Accidental > - access to this is obviously disastrous, but specific access can > - be used by people debugging the kernel. > - > - If this option is switched on, the /dev/mem file only allows > - userspace access to memory mapped peripherals. > - > - If in doubt, say Y. > - > config PID_IN_CONTEXTIDR > bool "Write the current PID to the CONTEXTIDR register" > help For arm64: Acked-by: Catalin Marinas <catalin.marinas@arm.com>
On Mon, Nov 23, 2015 at 1:53 AM, Heiko Carstens <heiko.carstens@de.ibm.com> wrote: > On Sat, Nov 21, 2015 at 07:57:02PM -0800, Dan Williams wrote: >> Let all the archs that implement CONFIG_STRICT_DEVM use a common >> definition in lib/Kconfig.debug. >> >> Note, the 'depends on !SPARC' is due to sparc not implementing >> devmem_is_allowed(). >> >> Cc: Kees Cook <keescook@chromium.org> >> Cc: Russell King <linux@arm.linux.org.uk> >> Cc: Catalin Marinas <catalin.marinas@arm.com> >> Cc: Will Deacon <will.deacon@arm.com> >> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> >> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> >> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> >> Cc: Thomas Gleixner <tglx@linutronix.de> >> Cc: Ingo Molnar <mingo@redhat.com> >> Cc: "H. Peter Anvin" <hpa@zytor.com> >> Cc: Andrew Morton <akpm@linux-foundation.org> >> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> >> Cc: "David S. Miller" <davem@davemloft.net> >> Suggested-by: Arnd Bergmann <arnd@arndb.de> >> Signed-off-by: Dan Williams <dan.j.williams@intel.com> >> --- >> arch/arm/Kconfig.debug | 14 -------------- >> arch/arm64/Kconfig.debug | 14 -------------- >> arch/powerpc/Kconfig.debug | 12 ------------ >> arch/s390/Kconfig.debug | 12 ------------ >> arch/tile/Kconfig | 3 --- >> arch/unicore32/Kconfig.debug | 14 -------------- >> arch/x86/Kconfig.debug | 17 ----------------- >> lib/Kconfig.debug | 19 +++++++++++++++++++ >> 8 files changed, 19 insertions(+), 86 deletions(-) > > For s390 > > Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com> > >> diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug >> index 8c15b29d5adc..ad85145d0047 100644 >> --- a/lib/Kconfig.debug >> +++ b/lib/Kconfig.debug >> @@ -1853,3 +1853,22 @@ source "samples/Kconfig" >> >> source "lib/Kconfig.kgdb" >> >> +config STRICT_DEVMEM >> + bool "Filter access to /dev/mem" >> + depends on MMU >> + depends on !SPARC >> + default y if TILE || PPC || S390 > > I wouldn't mind if you would remove s390 from this list. > Will do. Thanks.
On Mon, Nov 23, 2015 at 12:12 AM, Ingo Molnar <mingo@kernel.org> wrote: > > * Dan Williams <dan.j.williams@intel.com> wrote: > >> Let all the archs that implement CONFIG_STRICT_DEVM use a common >> definition in lib/Kconfig.debug. > > For the x86 bit: > > Acked-by: Ingo Molnar <mingo@kernel.org> > >> Note, the 'depends on !SPARC' is due to sparc not implementing >> devmem_is_allowed(). > > Maybe that should be converted into a helper Kconfig switch for architectures to > opt in to /dev/mem restrictions? Sure, easy enough to add a ARCH_HAS_DEVMEM_IS_ALLOWED opt-in.
On Mon, Nov 23, 2015 at 9:12 AM, Dan Williams <dan.j.williams@intel.com> wrote: > On Mon, Nov 23, 2015 at 12:12 AM, Ingo Molnar <mingo@kernel.org> wrote: >> >> * Dan Williams <dan.j.williams@intel.com> wrote: >> >>> Let all the archs that implement CONFIG_STRICT_DEVM use a common >>> definition in lib/Kconfig.debug. >> >> For the x86 bit: >> >> Acked-by: Ingo Molnar <mingo@kernel.org> >> >>> Note, the 'depends on !SPARC' is due to sparc not implementing >>> devmem_is_allowed(). >> >> Maybe that should be converted into a helper Kconfig switch for architectures to >> opt in to /dev/mem restrictions? > > Sure, easy enough to add a ARCH_HAS_DEVMEM_IS_ALLOWED opt-in. Is there some hidden meaning about the difference between ARCH_HAS_... and HAVE_ARCH_... and HAVE_... ? -Kees
* Kees Cook <keescook@chromium.org> wrote: > On Mon, Nov 23, 2015 at 9:12 AM, Dan Williams <dan.j.williams@intel.com> wrote: > > On Mon, Nov 23, 2015 at 12:12 AM, Ingo Molnar <mingo@kernel.org> wrote: > >> > >> * Dan Williams <dan.j.williams@intel.com> wrote: > >> > >>> Let all the archs that implement CONFIG_STRICT_DEVM use a common > >>> definition in lib/Kconfig.debug. > >> > >> For the x86 bit: > >> > >> Acked-by: Ingo Molnar <mingo@kernel.org> > >> > >>> Note, the 'depends on !SPARC' is due to sparc not implementing > >>> devmem_is_allowed(). > >> > >> Maybe that should be converted into a helper Kconfig switch for architectures to > >> opt in to /dev/mem restrictions? > > > > Sure, easy enough to add a ARCH_HAS_DEVMEM_IS_ALLOWED opt-in. > > Is there some hidden meaning about the difference between ARCH_HAS_... > and HAVE_ARCH_... and HAVE_... ? There's also the double underscore variants such as __HAVE_ARCH_STRNCASECMP! ;-) It's all just nonsensical historic muck: because no-one ever was confronted with the messy global picture. Today you can run Documentation/features/list-arch.sh and wonder at the zoo of options ;-) Thanks, Ingo
diff --git a/arch/arm/Kconfig.debug b/arch/arm/Kconfig.debug index 259c0ca9c99a..e356357d86bb 100644 --- a/arch/arm/Kconfig.debug +++ b/arch/arm/Kconfig.debug @@ -15,20 +15,6 @@ config ARM_PTDUMP kernel. If in doubt, say "N" -config STRICT_DEVMEM - bool "Filter access to /dev/mem" - depends on MMU - ---help--- - If this option is disabled, you allow userspace (root) access to all - of memory, including kernel and userspace memory. Accidental - access to this is obviously disastrous, but specific access can - be used by people debugging the kernel. - - If this option is switched on, the /dev/mem file only allows - userspace access to memory mapped peripherals. - - If in doubt, say Y. - # RMK wants arm kernels compiled with frame pointers or stack unwinding. # If you know what you are doing and are willing to live without stack # traces, you can get a slightly smaller kernel by setting this option to diff --git a/arch/arm64/Kconfig.debug b/arch/arm64/Kconfig.debug index 04fb73b973f1..e13c4bf84d9e 100644 --- a/arch/arm64/Kconfig.debug +++ b/arch/arm64/Kconfig.debug @@ -14,20 +14,6 @@ config ARM64_PTDUMP kernel. If in doubt, say "N" -config STRICT_DEVMEM - bool "Filter access to /dev/mem" - depends on MMU - help - If this option is disabled, you allow userspace (root) access to all - of memory, including kernel and userspace memory. Accidental - access to this is obviously disastrous, but specific access can - be used by people debugging the kernel. - - If this option is switched on, the /dev/mem file only allows - userspace access to memory mapped peripherals. - - If in doubt, say Y. - config PID_IN_CONTEXTIDR bool "Write the current PID to the CONTEXTIDR register" help diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug index 3a510f4a6b68..a0e44a9c456f 100644 --- a/arch/powerpc/Kconfig.debug +++ b/arch/powerpc/Kconfig.debug @@ -335,18 +335,6 @@ config PPC_EARLY_DEBUG_CPM_ADDR platform probing is done, all platforms selected must share the same address. -config STRICT_DEVMEM - def_bool y - prompt "Filter access to /dev/mem" - help - This option restricts access to /dev/mem. If this option is - disabled, you allow userspace access to all memory, including - kernel and userspace memory. Accidental memory access is likely - to be disastrous. - Memory access is required for experts who want to debug the kernel. - - If you are unsure, say Y. - config FAIL_IOMMU bool "Fault-injection capability for IOMMU" depends on FAULT_INJECTION diff --git a/arch/s390/Kconfig.debug b/arch/s390/Kconfig.debug index c56878e1245f..26c5d5beb4be 100644 --- a/arch/s390/Kconfig.debug +++ b/arch/s390/Kconfig.debug @@ -5,18 +5,6 @@ config TRACE_IRQFLAGS_SUPPORT source "lib/Kconfig.debug" -config STRICT_DEVMEM - def_bool y - prompt "Filter access to /dev/mem" - ---help--- - This option restricts access to /dev/mem. If this option is - disabled, you allow userspace access to all memory, including - kernel and userspace memory. Accidental memory access is likely - to be disastrous. - Memory access is required for experts who want to debug the kernel. - - If you are unsure, say Y. - config S390_PTDUMP bool "Export kernel pagetable layout to userspace via debugfs" depends on DEBUG_KERNEL diff --git a/arch/tile/Kconfig b/arch/tile/Kconfig index 106c21bd7f44..7b2d40db11fa 100644 --- a/arch/tile/Kconfig +++ b/arch/tile/Kconfig @@ -116,9 +116,6 @@ config ARCH_DISCONTIGMEM_DEFAULT config TRACE_IRQFLAGS_SUPPORT def_bool y -config STRICT_DEVMEM - def_bool y - # SMP is required for Tilera Linux. config SMP def_bool y diff --git a/arch/unicore32/Kconfig.debug b/arch/unicore32/Kconfig.debug index 1a3626239843..f075bbe1d46f 100644 --- a/arch/unicore32/Kconfig.debug +++ b/arch/unicore32/Kconfig.debug @@ -2,20 +2,6 @@ menu "Kernel hacking" source "lib/Kconfig.debug" -config STRICT_DEVMEM - bool "Filter access to /dev/mem" - depends on MMU - ---help--- - If this option is disabled, you allow userspace (root) access to all - of memory, including kernel and userspace memory. Accidental - access to this is obviously disastrous, but specific access can - be used by people debugging the kernel. - - If this option is switched on, the /dev/mem file only allows - userspace access to memory mapped peripherals. - - If in doubt, say Y. - config EARLY_PRINTK def_bool DEBUG_OCD help diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug index 137dfa96aa14..1116452fcfc2 100644 --- a/arch/x86/Kconfig.debug +++ b/arch/x86/Kconfig.debug @@ -5,23 +5,6 @@ config TRACE_IRQFLAGS_SUPPORT source "lib/Kconfig.debug" -config STRICT_DEVMEM - bool "Filter access to /dev/mem" - ---help--- - If this option is disabled, you allow userspace (root) access to all - of memory, including kernel and userspace memory. Accidental - access to this is obviously disastrous, but specific access can - be used by people debugging the kernel. Note that with PAT support - enabled, even in this case there are restrictions on /dev/mem - use due to the cache aliasing requirements. - - If this option is switched on, the /dev/mem file only allows - userspace access to PCI space and the BIOS code and data regions. - This is sufficient for dosemu and X and all common users of - /dev/mem. - - If in doubt, say Y. - config X86_VERBOSE_BOOTUP bool "Enable verbose x86 bootup info messages" default y diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 8c15b29d5adc..ad85145d0047 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -1853,3 +1853,22 @@ source "samples/Kconfig" source "lib/Kconfig.kgdb" +config STRICT_DEVMEM + bool "Filter access to /dev/mem" + depends on MMU + depends on !SPARC + default y if TILE || PPC || S390 + ---help--- + If this option is disabled, you allow userspace (root) access to all + of memory, including kernel and userspace memory. Accidental + access to this is obviously disastrous, but specific access can + be used by people debugging the kernel. Note that with PAT support + enabled, even in this case there are restrictions on /dev/mem + use due to the cache aliasing requirements. + + If this option is switched on, the /dev/mem file only allows + userspace access to PCI space and the BIOS code and data regions. + This is sufficient for dosemu and X and all common users of + /dev/mem. + + If in doubt, say Y.
Let all the archs that implement CONFIG_STRICT_DEVM use a common definition in lib/Kconfig.debug. Note, the 'depends on !SPARC' is due to sparc not implementing devmem_is_allowed(). Cc: Kees Cook <keescook@chromium.org> Cc: Russell King <linux@arm.linux.org.uk> Cc: Catalin Marinas <catalin.marinas@arm.com> Cc: Will Deacon <will.deacon@arm.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Heiko Carstens <heiko.carstens@de.ibm.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@redhat.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: "David S. Miller" <davem@davemloft.net> Suggested-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Dan Williams <dan.j.williams@intel.com> --- arch/arm/Kconfig.debug | 14 -------------- arch/arm64/Kconfig.debug | 14 -------------- arch/powerpc/Kconfig.debug | 12 ------------ arch/s390/Kconfig.debug | 12 ------------ arch/tile/Kconfig | 3 --- arch/unicore32/Kconfig.debug | 14 -------------- arch/x86/Kconfig.debug | 17 ----------------- lib/Kconfig.debug | 19 +++++++++++++++++++ 8 files changed, 19 insertions(+), 86 deletions(-)