Commit 087aaffc authored by Nicolas Pitre's avatar Nicolas Pitre Committed by Nicolas Pitre

ARM: implement CONFIG_STRICT_DEVMEM by disabling access to RAM via /dev/mem

There are very few legitimate use cases, if any, for directly accessing
system RAM through /dev/mem.  So let's mimic what they do on x86 and
forbid it when CONFIG_STRICT_DEVMEM is turned on.
Signed-off-by: default avatarNicolas Pitre <nicolas.pitre@linaro.org>
parent 7c63984b
...@@ -2,6 +2,20 @@ menu "Kernel hacking" ...@@ -2,6 +2,20 @@ menu "Kernel hacking"
source "lib/Kconfig.debug" source "lib/Kconfig.debug"
config STRICT_DEVMEM
bool "Filter access to /dev/mem"
depends on MMU
---help---
If this option is disabled, you allow userspace (root) access to all
of memory, including kernel and userspace memory. Accidental
access to this is obviously disastrous, but specific access can
be used by people debugging the kernel.
If this option is switched on, the /dev/mem file only allows
userspace access to memory mapped peripherals.
If in doubt, say Y.
# RMK wants arm kernels compiled with frame pointers or stack unwinding. # RMK wants arm kernels compiled with frame pointers or stack unwinding.
# If you know what you are doing and are willing to live without stack # If you know what you are doing and are willing to live without stack
# traces, you can get a slightly smaller kernel by setting this option to # traces, you can get a slightly smaller kernel by setting this option to
......
...@@ -294,6 +294,7 @@ extern void pci_iounmap(struct pci_dev *dev, void __iomem *addr); ...@@ -294,6 +294,7 @@ extern void pci_iounmap(struct pci_dev *dev, void __iomem *addr);
#define ARCH_HAS_VALID_PHYS_ADDR_RANGE #define ARCH_HAS_VALID_PHYS_ADDR_RANGE
extern int valid_phys_addr_range(unsigned long addr, size_t size); extern int valid_phys_addr_range(unsigned long addr, size_t size);
extern int valid_mmap_phys_addr_range(unsigned long pfn, size_t size); extern int valid_mmap_phys_addr_range(unsigned long pfn, size_t size);
extern int devmem_is_allowed(unsigned long pfn);
#endif #endif
/* /*
......
...@@ -144,3 +144,25 @@ int valid_mmap_phys_addr_range(unsigned long pfn, size_t size) ...@@ -144,3 +144,25 @@ int valid_mmap_phys_addr_range(unsigned long pfn, size_t size)
{ {
return !(pfn + (size >> PAGE_SHIFT) > 0x00100000); return !(pfn + (size >> PAGE_SHIFT) > 0x00100000);
} }
#ifdef CONFIG_STRICT_DEVMEM
#include <linux/ioport.h>
/*
* devmem_is_allowed() checks to see if /dev/mem access to a certain
* address is valid. The argument is a physical page number.
* We mimic x86 here by disallowing access to system RAM as well as
* device-exclusive MMIO regions. This effectively disable read()/write()
* on /dev/mem.
*/
int devmem_is_allowed(unsigned long pfn)
{
if (iomem_is_exclusive(pfn << PAGE_SHIFT))
return 0;
if (!page_is_ram(pfn))
return 1;
return 0;
}
#endif
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment