[PATCH] powerpc/mm: add devmem_is_allowed() for STRICT_DEVMEM checking
Provide devmem_is_allowed() routine to restrict access to kernel
memory from userspace.
Set CONFIG_STRICT_DEVMEM config option to switch on checking.
Signed-off-by: Steve Best sfb...@us.ibm.com
diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug
index e72dcf6..e1aab6b 100644
--- a/arch/powerpc/Kconfig.debug
+++ b/arch/powerpc/Kconfig.debug
@@ -283,4 +283,15 @@ config PPC_EARLY_DEBUG_CPM_ADDR
platform probing is done, all platforms selected must
share the same address.
+config STRICT_DEVMEM
+def_bool y
+prompt Filter access to /dev/mem
+---help---
+ This option restricts access to /dev/mem. If this option is
+ disabled, you allow userspace access to all memory, including
+ kernel and userspace memory.
+ Memory access is required for experts who want to debug the kernel.
+
+ If you are unsure, say Y.
+
endmenu
diff --git a/arch/powerpc/include/asm/page.h b/arch/powerpc/include/asm/page.h
index 2cd664e..dc2ec96 100644
--- a/arch/powerpc/include/asm/page.h
+++ b/arch/powerpc/include/asm/page.h
@@ -261,6 +261,7 @@ extern void clear_user_page(void *page, unsigned long
vaddr, struct page *pg);
extern void copy_user_page(void *to, void *from, unsigned long vaddr,
struct page *p);
extern int page_is_ram(unsigned long pfn);
+extern int devmem_is_allowed(unsigned long pfn);
#ifdef CONFIG_PPC_SMLPAR
void arch_free_page(struct page *page, int order);
diff --git a/arch/powerpc/mm/mem.c b/arch/powerpc/mm/mem.c
index 29d4dde..b1a6233 100644
--- a/arch/powerpc/mm/mem.c
+++ b/arch/powerpc/mm/mem.c
@@ -520,3 +520,21 @@ void update_mmu_cache(struct vm_area_struct *vma, unsigned
long address,
hash_preload(vma-vm_mm, address, access, trap);
#endif /* CONFIG_PPC_STD_MMU */
}
+
+/*
+ * devmem_is_allowed() checks to see if /dev/mem access to a certain address
+ * is valid. The argument is a physical page number.
+ *
+ * On PowerPC, access has to be given to data regions used by X. We have to
+ * disallow access to device-exclusive MMIO regions and system RAM.
+ */
+int devmem_is_allowed(unsigned long pfn)
+{
+if ((pfn = 57360 || pfn = 57392))
+return 1;
+if (iomem_is_exclusive(pfn PAGE_SHIFT))
+return 0;
+if (!page_is_ram(pfn))
+return 1;
+return 0;
+}
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
Re: [PATCH] powerpc/mm: add devmem_is_allowed() for STRICT_DEVMEM checking
On Tue, 2011-06-14 at 12:30 -0500, Nathan Lynch wrote:
Hi Steve,
On Tue, 2011-06-14 at 12:58 -0400, Steve Best wrote:
diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug
index e72dcf6..e1aab6b 100644
--- a/arch/powerpc/Kconfig.debug
+++ b/arch/powerpc/Kconfig.debug
@@ -283,4 +283,15 @@ config PPC_EARLY_DEBUG_CPM_ADDR
platform probing is done, all platforms selected must
share the same address.
+config STRICT_DEVMEM
+def_bool y
Default new config items to n, please.
ok
--- a/arch/powerpc/mm/mem.c
+++ b/arch/powerpc/mm/mem.c
@@ -520,3 +520,21 @@ void update_mmu_cache(struct vm_area_struct *vma,
unsigned long address,
hash_preload(vma-vm_mm, address, access, trap);
#endif /* CONFIG_PPC_STD_MMU */
}
+
+/*
+ * devmem_is_allowed() checks to see if /dev/mem access to a certain
address
+ * is valid. The argument is a physical page number.
+ *
+ * On PowerPC, access has to be given to data regions used by X. We have to
+ * disallow access to device-exclusive MMIO regions and system RAM.
+ */
+int devmem_is_allowed(unsigned long pfn)
+{
+if ((pfn = 57360 || pfn = 57392))
+return 1;
That seems... fragile. Where do these numbers come from, and are they
appropriate for all platforms and configurations?
This is the range I got from testing pseries blades and servers. maybe
there is a better way to get this range anyone know of a way?
-Steve
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
Re: [PATCH] powerpc/mm: add devmem_is_allowed() for STRICT_DEVMEM checking
On Mon, 2011-01-31 at 13:40 -0600, Scott Wood wrote:
On Mon, 31 Jan 2011 14:16:00 -0500
Steve Best sfb...@us.ibm.com wrote:
Provide devmem_is_allowed() routine to restrict access to kernel
memory from userspace.
Set CONFIG_STRICT_DEVMEM config option to switch on checking.
Signed-off-by: Steve Best sfb...@us.ibm.com
diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug
index 2d38a50..6805d5d 100644
--- a/arch/powerpc/Kconfig.debug
+++ b/arch/powerpc/Kconfig.debug
@@ -299,4 +299,16 @@ config PPC_EARLY_DEBUG_CPM_ADDR
platform probing is done, all platforms selected must
share the same address.
+config STRICT_DEVMEM
+def_bool y
+prompt Filter access to /dev/mem
+---help---
+ This option restricts access to /dev/mem. If this option is
+ disabled, you allow userspace access to all memory, including
+ kernel and userspace memory. Accidental memory access is likely
+ to be disastrous.
+ Memory access is required for experts who want to debug the
kernel.
+
+ If you are unsure, say Y.
+
endmenu
diff --git a/arch/powerpc/include/asm/page.h
b/arch/powerpc/include/asm/page.h
index 53b64be..f225032 100644
--- a/arch/powerpc/include/asm/page.h
+++ b/arch/powerpc/include/asm/page.h
@@ -262,6 +262,11 @@ extern void copy_user_page(void *to, void *from,
unsigned long vaddr,
struct page *p);
extern int page_is_ram(unsigned long pfn);
+static inline int devmem_is_allowed(unsigned long pfn)
+{
+return 0;
+}
+
I don't see how this is a sane thing to turn on by default (you're not
restricting it, BTW -- you're completely disabling it with that
implementation of devmem_is_allowed). It will break anything that
uses /dev/mem to access I/O,
could you expand on what I/O depends on /dev/mem, so I can take
that into account?
possibly including desktoppy stuff like X
servers,
you are right just found out that X needs to access it. will
take that into account
as well as lots of stuff that goes on in embedded setups.
could you explain more about what needs access to /dev/mem in
the embedded setups?
You need to be root to access /dev/mem, and root has plenty of
other options for causing disastrous results. You don't just stumble
onto /dev/mem by accident.
-Scott
-Steve
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
[PATCH] powerpc/mm: add devmem_is_allowed() for STRICT_DEVMEM checking
Provide devmem_is_allowed() routine to restrict access to kernel
memory from userspace.
Set CONFIG_STRICT_DEVMEM config option to switch on checking.
Signed-off-by: Steve Best sfb...@us.ibm.com
diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug
index 2d38a50..6805d5d 100644
--- a/arch/powerpc/Kconfig.debug
+++ b/arch/powerpc/Kconfig.debug
@@ -299,4 +299,16 @@ config PPC_EARLY_DEBUG_CPM_ADDR
platform probing is done, all platforms selected must
share the same address.
+config STRICT_DEVMEM
+def_bool y
+prompt Filter access to /dev/mem
+---help---
+ This option restricts access to /dev/mem. If this option is
+ disabled, you allow userspace access to all memory, including
+ kernel and userspace memory. Accidental memory access is likely
+ to be disastrous.
+ Memory access is required for experts who want to debug the kernel.
+
+ If you are unsure, say Y.
+
endmenu
diff --git a/arch/powerpc/include/asm/page.h b/arch/powerpc/include/asm/page.h
index 53b64be..f225032 100644
--- a/arch/powerpc/include/asm/page.h
+++ b/arch/powerpc/include/asm/page.h
@@ -262,6 +262,11 @@ extern void copy_user_page(void *to, void *from, unsigned
long vaddr,
struct page *p);
extern int page_is_ram(unsigned long pfn);
+static inline int devmem_is_allowed(unsigned long pfn)
+{
+return 0;
+}
+
#ifdef CONFIG_PPC_SMLPAR
void arch_free_page(struct page *page, int order);
#define HAVE_ARCH_FREE_PAGE
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
Re: [PATCH] powerpc: Fix integer constant warning
On Tue, 2010-06-08 at 14:12 +0100, David Howells wrote: Steve Best sfb...@us.ibm.com wrote: -#define KERNELBASE (0xc000) +#define KERNELBASE (0xc000ULL) Is this the right fix? The code producing the warning is subtracting 0xc000 from a 32-bit number: agree this fix needs more work, and can be dropped. Paul has another patch that removes this file, since it is no longer used. I assume we'll go with that patch. naca = ntohl(*((u_int32_t*) inbuf[0x0C])) - KERNELBASE; which seems distinctly odd. David -Steve ___ Linuxppc-dev mailing list Linuxppc-dev@lists.ozlabs.org https://lists.ozlabs.org/listinfo/linuxppc-dev
[PATCH] powerpc: Fix integer constant warning
Fix ppc arch/powerpc/boot/addRamDisk.c:277: warning: integer constant
is too large for 'long' type
Signed-off-by: Steve Best sfb...@us.ibm.com
diff -purN linux.2.6.orig/arch/powerpc/boot/addRamDisk.c
linux.2.6/arch/powerpc/boot/addRamDisk.c
--- linux.2.6.orig/arch/powerpc/boot/addRamDisk.c 2010-06-07
15:20:41.763844095 -0400
+++ linux.2.6/arch/powerpc/boot/addRamDisk.c2010-06-07 15:27:15.165100339
-0400
@@ -9,7 +9,7 @@
#define ElfHeaderSize (64 * 1024)
#define ElfPages (ElfHeaderSize / 4096)
-#define KERNELBASE (0xc000)
+#define KERNELBASE (0xc000ULL)
#define _ALIGN_UP(addr,size) (((addr)+((size)-1))(~((size)-1)))
struct addr_range {
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
