Re: [PATCH] powerpc/mm: add devmem_is_allowed() for STRICT_DEVMEM checking
On 06/14/2011 12:04 PM, Scott Wood wrote:
On Tue, 14 Jun 2011 14:17:01 -0400
Steve Bestsfb...@us.ibm.com wrote:
On Tue, 2011-06-14 at 12:30 -0500, Nathan Lynch wrote:
Hi Steve,
On Tue, 2011-06-14 at 12:58 -0400, Steve Best wrote:
+/*
+ * devmem_is_allowed() checks to see if /dev/mem access to a certain address
+ * is valid. The argument is a physical page number.
+ *
+ * On PowerPC, access has to be given to data regions used by X. We have to
+ * disallow access to device-exclusive MMIO regions and system RAM.
+ */
+int devmem_is_allowed(unsigned long pfn)
+{
+if ((pfn= 57360 || pfn= 57392))
+return 1;
That seems... fragile. Where do these numbers come from, and are they
appropriate for all platforms and configurations?
This is the range I got from testing pseries blades and servers. maybe
there is a better way to get this range anyone know of a way?
Use iomem_is_exclusive(), as other architectures (e.g. x86, arm) do.
Anything else is both platform-specific, and inappropriate hardcoding of
policy.
x86 allows access to the first 256 pages. Are there other regions that
we should allow in power besides the !iomem_is_exclusive() region ?
-Scott
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
[PATCH] powerpc/mm: add devmem_is_allowed() for STRICT_DEVMEM checking
Provide devmem_is_allowed() routine to restrict access to kernel
memory from userspace.
Set CONFIG_STRICT_DEVMEM config option to switch on checking.
Signed-off-by: Steve Best sfb...@us.ibm.com
diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug
index e72dcf6..e1aab6b 100644
--- a/arch/powerpc/Kconfig.debug
+++ b/arch/powerpc/Kconfig.debug
@@ -283,4 +283,15 @@ config PPC_EARLY_DEBUG_CPM_ADDR
platform probing is done, all platforms selected must
share the same address.
+config STRICT_DEVMEM
+def_bool y
+prompt Filter access to /dev/mem
+---help---
+ This option restricts access to /dev/mem. If this option is
+ disabled, you allow userspace access to all memory, including
+ kernel and userspace memory.
+ Memory access is required for experts who want to debug the kernel.
+
+ If you are unsure, say Y.
+
endmenu
diff --git a/arch/powerpc/include/asm/page.h b/arch/powerpc/include/asm/page.h
index 2cd664e..dc2ec96 100644
--- a/arch/powerpc/include/asm/page.h
+++ b/arch/powerpc/include/asm/page.h
@@ -261,6 +261,7 @@ extern void clear_user_page(void *page, unsigned long
vaddr, struct page *pg);
extern void copy_user_page(void *to, void *from, unsigned long vaddr,
struct page *p);
extern int page_is_ram(unsigned long pfn);
+extern int devmem_is_allowed(unsigned long pfn);
#ifdef CONFIG_PPC_SMLPAR
void arch_free_page(struct page *page, int order);
diff --git a/arch/powerpc/mm/mem.c b/arch/powerpc/mm/mem.c
index 29d4dde..b1a6233 100644
--- a/arch/powerpc/mm/mem.c
+++ b/arch/powerpc/mm/mem.c
@@ -520,3 +520,21 @@ void update_mmu_cache(struct vm_area_struct *vma, unsigned
long address,
hash_preload(vma-vm_mm, address, access, trap);
#endif /* CONFIG_PPC_STD_MMU */
}
+
+/*
+ * devmem_is_allowed() checks to see if /dev/mem access to a certain address
+ * is valid. The argument is a physical page number.
+ *
+ * On PowerPC, access has to be given to data regions used by X. We have to
+ * disallow access to device-exclusive MMIO regions and system RAM.
+ */
+int devmem_is_allowed(unsigned long pfn)
+{
+if ((pfn = 57360 || pfn = 57392))
+return 1;
+if (iomem_is_exclusive(pfn PAGE_SHIFT))
+return 0;
+if (!page_is_ram(pfn))
+return 1;
+return 0;
+}
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
Re: [PATCH] powerpc/mm: add devmem_is_allowed() for STRICT_DEVMEM checking
Hi Steve,
On Tue, 2011-06-14 at 12:58 -0400, Steve Best wrote:
diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug
index e72dcf6..e1aab6b 100644
--- a/arch/powerpc/Kconfig.debug
+++ b/arch/powerpc/Kconfig.debug
@@ -283,4 +283,15 @@ config PPC_EARLY_DEBUG_CPM_ADDR
platform probing is done, all platforms selected must
share the same address.
+config STRICT_DEVMEM
+def_bool y
Default new config items to n, please.
--- a/arch/powerpc/mm/mem.c
+++ b/arch/powerpc/mm/mem.c
@@ -520,3 +520,21 @@ void update_mmu_cache(struct vm_area_struct *vma,
unsigned long address,
hash_preload(vma-vm_mm, address, access, trap);
#endif /* CONFIG_PPC_STD_MMU */
}
+
+/*
+ * devmem_is_allowed() checks to see if /dev/mem access to a certain address
+ * is valid. The argument is a physical page number.
+ *
+ * On PowerPC, access has to be given to data regions used by X. We have to
+ * disallow access to device-exclusive MMIO regions and system RAM.
+ */
+int devmem_is_allowed(unsigned long pfn)
+{
+if ((pfn = 57360 || pfn = 57392))
+return 1;
That seems... fragile. Where do these numbers come from, and are they
appropriate for all platforms and configurations?
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
Re: [PATCH] powerpc/mm: add devmem_is_allowed() for STRICT_DEVMEM checking
On Tue, 2011-06-14 at 12:30 -0500, Nathan Lynch wrote:
Hi Steve,
On Tue, 2011-06-14 at 12:58 -0400, Steve Best wrote:
diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug
index e72dcf6..e1aab6b 100644
--- a/arch/powerpc/Kconfig.debug
+++ b/arch/powerpc/Kconfig.debug
@@ -283,4 +283,15 @@ config PPC_EARLY_DEBUG_CPM_ADDR
platform probing is done, all platforms selected must
share the same address.
+config STRICT_DEVMEM
+def_bool y
Default new config items to n, please.
ok
--- a/arch/powerpc/mm/mem.c
+++ b/arch/powerpc/mm/mem.c
@@ -520,3 +520,21 @@ void update_mmu_cache(struct vm_area_struct *vma,
unsigned long address,
hash_preload(vma-vm_mm, address, access, trap);
#endif /* CONFIG_PPC_STD_MMU */
}
+
+/*
+ * devmem_is_allowed() checks to see if /dev/mem access to a certain
address
+ * is valid. The argument is a physical page number.
+ *
+ * On PowerPC, access has to be given to data regions used by X. We have to
+ * disallow access to device-exclusive MMIO regions and system RAM.
+ */
+int devmem_is_allowed(unsigned long pfn)
+{
+if ((pfn = 57360 || pfn = 57392))
+return 1;
That seems... fragile. Where do these numbers come from, and are they
appropriate for all platforms and configurations?
This is the range I got from testing pseries blades and servers. maybe
there is a better way to get this range anyone know of a way?
-Steve
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
Re: [PATCH] powerpc/mm: add devmem_is_allowed() for STRICT_DEVMEM checking
On Tue, 14 Jun 2011 14:17:01 -0400
Steve Best sfb...@us.ibm.com wrote:
On Tue, 2011-06-14 at 12:30 -0500, Nathan Lynch wrote:
Hi Steve,
On Tue, 2011-06-14 at 12:58 -0400, Steve Best wrote:
+/*
+ * devmem_is_allowed() checks to see if /dev/mem access to a certain
address
+ * is valid. The argument is a physical page number.
+ *
+ * On PowerPC, access has to be given to data regions used by X. We have
to
+ * disallow access to device-exclusive MMIO regions and system RAM.
+ */
+int devmem_is_allowed(unsigned long pfn)
+{
+if ((pfn = 57360 || pfn = 57392))
+return 1;
That seems... fragile. Where do these numbers come from, and are they
appropriate for all platforms and configurations?
This is the range I got from testing pseries blades and servers. maybe
there is a better way to get this range anyone know of a way?
Use iomem_is_exclusive(), as other architectures (e.g. x86, arm) do.
Anything else is both platform-specific, and inappropriate hardcoding of
policy.
-Scott
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
Re: [PATCH] powerpc/mm: add devmem_is_allowed() for STRICT_DEVMEM checking
On Mon, 2011-01-31 at 13:40 -0600, Scott Wood wrote:
On Mon, 31 Jan 2011 14:16:00 -0500
Steve Best sfb...@us.ibm.com wrote:
Provide devmem_is_allowed() routine to restrict access to kernel
memory from userspace.
Set CONFIG_STRICT_DEVMEM config option to switch on checking.
Signed-off-by: Steve Best sfb...@us.ibm.com
diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug
index 2d38a50..6805d5d 100644
--- a/arch/powerpc/Kconfig.debug
+++ b/arch/powerpc/Kconfig.debug
@@ -299,4 +299,16 @@ config PPC_EARLY_DEBUG_CPM_ADDR
platform probing is done, all platforms selected must
share the same address.
+config STRICT_DEVMEM
+def_bool y
+prompt Filter access to /dev/mem
+---help---
+ This option restricts access to /dev/mem. If this option is
+ disabled, you allow userspace access to all memory, including
+ kernel and userspace memory. Accidental memory access is likely
+ to be disastrous.
+ Memory access is required for experts who want to debug the
kernel.
+
+ If you are unsure, say Y.
+
endmenu
diff --git a/arch/powerpc/include/asm/page.h
b/arch/powerpc/include/asm/page.h
index 53b64be..f225032 100644
--- a/arch/powerpc/include/asm/page.h
+++ b/arch/powerpc/include/asm/page.h
@@ -262,6 +262,11 @@ extern void copy_user_page(void *to, void *from,
unsigned long vaddr,
struct page *p);
extern int page_is_ram(unsigned long pfn);
+static inline int devmem_is_allowed(unsigned long pfn)
+{
+return 0;
+}
+
I don't see how this is a sane thing to turn on by default (you're not
restricting it, BTW -- you're completely disabling it with that
implementation of devmem_is_allowed). It will break anything that
uses /dev/mem to access I/O,
could you expand on what I/O depends on /dev/mem, so I can take
that into account?
possibly including desktoppy stuff like X
servers,
you are right just found out that X needs to access it. will
take that into account
as well as lots of stuff that goes on in embedded setups.
could you explain more about what needs access to /dev/mem in
the embedded setups?
You need to be root to access /dev/mem, and root has plenty of
other options for causing disastrous results. You don't just stumble
onto /dev/mem by accident.
-Scott
-Steve
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
Re: [PATCH] powerpc/mm: add devmem_is_allowed() for STRICT_DEVMEM checking
On Tue, 1 Feb 2011 12:21:45 -0500 Steve Best sfb...@us.ibm.com wrote: On Mon, 2011-01-31 at 13:40 -0600, Scott Wood wrote: I don't see how this is a sane thing to turn on by default (you're not restricting it, BTW -- you're completely disabling it with that implementation of devmem_is_allowed). It will break anything that uses /dev/mem to access I/O, could you expand on what I/O depends on /dev/mem, so I can take that into account? It could be anything. You're shutting off, by default, a longstanding userspace interface, that already has adequate security protection. Even x86 doesn't default it to yes (though it does say if in doubt say Y), and when enabled x86 only restricts access to memory, not I/O. possibly including desktoppy stuff like X servers, you are right just found out that X needs to access it. will take that into account as well as lots of stuff that goes on in embedded setups. could you explain more about what needs access to /dev/mem in the embedded setups? All sorts of custom stuff -- userspace drivers, special memory regions reserved at boot, etc. If you really want this, I suggest prohibiting access only when it's an actual RAM page tracked by the kernel (maybe only when PageReserved is unset as well?), or when iomem_is_exclusive returns true. -Scott ___ Linuxppc-dev mailing list Linuxppc-dev@lists.ozlabs.org https://lists.ozlabs.org/listinfo/linuxppc-dev
[PATCH] powerpc/mm: add devmem_is_allowed() for STRICT_DEVMEM checking
Provide devmem_is_allowed() routine to restrict access to kernel
memory from userspace.
Set CONFIG_STRICT_DEVMEM config option to switch on checking.
Signed-off-by: Steve Best sfb...@us.ibm.com
diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug
index 2d38a50..6805d5d 100644
--- a/arch/powerpc/Kconfig.debug
+++ b/arch/powerpc/Kconfig.debug
@@ -299,4 +299,16 @@ config PPC_EARLY_DEBUG_CPM_ADDR
platform probing is done, all platforms selected must
share the same address.
+config STRICT_DEVMEM
+def_bool y
+prompt Filter access to /dev/mem
+---help---
+ This option restricts access to /dev/mem. If this option is
+ disabled, you allow userspace access to all memory, including
+ kernel and userspace memory. Accidental memory access is likely
+ to be disastrous.
+ Memory access is required for experts who want to debug the kernel.
+
+ If you are unsure, say Y.
+
endmenu
diff --git a/arch/powerpc/include/asm/page.h b/arch/powerpc/include/asm/page.h
index 53b64be..f225032 100644
--- a/arch/powerpc/include/asm/page.h
+++ b/arch/powerpc/include/asm/page.h
@@ -262,6 +262,11 @@ extern void copy_user_page(void *to, void *from, unsigned
long vaddr,
struct page *p);
extern int page_is_ram(unsigned long pfn);
+static inline int devmem_is_allowed(unsigned long pfn)
+{
+return 0;
+}
+
#ifdef CONFIG_PPC_SMLPAR
void arch_free_page(struct page *page, int order);
#define HAVE_ARCH_FREE_PAGE
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
Re: [PATCH] powerpc/mm: add devmem_is_allowed() for STRICT_DEVMEM checking
On Mon, Jan 31, 2011 at 2:16 PM, Steve Best sfb...@us.ibm.com wrote:
Provide devmem_is_allowed() routine to restrict access to kernel
memory from userspace.
Set CONFIG_STRICT_DEVMEM config option to switch on checking.
Signed-off-by: Steve Best sfb...@us.ibm.com
diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug
index 2d38a50..6805d5d 100644
--- a/arch/powerpc/Kconfig.debug
+++ b/arch/powerpc/Kconfig.debug
@@ -299,4 +299,16 @@ config PPC_EARLY_DEBUG_CPM_ADDR
platform probing is done, all platforms selected must
share the same address.
+config STRICT_DEVMEM
+ def_bool y
+ prompt Filter access to /dev/mem
+ ---help---
+ This option restricts access to /dev/mem. If this option is
+ disabled, you allow userspace access to all memory, including
+ kernel and userspace memory. Accidental memory access is likely
+ to be disastrous.
+ Memory access is required for experts who want to debug the kernel.
+
+ If you are unsure, say Y.
+
endmenu
diff --git a/arch/powerpc/include/asm/page.h b/arch/powerpc/include/asm/page.h
index 53b64be..f225032 100644
--- a/arch/powerpc/include/asm/page.h
+++ b/arch/powerpc/include/asm/page.h
@@ -262,6 +262,11 @@ extern void copy_user_page(void *to, void *from,
unsigned long vaddr,
struct page *p);
extern int page_is_ram(unsigned long pfn);
+static inline int devmem_is_allowed(unsigned long pfn)
+{
+ return 0;
+}
+
Er, should this be toggled via CONFIG_STRICT_DEVMEM somehow? Or I
guess I'm missing why the config option had to be added if not.
josh
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
Re: [PATCH] powerpc/mm: add devmem_is_allowed() for STRICT_DEVMEM checking
On Mon, Jan 31, 2011 at 2:25 PM, Josh Boyer jwbo...@gmail.com wrote:
On Mon, Jan 31, 2011 at 2:16 PM, Steve Best sfb...@us.ibm.com wrote:
Provide devmem_is_allowed() routine to restrict access to kernel
memory from userspace.
Set CONFIG_STRICT_DEVMEM config option to switch on checking.
Signed-off-by: Steve Best sfb...@us.ibm.com
diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug
index 2d38a50..6805d5d 100644
--- a/arch/powerpc/Kconfig.debug
+++ b/arch/powerpc/Kconfig.debug
@@ -299,4 +299,16 @@ config PPC_EARLY_DEBUG_CPM_ADDR
platform probing is done, all platforms selected must
share the same address.
+config STRICT_DEVMEM
+ def_bool y
+ prompt Filter access to /dev/mem
+ ---help---
+ This option restricts access to /dev/mem. If this option is
+ disabled, you allow userspace access to all memory, including
+ kernel and userspace memory. Accidental memory access is likely
+ to be disastrous.
+ Memory access is required for experts who want to debug the
kernel.
+
+ If you are unsure, say Y.
+
endmenu
diff --git a/arch/powerpc/include/asm/page.h
b/arch/powerpc/include/asm/page.h
index 53b64be..f225032 100644
--- a/arch/powerpc/include/asm/page.h
+++ b/arch/powerpc/include/asm/page.h
@@ -262,6 +262,11 @@ extern void copy_user_page(void *to, void *from,
unsigned long vaddr,
struct page *p);
extern int page_is_ram(unsigned long pfn);
+static inline int devmem_is_allowed(unsigned long pfn)
+{
+ return 0;
+}
+
Er, should this be toggled via CONFIG_STRICT_DEVMEM somehow? Or I
guess I'm missing why the config option had to be added if not.
Nevermind. I see that it's done in the drivers/char/mem.c file.
Should have looked more first.
josh
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
Re: [PATCH] powerpc/mm: add devmem_is_allowed() for STRICT_DEVMEM checking
On Mon, 31 Jan 2011 14:16:00 -0500
Steve Best sfb...@us.ibm.com wrote:
Provide devmem_is_allowed() routine to restrict access to kernel
memory from userspace.
Set CONFIG_STRICT_DEVMEM config option to switch on checking.
Signed-off-by: Steve Best sfb...@us.ibm.com
diff --git a/arch/powerpc/Kconfig.debug b/arch/powerpc/Kconfig.debug
index 2d38a50..6805d5d 100644
--- a/arch/powerpc/Kconfig.debug
+++ b/arch/powerpc/Kconfig.debug
@@ -299,4 +299,16 @@ config PPC_EARLY_DEBUG_CPM_ADDR
platform probing is done, all platforms selected must
share the same address.
+config STRICT_DEVMEM
+def_bool y
+prompt Filter access to /dev/mem
+---help---
+ This option restricts access to /dev/mem. If this option is
+ disabled, you allow userspace access to all memory, including
+ kernel and userspace memory. Accidental memory access is likely
+ to be disastrous.
+ Memory access is required for experts who want to debug the kernel.
+
+ If you are unsure, say Y.
+
endmenu
diff --git a/arch/powerpc/include/asm/page.h b/arch/powerpc/include/asm/page.h
index 53b64be..f225032 100644
--- a/arch/powerpc/include/asm/page.h
+++ b/arch/powerpc/include/asm/page.h
@@ -262,6 +262,11 @@ extern void copy_user_page(void *to, void *from,
unsigned long vaddr,
struct page *p);
extern int page_is_ram(unsigned long pfn);
+static inline int devmem_is_allowed(unsigned long pfn)
+{
+return 0;
+}
+
I don't see how this is a sane thing to turn on by default (you're not
restricting it, BTW -- you're completely disabling it with that
implementation of devmem_is_allowed). It will break anything that
uses /dev/mem to access I/O, possibly including desktoppy stuff like X
servers, as well as lots of stuff that goes on in embedded setups.
You need to be root to access /dev/mem, and root has plenty of
other options for causing disastrous results. You don't just stumble
onto /dev/mem by accident.
-Scott
___
Linuxppc-dev mailing list
Linuxppc-dev@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/linuxppc-dev
