| 1 | From 4003b9a2c05f4d0d37535c3dffbf4a7b47d5c36c Mon Sep 17 00:00:00 2001 |
| 2 | From: Maarten ter Huurne <maarten@treewalker.org> |
| 3 | Date: Wed, 8 Sep 2010 02:31:19 +0200 |
| 4 | Subject: [PATCH 09/21] /dev/mem: Add kernel config option to omit this |
| 5 | device. |
| 6 | |
| 7 | Omitting this device prevents software from accessing the hardware directly, which can cause trouble if the kernel accesses the same hardware. |
| 8 | It also saves some space on embedded systems. |
| 9 | --- |
| 10 | arch/x86/Kconfig.debug | 1 + |
| 11 | drivers/char/Kconfig | 10 ++++++++++ |
| 12 | drivers/char/mem.c | 17 +++++++++++++++++ |
| 13 | 3 files changed, 28 insertions(+), 0 deletions(-) |
| 14 | |
| 15 | --- a/arch/x86/Kconfig.debug |
| 16 | +++ b/arch/x86/Kconfig.debug |
| 17 | @@ -7,6 +7,7 @@ source "lib/Kconfig.debug" |
| 18 | |
| 19 | config STRICT_DEVMEM |
| 20 | bool "Filter access to /dev/mem" |
| 21 | + depends on DEVMEM |
| 22 | ---help--- |
| 23 | If this option is disabled, you allow userspace (root) access to all |
| 24 | of memory, including kernel and userspace memory. Accidental |
| 25 | --- a/drivers/char/Kconfig |
| 26 | +++ b/drivers/char/Kconfig |
| 27 | @@ -6,6 +6,16 @@ menu "Character devices" |
| 28 | |
| 29 | source "drivers/tty/Kconfig" |
| 30 | |
| 31 | +config DEVMEM |
| 32 | + bool "/dev/mem virtual device support" |
| 33 | + default y |
| 34 | + help |
| 35 | + Say Y here if you want to support the /dev/mem device. |
| 36 | + Some X server drivers access the video hardware using this device. |
| 37 | + Accessing hardware directly from user space can be useful in some |
| 38 | + cases, but it is not without risks. |
| 39 | + When in doubt, say "N". |
| 40 | + |
| 41 | config DEVKMEM |
| 42 | bool "/dev/kmem virtual device support" |
| 43 | default y |
| 44 | --- a/drivers/char/mem.c |
| 45 | +++ b/drivers/char/mem.c |
| 46 | @@ -87,6 +87,8 @@ void __weak unxlate_dev_mem_ptr(unsigned |
| 47 | { |
| 48 | } |
| 49 | |
| 50 | +#ifdef CONFIG_DEVMEM |
| 51 | + |
| 52 | /* |
| 53 | * This funcion reads the *physical* memory. The f_pos points directly to the |
| 54 | * memory location. |
| 55 | @@ -210,6 +212,10 @@ static ssize_t write_mem(struct file *fi |
| 56 | return written; |
| 57 | } |
| 58 | |
| 59 | +#endif |
| 60 | + |
| 61 | +#if defined(CONFIG_DEVMEM) || defined(CONFIG_DEVKMEM) |
| 62 | + |
| 63 | int __weak phys_mem_access_prot_allowed(struct file *file, |
| 64 | unsigned long pfn, unsigned long size, pgprot_t *vma_prot) |
| 65 | { |
| 66 | @@ -331,6 +337,8 @@ static int mmap_mem(struct file *file, s |
| 67 | return 0; |
| 68 | } |
| 69 | |
| 70 | +#endif |
| 71 | + |
| 72 | #ifdef CONFIG_DEVKMEM |
| 73 | static int mmap_kmem(struct file *file, struct vm_area_struct *vma) |
| 74 | { |
| 75 | @@ -694,6 +702,7 @@ static loff_t null_lseek(struct file *fi |
| 76 | return file->f_pos = 0; |
| 77 | } |
| 78 | |
| 79 | +#if defined(CONFIG_DEVMEM) || defined(CONFIG_DEVKMEM) || defined(CONFIG_DEVPORT) |
| 80 | /* |
| 81 | * The memory devices use the full 32/64 bits of the offset, and so we cannot |
| 82 | * check against negative addresses: they are ok. The return value is weird, |
| 83 | @@ -726,11 +735,15 @@ static loff_t memory_lseek(struct file * |
| 84 | mutex_unlock(&file->f_path.dentry->d_inode->i_mutex); |
| 85 | return ret; |
| 86 | } |
| 87 | +#endif |
| 88 | |
| 89 | +#if defined(CONFIG_DEVMEM) || defined(CONFIG_DEVKMEM) || \ |
| 90 | + defined(CONFIG_DEVPORT) || defined(CONFIG_CRASH_DUMP) |
| 91 | static int open_port(struct inode * inode, struct file * filp) |
| 92 | { |
| 93 | return capable(CAP_SYS_RAWIO) ? 0 : -EPERM; |
| 94 | } |
| 95 | +#endif |
| 96 | |
| 97 | #define zero_lseek null_lseek |
| 98 | #define full_lseek null_lseek |
| 99 | @@ -740,6 +753,7 @@ static int open_port(struct inode * inod |
| 100 | #define open_kmem open_mem |
| 101 | #define open_oldmem open_mem |
| 102 | |
| 103 | +#ifdef CONFIG_DEVMEM |
| 104 | static const struct file_operations mem_fops = { |
| 105 | .llseek = memory_lseek, |
| 106 | .read = read_mem, |
| 107 | @@ -748,6 +762,7 @@ static const struct file_operations mem_ |
| 108 | .open = open_mem, |
| 109 | .get_unmapped_area = get_unmapped_area_mem, |
| 110 | }; |
| 111 | +#endif |
| 112 | |
| 113 | #ifdef CONFIG_DEVKMEM |
| 114 | static const struct file_operations kmem_fops = { |
| 115 | @@ -851,7 +866,9 @@ static const struct memdev { |
| 116 | const struct file_operations *fops; |
| 117 | struct backing_dev_info *dev_info; |
| 118 | } devlist[] = { |
| 119 | +#ifdef CONFIG_DEVMEM |
| 120 | [1] = { "mem", 0, &mem_fops, &directly_mappable_cdev_bdi }, |
| 121 | +#endif |
| 122 | #ifdef CONFIG_DEVKMEM |
| 123 | [2] = { "kmem", 0, &kmem_fops, &directly_mappable_cdev_bdi }, |
| 124 | #endif |
| 125 | |
