| 1 | From 4003b9a2c05f4d0d37535c3dffbf4a7b47d5c36c Mon Sep 17 00:00:00 2001 |
| 2 | From: Maarten ter Huurne <maarten@treewalker.org> |
| 3 | Date: Wed, 8 Sep 2010 02:31:19 +0200 |
| 4 | Subject: [PATCH 09/28] /dev/mem: Add kernel config option to omit this |
| 5 | device. |
| 6 | |
| 7 | Omitting this device prevents software from accessing the hardware directly, which can cause trouble if the kernel accesses the same hardware. |
| 8 | It also saves some space on embedded systems. |
| 9 | --- |
| 10 | arch/x86/Kconfig.debug | 1 + |
| 11 | drivers/char/Kconfig | 10 ++++++++++ |
| 12 | drivers/char/mem.c | 17 +++++++++++++++++ |
| 13 | 3 files changed, 28 insertions(+), 0 deletions(-) |
| 14 | |
| 15 | diff --git a/arch/x86/Kconfig.debug b/arch/x86/Kconfig.debug |
| 16 | index bf56e17..0c97d51 100644 |
| 17 | --- a/arch/x86/Kconfig.debug |
| 18 | +++ b/arch/x86/Kconfig.debug |
| 19 | @@ -7,6 +7,7 @@ source "lib/Kconfig.debug" |
| 20 | |
| 21 | config STRICT_DEVMEM |
| 22 | bool "Filter access to /dev/mem" |
| 23 | + depends on DEVMEM |
| 24 | ---help--- |
| 25 | If this option is disabled, you allow userspace (root) access to all |
| 26 | of memory, including kernel and userspace memory. Accidental |
| 27 | diff --git a/drivers/char/Kconfig b/drivers/char/Kconfig |
| 28 | index 4364303..a2e462e 100644 |
| 29 | --- a/drivers/char/Kconfig |
| 30 | +++ b/drivers/char/Kconfig |
| 31 | @@ -6,6 +6,16 @@ menu "Character devices" |
| 32 | |
| 33 | source "drivers/tty/Kconfig" |
| 34 | |
| 35 | +config DEVMEM |
| 36 | + bool "/dev/mem virtual device support" |
| 37 | + default y |
| 38 | + help |
| 39 | + Say Y here if you want to support the /dev/mem device. |
| 40 | + Some X server drivers access the video hardware using this device. |
| 41 | + Accessing hardware directly from user space can be useful in some |
| 42 | + cases, but it is not without risks. |
| 43 | + When in doubt, say "N". |
| 44 | + |
| 45 | config DEVKMEM |
| 46 | bool "/dev/kmem virtual device support" |
| 47 | default y |
| 48 | diff --git a/drivers/char/mem.c b/drivers/char/mem.c |
| 49 | index 1451790..a6020ca 100644 |
| 50 | --- a/drivers/char/mem.c |
| 51 | +++ b/drivers/char/mem.c |
| 52 | @@ -87,6 +87,8 @@ void __weak unxlate_dev_mem_ptr(unsigned long phys, void *addr) |
| 53 | { |
| 54 | } |
| 55 | |
| 56 | +#ifdef CONFIG_DEVMEM |
| 57 | + |
| 58 | /* |
| 59 | * This funcion reads the *physical* memory. The f_pos points directly to the |
| 60 | * memory location. |
| 61 | @@ -210,6 +212,10 @@ static ssize_t write_mem(struct file *file, const char __user *buf, |
| 62 | return written; |
| 63 | } |
| 64 | |
| 65 | +#endif |
| 66 | + |
| 67 | +#if defined(CONFIG_DEVMEM) || defined(CONFIG_DEVKMEM) |
| 68 | + |
| 69 | int __weak phys_mem_access_prot_allowed(struct file *file, |
| 70 | unsigned long pfn, unsigned long size, pgprot_t *vma_prot) |
| 71 | { |
| 72 | @@ -331,6 +337,8 @@ static int mmap_mem(struct file *file, struct vm_area_struct *vma) |
| 73 | return 0; |
| 74 | } |
| 75 | |
| 76 | +#endif |
| 77 | + |
| 78 | #ifdef CONFIG_DEVKMEM |
| 79 | static int mmap_kmem(struct file *file, struct vm_area_struct *vma) |
| 80 | { |
| 81 | @@ -694,6 +702,7 @@ static loff_t null_lseek(struct file *file, loff_t offset, int orig) |
| 82 | return file->f_pos = 0; |
| 83 | } |
| 84 | |
| 85 | +#if defined(CONFIG_DEVMEM) || defined(CONFIG_DEVKMEM) || defined(CONFIG_DEVPORT) |
| 86 | /* |
| 87 | * The memory devices use the full 32/64 bits of the offset, and so we cannot |
| 88 | * check against negative addresses: they are ok. The return value is weird, |
| 89 | @@ -726,11 +735,15 @@ static loff_t memory_lseek(struct file *file, loff_t offset, int orig) |
| 90 | mutex_unlock(&file->f_path.dentry->d_inode->i_mutex); |
| 91 | return ret; |
| 92 | } |
| 93 | +#endif |
| 94 | |
| 95 | +#if defined(CONFIG_DEVMEM) || defined(CONFIG_DEVKMEM) || \ |
| 96 | + defined(CONFIG_DEVPORT) || defined(CONFIG_CRASH_DUMP) |
| 97 | static int open_port(struct inode * inode, struct file * filp) |
| 98 | { |
| 99 | return capable(CAP_SYS_RAWIO) ? 0 : -EPERM; |
| 100 | } |
| 101 | +#endif |
| 102 | |
| 103 | #define zero_lseek null_lseek |
| 104 | #define full_lseek null_lseek |
| 105 | @@ -740,6 +753,7 @@ static int open_port(struct inode * inode, struct file * filp) |
| 106 | #define open_kmem open_mem |
| 107 | #define open_oldmem open_mem |
| 108 | |
| 109 | +#ifdef CONFIG_DEVMEM |
| 110 | static const struct file_operations mem_fops = { |
| 111 | .llseek = memory_lseek, |
| 112 | .read = read_mem, |
| 113 | @@ -748,6 +762,7 @@ static const struct file_operations mem_fops = { |
| 114 | .open = open_mem, |
| 115 | .get_unmapped_area = get_unmapped_area_mem, |
| 116 | }; |
| 117 | +#endif |
| 118 | |
| 119 | #ifdef CONFIG_DEVKMEM |
| 120 | static const struct file_operations kmem_fops = { |
| 121 | @@ -851,7 +866,9 @@ static const struct memdev { |
| 122 | const struct file_operations *fops; |
| 123 | struct backing_dev_info *dev_info; |
| 124 | } devlist[] = { |
| 125 | +#ifdef CONFIG_DEVMEM |
| 126 | [1] = { "mem", 0, &mem_fops, &directly_mappable_cdev_bdi }, |
| 127 | +#endif |
| 128 | #ifdef CONFIG_DEVKMEM |
| 129 | [2] = { "kmem", 0, &kmem_fops, &directly_mappable_cdev_bdi }, |
| 130 | #endif |
| 131 | -- |
| 132 | 1.7.5.4 |
| 133 | |
| 134 | |
