• Dan Williams's avatar
    restrict /dev/mem to idle io memory ranges · 90a545e9
    Dan Williams authored
    This effectively promotes IORESOURCE_BUSY to IORESOURCE_EXCLUSIVE
    semantics by default.  If userspace really believes it is safe to access
    the memory region it can also perform the extra step of disabling an
    active driver.  This protects device address ranges with read side
    effects and otherwise directs userspace to use the driver.
    
    Persistent memory presents a large "mistake surface" to /dev/mem as now
    accidental writes can corrupt a filesystem.
    
    In general if a device driver is busily using a memory region it already
    informs other parts of the kernel to not touch it via
    request_mem_region().  /dev/mem should honor the same safety restriction
    by default.  Debugging a device driver from userspace becomes more
    difficult with this enabled.  Any application using /dev/mem or mmap of
    sysfs pci resources will now need to perform the extra step of either:
    
    1/ Disabling the driver, for example:
    
       echo <device id> > /dev/bus/<parent bus>/drivers/<driver name>/unbind
    
    2/ Rebooting with "iomem=relaxed" on the command line
    
    3/ Recompiling with CONFIG_IO_STRICT_DEVMEM=n
    
    Traditional users of /dev/mem like dosemu are unaffected because the
    first 1MB of memory is not subject to the IO_STRICT_DEVMEM restriction.
    Legacy X configurations use /dev/mem to talk to graphics hardware, but
    that functionality has since moved to kernel graphics drivers.
    
    Cc: Arnd Bergmann <arnd@arndb.de>
    Cc: Russell King <linux@arm.linux.org.uk>
    Cc: Andrew Morton <akpm@linux-foundation.org>
    Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Acked-by: default avatarKees Cook <keescook@chromium.org>
    Acked-by: default avatarIngo Molnar <mingo@redhat.com>
    Signed-off-by: default avatarDan Williams <dan.j.williams@intel.com>
    90a545e9
resource.c 37.2 KB