From: Nicolas Pitre Date: Wed, 22 Sep 2010 22:34:36 +0000 (-0400) Subject: ARM: implement CONFIG_STRICT_DEVMEM by disabling access to RAM via /dev/mem X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=087aaffcdf9c91667c93923fbc05fa8fb6bc7d3a;p=GitHub%2FLineageOS%2FG12%2Fandroid_kernel_amlogic_linux-4.9.git ARM: implement CONFIG_STRICT_DEVMEM by disabling access to RAM via /dev/mem There are very few legitimate use cases, if any, for directly accessing system RAM through /dev/mem. So let's mimic what they do on x86 and forbid it when CONFIG_STRICT_DEVMEM is turned on. Signed-off-by: Nicolas Pitre --- diff --git a/arch/arm/Kconfig.debug b/arch/arm/Kconfig.debug index 91344af75f39..c29fb382aeee 100644 --- a/arch/arm/Kconfig.debug +++ b/arch/arm/Kconfig.debug @@ -2,6 +2,20 @@ menu "Kernel hacking" source "lib/Kconfig.debug" +config STRICT_DEVMEM + bool "Filter access to /dev/mem" + depends on MMU + ---help--- + If this option is disabled, you allow userspace (root) access to all + of memory, including kernel and userspace memory. Accidental + access to this is obviously disastrous, but specific access can + be used by people debugging the kernel. + + If this option is switched on, the /dev/mem file only allows + userspace access to memory mapped peripherals. + + If in doubt, say Y. + # RMK wants arm kernels compiled with frame pointers or stack unwinding. # If you know what you are doing and are willing to live without stack # traces, you can get a slightly smaller kernel by setting this option to diff --git a/arch/arm/include/asm/io.h b/arch/arm/include/asm/io.h index 1261b1f928d9..815efa2d4e07 100644 --- a/arch/arm/include/asm/io.h +++ b/arch/arm/include/asm/io.h @@ -294,6 +294,7 @@ extern void pci_iounmap(struct pci_dev *dev, void __iomem *addr); #define ARCH_HAS_VALID_PHYS_ADDR_RANGE extern int valid_phys_addr_range(unsigned long addr, size_t size); extern int valid_mmap_phys_addr_range(unsigned long pfn, size_t size); +extern int devmem_is_allowed(unsigned long pfn); #endif /* diff --git a/arch/arm/mm/mmap.c b/arch/arm/mm/mmap.c index 4f5b39687df5..b0a98305055c 100644 --- a/arch/arm/mm/mmap.c +++ b/arch/arm/mm/mmap.c @@ -144,3 +144,25 @@ int valid_mmap_phys_addr_range(unsigned long pfn, size_t size) { return !(pfn + (size >> PAGE_SHIFT) > 0x00100000); } + +#ifdef CONFIG_STRICT_DEVMEM + +#include + +/* + * devmem_is_allowed() checks to see if /dev/mem access to a certain + * address is valid. The argument is a physical page number. + * We mimic x86 here by disallowing access to system RAM as well as + * device-exclusive MMIO regions. This effectively disable read()/write() + * on /dev/mem. + */ +int devmem_is_allowed(unsigned long pfn) +{ + if (iomem_is_exclusive(pfn << PAGE_SHIFT)) + return 0; + if (!page_is_ram(pfn)) + return 1; + return 0; +} + +#endif