On Mon, Feb 22, 2021 at 01:55:23PM -0400, Jason Gunthorpe wrote: > > +static bool strict_mmio_maps = true; > > +module_param_named(strict_mmio_maps, strict_mmio_maps, bool, 0644); > > +MODULE_PARM_DESC(strict_mmio_maps, > > + "Restrict to safe DMA mappings of device memory (true)."); > > I think this should be a kconfig, historically we've required kconfig > to opt-in to unsafe things that could violate kernel security. Someone > building a secure boot trusted kernel system should not have an > options for userspace to just turn off protections. Agreed, but I'd go one step further: Why should we allow the unsafe mode at all?
