On Thu, 2016-02-18 at 19:53 +0100, Ingo Molnar wrote: > * Bryan O'Donoghue <pure.logic@xxxxxxxxxxxxxxxxx> wrote: > > > On Thu, 2016-02-18 at 08:58 +0100, Ingo Molnar wrote: > > > So why not simply do the patch below? Very few people use boot > > > parameters, and the > > > complexity does not seem to be worth it. > > > > > > Furthermore I think an IMR range in itself is safe enough - it's > > > not > > > like such > > > register state is going to be randomly corrupted, even with the > > > 'lock' bit unset. > > > > > > Hi Ingo. > > > > I agree - to flip the lock bit you need to be in ring-0 anyway. > > > > > So it's a perfectly fine protective measure against accidental > > > memory > > > corruption > > > from the DMA space. It should not try to be more than that. > > > > > > And once we do this, I suggest we get rid of the 'lock' parameter > > > altogether - > > > that will further simplify the code. > > > > > > Thanks, > > > > > > Ingo > > > > That was the V1 of this patch > > > > https://groups.google.com/forum/#!topic/linux.kernel/6ZuVOF3TJow > > heh ;-) :) > > Andriy asked for the boot parameter to control the state of the IMR > > lock bit, I'm just as happy to go back to that version TBH > > I really think it's over-engineered - especially considering that > with the kernel > lock-down removed there's no other IMR area that is really locked > down - so we > could get rid of the whole 'locked' logic that would simplify the > code throughout. I'm in favour of that too. Charitably I think locking a register like this makes sense only when you talk about it in a meeting room somewhere; as soon as you go to try to use it in a real situation you find its far more trouble than its really worth. So, I'm going to trim that out of this code unless I hear some pushback from elsewhere in the 1/2 day or so. > > Yeah, it's a nice looking hardware feature - but I don't think it's > particularly > useful in terms of extra protection. > > Thanks, > > Ingo -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
