On Fri, Apr 12, 2019 at 12:34:31PM -0400, Dennis Dalessandro wrote: > On 4/12/2019 11:38 AM, Leon Romanovsky wrote: > > On Thu, Apr 11, 2019 at 07:07:42AM -0700, Dennis Dalessandro wrote: > > > From: Josh Collier <josh.d.collier@xxxxxxxxx> > > > > > > Some kernels now enable CONFIG_IO_STRICT_DEVMEM > > > which prevents multiple handles to PCI resource0. In order > > > to continue to support expansion ROM updates while the > > > driver is loaded, the driver must now provide an interface > > > to control the expansion ROM write protection. > > > > From this description, it seems like that CONFIG_IO_STRICT_DEVMEM was > > added to prevent this type of access, doesn't it? > > Due to the config option using the resource file is no longer an option for > manipulating the EPROM. There are some accesses that we want to be able to > make through the PCI config space which is not affected by the above config > option. However access to that is protected by the HW. So this patch > provides a safe interface to toggle that protection while still preventing > userspace from free range access to memory regions claimed by the driver. I feel like this should require CAP_SYS_ADMIN or maybe CAP_SYS_RAW_IO.. But I'm never sure when to check caps or when default permissions on file nodes is good enough Jason
