On 4/12/2019 3:21 PM, Jason Gunthorpe wrote:
On Fri, Apr 12, 2019 at 12:34:31PM -0400, Dennis Dalessandro wrote:
On 4/12/2019 11:38 AM, Leon Romanovsky wrote:
On Thu, Apr 11, 2019 at 07:07:42AM -0700, Dennis Dalessandro wrote:
From: Josh Collier <josh.d.collier@xxxxxxxxx>
Some kernels now enable CONFIG_IO_STRICT_DEVMEM
which prevents multiple handles to PCI resource0. In order
to continue to support expansion ROM updates while the
driver is loaded, the driver must now provide an interface
to control the expansion ROM write protection.
From this description, it seems like that CONFIG_IO_STRICT_DEVMEM was
added to prevent this type of access, doesn't it?
Due to the config option using the resource file is no longer an option for
manipulating the EPROM. There are some accesses that we want to be able to
make through the PCI config space which is not affected by the above config
option. However access to that is protected by the HW. So this patch
provides a safe interface to toggle that protection while still preventing
userspace from free range access to memory regions claimed by the driver.
I feel like this should require CAP_SYS_ADMIN or maybe
CAP_SYS_RAW_IO..
But I'm never sure when to check caps or when default permissions on
file nodes is good enough
Fair point, we'll look into it a bit more.
-Denny
