Re: [PATCH for-next v2] IB/hfi1: Add debugfs to control expansion ROM write protect

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Apr 15, 2019 at 09:20:25PM +0000, Collier, Josh D wrote:
> 
> > From: Jason Gunthorpe [mailto:jgg@xxxxxxxx]
> > Sent: Friday, April 12, 2019 3:22 PM
> > To: Dalessandro, Dennis <dennis.dalessandro@xxxxxxxxx>
> > Cc: Leon Romanovsky <leon@xxxxxxxxxx>; dledford@xxxxxxxxxx; linux-
> > rdma@xxxxxxxxxxxxxxx; Collier, Josh D <josh.d.collier@xxxxxxxxx>
> > Subject: Re: [PATCH for-next v2] IB/hfi1: Add debugfs to control expansion
> > ROM write protect
> > 
> > On Fri, Apr 12, 2019 at 12:34:31PM -0400, Dennis Dalessandro wrote:
> > > On 4/12/2019 11:38 AM, Leon Romanovsky wrote:
> > > > On Thu, Apr 11, 2019 at 07:07:42AM -0700, Dennis Dalessandro wrote:
> > > > > From: Josh Collier <josh.d.collier@xxxxxxxxx>
> > > > >
> > > > > Some kernels now enable CONFIG_IO_STRICT_DEVMEM which prevents
> > > > > multiple handles to PCI resource0. In order to continue to support
> > > > > expansion ROM updates while the driver is loaded, the driver must
> > > > > now provide an interface to control the expansion ROM write
> > > > > protection.
> > > >
> > > >  From this description, it seems like that CONFIG_IO_STRICT_DEVMEM
> > > > was added to prevent this type of access, doesn't it?
> > >
> > > Due to the config option using the resource file is no longer an
> > > option for manipulating the EPROM. There are some accesses that we
> > > want to be able to make through the PCI config space which is not
> > > affected by the above config option. However access to that is
> > > protected by the HW. So this patch provides a safe interface to toggle
> > > that protection while still preventing userspace from free range access to
> > memory regions claimed by the driver.
> > 
> > I feel like this should require CAP_SYS_ADMIN or maybe CAP_SYS_RAW_IO..
> > 
> > But I'm never sure when to check caps or when default permissions on file
> > nodes is good enough
> 
> By default debugfs is only root accessible. The only CAP_SYS_ADMIN references
> in all of drivers/infiniband are in hfi1 for a sysfs related attribute and one
> other non-debugfs behavior.

Okay

Jason



[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Photo]     [Yosemite News]     [Yosemite Photos]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux