Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S933627AbbELSMZ (ORCPT ); Tue, 12 May 2015 14:12:25 -0400 Received: from mail-ie0-f180.google.com ([209.85.223.180]:33543 "EHLO mail-ie0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932822AbbELSMX (ORCPT ); Tue, 12 May 2015 14:12:23 -0400 Message-ID: <5552427D.9070806@gmail.com> Date: Tue, 12 May 2015 14:12:13 -0400 From: Austin S Hemmelgarn User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 MIME-Version: 1.0 To: Alex Henrie CC: Arjan van de Ven , Ingo Molnar , One Thousand Gnomes , Kees Cook , "H . Peter Anvin" , Doug Johnson , Thomas Gleixner , Ingo Molnar , Tyler Hicks , Al Viro , LKML , Andy Lutomirski , Linus Torvalds , Andrew Morton , Borislav Petkov , Peter Zijlstra , Arjan van de Ven , Denys Vlasenko , Brian Gerst Subject: Re: [PATCH v2] x86: Preserve iopl on fork and execve References: <1431387505-13410-1-git-send-email-alexhenrie24@gmail.com> <20150512064032.GA25097@gmail.com> <5552209C.501@gmail.com> In-Reply-To: x-hashcash: 1:21:150512:alexhenrie24@gmail.com::6f136e0b2a5bf8bb5a405c593b0e0cf:8d5f57dfe7aa12cb x-hashcash: 1:21:150512:arjanvandeven@gmail.com::b737c614986aec585a68f1f7e51e793d:58faa92bf7da482f x-hashcash: 1:21:150512:mingo@kernel.org::130985acebda3e41f32df03cb16dc964:bcddfd243adf0ed7 x-hashcash: 1:21:150512:gnomes@lxorguk.ukuu.org.uk::5812a76a54e1f078eaf25aad7c686c18:f63b7e1cd5067998 x-hashcash: 1:21:150512:keescook@chromium.org::405754e924f3b372e0626422b14043c1:381b0d1e020a4eec x-hashcash: 1:21:150512:hpa@zytor.com::1efec8bcc6105bb146ac2202c87ae1ca:ca51af7041a7b445 x-hashcash: 1:21:150512:dougvj@gmail.com::63564f98d0bfce02f1d437ed841d6acb:88c5102a4f780240 x-hashcash: 1:21:150512:tglx@linutronix.de::b968f47ec7023d28747a2b0c9599a84d:a1d911bcd50a15ed x-hashcash: 1:21:150512:mingo@redhat.com::685497b0b85363aefef4f961b84c1861:ca108dfeb23482e3 x-hashcash: 1:21:150512:tyhicks@canonical.com::4c7bb033842a236123740d8c203353b0:4452f2590eed35f9 x-hashcash: 1:21:150512:viro@zeniv.linux.org.uk::30fcd6132e4a334d9a60f5690122c0d3:bcb6701a0d9788d x-hashcash: 1:21:150512:linux-kernel@vger.kernel.org::335159e36c6ba9b07e0a4e1de3503b93:d2eb4a4253164a18 x-hashcash: 1:21:150512:luto@kernel.org::e71d04e393dd36fa7dd00d725d964381:5f838a94642b1a2c x-hashcash: 1:21:150512:torvalds@linux-foundation.org::b12257601a9d1e6c5ecd0bc12424d7d8:6c4a003be5af6ccc x-hashcash: 1:21:150512:akpm@linux-foundation.org::956b99117deb9e5a8d291ea8e89d85:2a8cf04304811601 x-hashcash: 1:21:150512:bp@alien8.de::60b2e50ad36037cb643e66e198165d48:50e4a42d0f7981f3 x-hashcash: 1:21:150512:a.p.zijlstra@chello.nl::ce70af0cf9ce9b9c03ea7f81fd93f8a:dcac0957c80ba4c1 x-hashcash: 1:21:150512:arjan@infradead.org::d185f322f7f4bf648e6ef5f0aaba5d2b:c7b557e511bba2c8 x-hashcash: 1:21:150512:dvlasenk@redhat.com::ac0dff2b8ec14b1acda10fd88b36c55:d70f553ca3c4cf0d x-hashcash: 1:21:150512:brgerst@gmail.com::26d2716b1229fe705a5b32d85104b49d:83de2cbfb98cc7a9 x-stampprotocols: hashcash:1:17;mbound:0:10:3000:5000 Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1; boundary="------------ms050302000007010207060403" X-Antivirus: avast! (VPS 150512-0, 2015-05-12), Outbound message X-Antivirus-Status: Clean Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 6021 Lines: 105 This is a cryptographically signed message in MIME format. --------------ms050302000007010207060403 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: quoted-printable On 2015-05-12 14:05, Alex Henrie wrote: > 2015-05-12 9:47 GMT-06:00 Austin S Hemmelgarn : >> On 2015-05-12 11:25, Arjan van de Ven wrote: >>> If you look at a modern linux distro, nothing should need/use iopl an= d >>> co anymore, so maybe an interesting >>> question is if we can stick these behind a CONFIG_ option (default on= >>> of course for compatibility)... just like >>> some of the /dev/mem like things are now hidable for folks who know >>> they don't need them. >> >> Personally, I _really_ like this idea. The only thing I know of on an= y >> modern distro that even considers using ioperm is hwclock, and it only= does >> so if it can't access the RTC through other means (and if you have an = RTC, >> you really should have the /dev interface enabled). > > Removing iopl might be OK. Removing ioperm would break my use case of > legacy code that needs direct access to the parallel port. > > -Alex > The discussion isn't about outright removing them, just providing a=20 config option to disable them. It might be a good idea though to=20 provide separate config options for each of iopl() and ioperm(), as=20 iopl() is more dangerous, and ioperm() is more widely used, and people=20 may need one but not want to have the other. --------------ms050302000007010207060403 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGuDCC BrQwggScoAMCAQICAxBuVTANBgkqhkiG9w0BAQ0FADB5MRAwDgYDVQQKEwdSb290IENBMR4w HAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmlu ZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZzAeFw0xNTAz MjUxOTM0MzhaFw0xNTA5MjExOTM0MzhaMGMxGDAWBgNVBAMTD0NBY2VydCBXb1QgVXNlcjEj MCEGCSqGSIb3DQEJARYUYWhmZXJyb2luN0BnbWFpbC5jb20xIjAgBgkqhkiG9w0BCQEWE2Fo ZW1tZWxnQG9oaW9ndC5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCdD/zW 2rRAFCLnDfXpWxU1+ODqRVUgzHvrRO7ADUxRo1CBDc3JSX5TIW2OGmQ3DAKGOACp8Z0sgxMc B05tzAZ/M7m4jajVrwwdVCdrwVGxTdAai7Kwg4ZCVfyMVhcwo8R2eW3QahBx34G0RKumK9sZ ZQSQ+zULAzpY6uz7T1sAk/erMoivRXF6u8WvOsLkOD1F/Xyv1ZccSUG5YeDgZgc0nZUBvyIp zXSHjgWerFkrxEM3y2z/Ff3eL1sgGYecV/I1F+I5S01V7Kclt/qRW10c/4JEGRcI1FmrJBPu BtMYPbg/3Y9LZROYN+mVIFxZxOfrmjfFZ96xt/TaMXo8vcEKtWcNEjhGBjEbfMUEm4aq8ygQ 4MuEcpJc8DJCHBkg2KBk13DkbU2qNepTD6Uip1C+g+KMr0nd6KOJqSH27ZuNY4xqV4hIxFHp ex0zY7mq6fV2o6sKBGQzRdI20FDYmNjsLJwjH6qJ8laxFphZnPRpBThmu0AjuBWE72GnI1oA aO+bs92MQGJernt7hByCnDO82W/ykbVz+Ge3Sax8NY0m2Xdvp6WFDY/PjD9CdaJ9nwQGsUSa N54lrZ2qMTeCI9Vauwf6U69BA42xgk65VvxvTNqji+tZ4aZbarZ7el2/QDHOb/rRwlCFplS/ z4l1f1nOrE6bnDl5RBJyW3zi74P6GwIDAQABo4IBWTCCAVUwDAYDVR0TAQH/BAIwADBWBglg hkgBhvhCAQ0ESRZHVG8gZ2V0IHlvdXIgb3duIGNlcnRpZmljYXRlIGZvciBGUkVFIGhlYWQg b3ZlciB0byBodHRwOi8vd3d3LkNBY2VydC5vcmcwDgYDVR0PAQH/BAQDAgOoMEAGA1UdJQQ5 MDcGCCsGAQUFBwMEBggrBgEFBQcDAgYKKwYBBAGCNwoDBAYKKwYBBAGCNwoDAwYJYIZIAYb4 QgQBMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AuY2FjZXJ0Lm9y ZzAxBgNVHR8EKjAoMCagJKAihiBodHRwOi8vY3JsLmNhY2VydC5vcmcvcmV2b2tlLmNybDA0 BgNVHREELTArgRRhaGZlcnJvaW43QGdtYWlsLmNvbYETYWhlbW1lbGdAb2hpb2d0LmNvbTAN BgkqhkiG9w0BAQ0FAAOCAgEAGvl7xb42JMRH5D/vCIDYvFY3dR2FPd5kmOqpKU/fvQ8ovmJa p5N/FDrsCL+YdslxPY+AAn78PYmL5pFHTdRadT++07DPIMtQyy2qd+XRmz6zP8Il7vGcEDmO WmMLYMq4xV9s/N7t7JJp6ftdIYUcoTVChUgilDaRWMLidtslCdRsBVfUjPb1bF5Ua31diKDP e0M9/e2CU36rbcTtiNCXhptMigzuL3zJXUf2B9jyUV8pnqNEQH36fqJ7YTBLcpq3aYa2XbAH Hgx9GehJBIqwspDmhPCFZ/QmqUXCkt+XfvinQ2NzKR6P3+OdYbwqzVX8BdMeojh7Ig8x/nIx mQ+/ufstL1ZYp0bg13fyK/hPYSIBpayaC76vzWovkIm70DIDRIFLi20p/qTd7rfDYy831Hjm +lDdCECF9bIXEWFk33kA97dgQIMbf5chEmlFg8S0e4iw7LMjvRqMX3eCD8GJ2+oqyZUwzZxy S0Mx+rBld5rrN7LsXwZ671HsGqNeYbYeU25e7t7/Gcc6Bd/kPfA+adEuUGFcvUKH3trDYqNq 6mOkAd8WO/mQadlc3ztS++XDMhmIpfBre9MPAr6usqf+wc+R8Nk9KLK39kEgrqVfzc/fgf8L MaD4rHnusdg4gca6Yi+kNrm99anw7SwaBrBvULYBp7ixNRUhaYiNW4YjTrYxggShMIIEnQIB ATCBgDB5MRAwDgYDVQQKEwdSb290IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5v cmcxIjAgBgNVBAMTGUNBIENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEW EnN1cHBvcnRAY2FjZXJ0Lm9yZwIDEG5VMAkGBSsOAwIaBQCgggH1MBgGCSqGSIb3DQEJAzEL BgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTE1MDUxMjE4MTIxM1owIwYJKoZIhvcNAQkE MRYEFEgt8tkuoLtRYjcBPMNuN6iTAeyLMGwGCSqGSIb3DQEJDzFfMF0wCwYJYIZIAWUDBAEq MAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYIKoZIhvcNAwIC AUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwgZEGCSsGAQQBgjcQBDGBgzCBgDB5MRAwDgYD VQQKEwdSb290IENBMR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMT GUNBIENlcnQgU2lnbmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2Fj ZXJ0Lm9yZwIDEG5VMIGTBgsqhkiG9w0BCRACCzGBg6CBgDB5MRAwDgYDVQQKEwdSb290IENB MR4wHAYDVQQLExVodHRwOi8vd3d3LmNhY2VydC5vcmcxIjAgBgNVBAMTGUNBIENlcnQgU2ln bmluZyBBdXRob3JpdHkxITAfBgkqhkiG9w0BCQEWEnN1cHBvcnRAY2FjZXJ0Lm9yZwIDEG5V MA0GCSqGSIb3DQEBAQUABIICACkPPrrzjsVSvIX0CpSMIZbD7Jic2gcAMj0slnmAWRYSsSyI g14c3MSANJpLMq5WNyu3K5W95R6+mLxPC1s1LfuwP1I/unjZ2Z2VyBZC2eMxjP49SU9yvsqp WQ+neXOrcqnPc0DkFRLs5/Es7H6RG6Ddn+5LeYxHx1Vhv7gP/jAhAtJoe6uUbu9PSvz/nU73 K3HVLO8OmOjDL1CCuajvG/uy2YzPiZYHmbJotuRewG01uR5dFriyWuezZWVNe8ZawL27LQ8s OHx5m7cmogP42SzFjDp6hTDPB4lCWfmqBrVwt1dAI/P6DjjGQlUTrTrMYKK2MpUpSFyTq4Fu BzzLZnhKn9AqQaVDZOyD+gPP08pj54NZwALFFsgte9QlQixGlqGsKfX+jBt+Xa5/2ByphflK yOVIEICxlPNvYY+T4IIrJxaOr2uX+Y2h0aZnn3EZ8265tzsLuRmQWCDThdRHKr/dYyKOxngZ AY0Jq0s082P9zkswtiTxPsCKS6S5Sw5eGoSvwUDb0J1QjnR14wwEX4DjLRBIXuH36eOOzEo2 BcBta2qG/OtQFv/iuCWBkPlaUNQCBIjqwR7y7GNdoF79E1IYwvCXLMRkgmV+FSKe0TsIzqKR GezS/OnKM8fJxR/09z25lVLDPpvvv/uQZFz7NTsMdorBGncZvBEwMBiAn+mvAAAAAAAA --------------ms050302000007010207060403-- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/