Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp2615608imm; Thu, 9 Aug 2018 16:46:30 -0700 (PDT) X-Google-Smtp-Source: AA+uWPy7VHHanmKCy6EF71PByXnSCMI3KZR2QfrpW2VNIyklVTvsFeqgsAurrKD93U6v3oZpNvrL X-Received: by 2002:a65:6102:: with SMTP id z2-v6mr4063026pgu.46.1533858390629; Thu, 09 Aug 2018 16:46:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1533858390; cv=none; d=google.com; s=arc-20160816; b=FGxVx4QGITKvM40df7wHYQCXT6IQD57aPuBHC2eOptCujc1DHnaWrqyLvNm4NGqyNN vX16SQjjhgHWCxP++ei8yl1ji9vQJKEpaNSkXOGdUHV+k4F1phMWES7jy7hoB74LYM4+ BeJ340srhOdpuaTzdYKpZcjhJn/JWVz5BnYPCgfFPm8ky5fUz865mCtl9n3J33VyMXW7 RnKysB2apvWYIAKFTS+I5hxzLw+u3eIXjI6iCvzmffPaBT0Ce82ikqb4Y9uw4aGtZFf0 L40xoFr/XYJI48c6vgEMzAo0ra23oyUFwl7Hr763SizzSri6Q3vtF/pbrh4zypYR0vWJ YTGw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature :arc-authentication-results; bh=wcyHnTtVqv5XHgoxMZgtnKMHTJyDCKkOyg+9HZyQlBU=; b=X6SAXCrotWBz3OnL/DvHdPzRVwN8t0zwokNsfF7HI2mLugDKRMb2BTLM1t3RLpIcxQ P+Yw+vDVvNn+/Q9Rc/6RvufVMpU4g+YZLYkT2QIkpPdhd7LH4QybCpGHcbmj35Zqagri kwk93Y+zMrqkhgfdTj+vTY2It0SnIDasPlbGijSH8Ebq80ercK19/qAwVbkUlPimfHeK vbmr9FWegUO96vYH6cP2xoU8cl1kXgabNdwAs7gKBgx732c5+JnxNpSgw0D4jB3Hhu0U 8oM9FAbFMLZKQLQbPaJBfyLIHnOZrTeFaMpeLfMpRMNKsjC3GrGW+sIFQnD1P8P7fWlP V7aQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DczlXIgN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q90-v6si8834547pfa.272.2018.08.09.16.46.15; Thu, 09 Aug 2018 16:46:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=DczlXIgN; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727758AbeHJCMJ (ORCPT + 99 others); Thu, 9 Aug 2018 22:12:09 -0400 Received: from mail-ua1-f67.google.com ([209.85.222.67]:41866 "EHLO mail-ua1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727391AbeHJCMJ (ORCPT ); Thu, 9 Aug 2018 22:12:09 -0400 Received: by mail-ua1-f67.google.com with SMTP id h1-v6so192108uao.8 for ; Thu, 09 Aug 2018 16:44:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wcyHnTtVqv5XHgoxMZgtnKMHTJyDCKkOyg+9HZyQlBU=; b=DczlXIgN0BikDzwcQN/3l6BU06tjCZBuSkefRiW+X/lmTdC47p6odFSYOQNS/BXGbO cJZpdKzLWDsmzz0RvV7SMf/+b1dBVJ/SMCVgZnSwsqIW/9qIsNmK+uWgSZPDyqbJCjxx XH1C9KUhSn/lnobbzV8ule56A1/XJNpONFU0U= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wcyHnTtVqv5XHgoxMZgtnKMHTJyDCKkOyg+9HZyQlBU=; b=e5jfKaLCpfB4H60X4b3mUXhXyX2clqwRJ01m8s0Yi69ByZkkbWKZH370NDenOLXj7C V1BrXM/9H7EV9PmlKY9WgTL+s8a9DKOtHIcBg1XPy2Xli+hmsrcYMsdN6r7wlANh96tN C/QVQIHCi9nJTjhdYqb1WlecNFxhu6wXb4WlH4r/j+23H9A+MpOza8lG9JOftm19hUEP l7+CGhHdNlAEwN3i45sp3r04EGhz1wf57eXf7rJO1zKMn1+zfMcYKnRrXFiRvTDik9C2 +cgx53oKNqGKhf0sgaBmSEjW1GNAgQgxOC8+zflpoCF74z+rV+7UMwidAZknM2TzrYY+ twXQ== X-Gm-Message-State: AOUpUlFVPxtsz1LaIVvA42eFwnpU8aaEIQdp9JAmGmC6YHZjK5HLyPnb O318t6QhOEi34sdC7pPtlhQZ+4c93OhmpWl1X1BG7g== X-Received: by 2002:ab0:458f:: with SMTP id u15-v6mr2940247uau.202.1533858296678; Thu, 09 Aug 2018 16:44:56 -0700 (PDT) MIME-Version: 1.0 References: <20180809171722.144325-1-swboyd@chromium.org> <20180809171722.144325-8-swboyd@chromium.org> <153385579866.220756.16086660810932774163@swboyd.mtv.corp.google.com> In-Reply-To: From: Julius Werner Date: Thu, 9 Aug 2018 16:44:43 -0700 Message-ID: Subject: Re: [PATCH v3 7/7] firmware: coreboot: Request table region for exclusive access To: Julius Werner Cc: swboyd@chromium.org, Greg Kroah-Hartman , LKML , Wei-Ning Huang , Brian Norris , samuel@sholland.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Actually, looking at what IO_STRICT_DEVMEM really does, would it really prevent userspace accesses to these areas? Because it seems that it only prevents accesses to areas marked as IORESOURCE_BUSY, and while I can't fully follow how the kernel assigns that, comments suggest that this is only set when "Driver has marked this resource busy". So after you make the change to the other patch where we immediately unmap the coreboot table again at the end of the probe() function, shouldn't it become available to userspace again even with IO_STRICT_DEVMEM set? On Thu, Aug 9, 2018 at 4:37 PM Julius Werner wrote: > > > Furthermore, I see that my system RAM excludes this coreboot table so it > > doesn't fall into the bucket that CONFIG_STRICT_DEVMEM would find. > > Yes, that is intentional. We don't want the kernel to try to use that > memory for anything else (since we want those tables to survive), so > we mark them as reserved in the e820 map. > > > > (I guess an alternative would be to rewrite 'cbmem' to use > > > /sys/bus/coreboot/devices if available to get its coreboot table > > > information. But we'd still need to maintain the old path for > > > backwards compatibility anyway, so that would really just make it more > > > complicated.) > > > > This sounds like a good idea. Userspace reaching into /dev/mem is not > > good from a kernel hardening perspective. That's why those strict devmem > > configs exist. Can cbmem be updated to query information from device > > drivers instead, so that we can enable CONFIG_IO_STRICT_DEVMEM as well? > > Well... problem is that cbmem doesn't just access the coreboot tables, > it accesses more stuff. There is actually a larger memory region > called CBMEM (that's what the utility is named after) which contains > all sorts of random memory allocations that coreboot wanted to survive > for the lifetime of the system. The coreboot table is one section in > there, and it sort of serves as a directory for some of the others > (although there's also just a general CBMEM directory... there's some > redundancy there). But cbmem can also print some of the other CBMEM > sections which it finds by querying the coreboot table, such as the > firmware log or the boot timestamps. > > So the question is how we can get to that content if /dev/mem isn't > available anymore. One option would be to just write separate kernel > drivers to completely replace the cbmem utility (we already have one > for the log, for example), but I think Linux generally doesn't want to > have too much logic and parsing and stuff in kernel drivers. Another > option is to add a driver that just exposes a sysfs file through which > you could read (we don't need to write) the CBMEM area... but then > we'd essentially want that to take absolute addresses because that's > what the coreboot table pointers contain, so we would've just built > /dev/mem by another name (for a restricted range). > > The nicest thing, really, would be if there was a way for a kernel > driver to mark specific regions as "allowed" by /dev/mem. I don't > suppose we'd be willing to introduce a mechanism like that?