summaryrefslogtreecommitdiff
path: root/arch/x86/Kconfig
diff options
context:
space:
mode:
authorThomas Gleixner <tglx@linutronix.de>2019-11-12 01:03:28 +0300
committerThomas Gleixner <tglx@linutronix.de>2019-11-16 13:24:05 +0300
commitc8137ace56383688af911fea5934c71ad158135e (patch)
tree27f653f628e61a868ef0e4d9ece62185e1c24952 /arch/x86/Kconfig
parentbe9afb4b529d9e3a68da1212e33be677bbfc8d2c (diff)
downloadlinux-c8137ace56383688af911fea5934c71ad158135e.tar.xz
x86/iopl: Restrict iopl() permission scope
The access to the full I/O port range can be also provided by the TSS I/O bitmap, but that would require to copy 8k of data on scheduling in the task. As shown with the sched out optimization TSS.io_bitmap_base can be used to switch the incoming task to a preallocated I/O bitmap which has all bits zero, i.e. allows access to all I/O ports. Implementing this allows to provide an iopl() emulation mode which restricts the IOPL level 3 permissions to I/O port access but removes the STI/CLI permission which is coming with the hardware IOPL mechansim. Provide a config option to switch IOPL to emulation mode, make it the default and while at it also provide an option to disable IOPL completely. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Andy Lutomirski <luto@kernel.org>
Diffstat (limited to 'arch/x86/Kconfig')
-rw-r--r--arch/x86/Kconfig32
1 files changed, 32 insertions, 0 deletions
diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index d6e1faa28c58..2aad1cd14cc5 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -1254,6 +1254,38 @@ config X86_VSYSCALL_EMULATION
Disabling this option saves about 7K of kernel size and
possibly 4K of additional runtime pagetable memory.
+choice
+ prompt "IOPL"
+ default X86_IOPL_EMULATION
+
+config X86_IOPL_EMULATION
+ bool "IOPL Emulation"
+ ---help---
+ Legacy IOPL support is an overbroad mechanism which allows user
+ space aside of accessing all 65536 I/O ports also to disable
+ interrupts. To gain this access the caller needs CAP_SYS_RAWIO
+ capabilities and permission from potentially active security
+ modules.
+
+ The emulation restricts the functionality of the syscall to
+ only allowing the full range I/O port access, but prevents the
+ ability to disable interrupts from user space.
+
+config X86_IOPL_LEGACY
+ bool "IOPL Legacy"
+ ---help---
+ Allow the full IOPL permissions, i.e. user space access to all
+ 65536 I/O ports and also the ability to disable interrupts, which
+ is overbroad and can result in system lockups.
+
+config X86_IOPL_NONE
+ bool "IOPL None"
+ ---help---
+ Disable the IOPL permission syscall. That's the safest option as
+ no sane application should depend on this functionality.
+
+endchoice
+
config TOSHIBA
tristate "Toshiba Laptop support"
depends on X86_32