Linus Torvalds writes: (Summary)
For example, if the distro is sure that it doesn't need /dev/mem, then
why the hell is this tied to "lockdown" that then may have to be
disabled because *other* changes may not be acceptable (eg people may
need that device DMA, or whatever).
need that device DMA, or whatever).
If that /dev/mem access prevention was just instead done as an even stricter mode of the existing CONFIG_STRICT_DEVMEM, it could just be enabled unconditionally.
enabled unconditionally.
So none of these patches raise my hackles per se. Why is this one magical mode that then - because it has such a big impact - has to be enabled/disabled as a single magical mode and with very odd rules?
very odd rules?
I think a lot of people would be happier if this wasn't so incestuous and mixing together independent things under one name, and one flag.
need that device DMA, or whatever).
If that /dev/mem access prevention was just instead done as an even stricter mode of the existing CONFIG_STRICT_DEVMEM, it could just be enabled unconditionally.
enabled unconditionally.
So none of these patches raise my hackles per se. Why is this one magical mode that then - because it has such a big impact - has to be enabled/disabled as a single magical mode and with very odd rules?
very odd rules?
I think a lot of people would be happier if this wasn't so incestuous and mixing together independent things under one name, and one flag.