From: Thomas Piekarski <email@example.com> To: firstname.lastname@example.org Cc: Thomas Gleixner <email@example.com>, linux-man <firstname.lastname@example.org>, email@example.com Subject: Re: [PATCH-v2] iopl.2: Updating description of permissions and disabling interrupts Date: Fri, 26 Jun 2020 22:29:23 +0200 Message-ID: <firstname.lastname@example.org> (raw) In-Reply-To: <CAKgNAkiNQw5DE9X5Mw2MMF+=bXHzAz45ym+=s2_C2Nz=p4zfQg@mail.gmail.com> Updating description of permissions for port-mapped I/O set per-thread and not per-process. Mentioning iopl can not disable interrupts since 5.5 anymore and is in general deprecated and only provided for legacy X servers. See https://bugzilla.kernel.org/show_bug.cgi?id=205317 Reported-by: email@example.com Signed-off-by: Thomas Piekarski <firstname.lastname@example.org> --- man2/iopl.2 | 34 ++++++++++++++-------------------- 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/man2/iopl.2 b/man2/iopl.2 index e5b216a14..be9acfd1e 100644 --- a/man2/iopl.2 +++ b/man2/iopl.2 @@ -39,29 +39,17 @@ iopl \- change I/O privilege level .BI "int iopl(int " level ); .SH DESCRIPTION .BR iopl () -changes the I/O privilege level of the calling process, +changes the I/O privilege level of the calling thread, as specified by the two least significant bits in .IR level . .PP -This call is necessary to allow 8514-compatible X servers to run under -Linux. -Since these X servers require access to all 65536 I/O ports, the -.BR ioperm (2) -call is not sufficient. +The I/O privilege level for a normal thread is 0. +Permissions are inherited from parents to children. .PP -In addition to granting unrestricted I/O port access, running at a higher -I/O privilege level also allows the process to disable interrupts. -This will probably crash the system, and is not recommended. -.PP -Permissions are not inherited by the child process created by -.BR fork (2) -and are not preserved across -.BR execve (2) -(but see NOTES). -.PP -The I/O privilege level for a normal process is 0. -.PP -This call is mostly for the i386 architecture. +This call is deprecated, significantly slower than +.BR ioperm(2) +and is only provided for older X servers which require +access to all 65536 I/O ports. It is mostly for the i386 architecture. On many other architectures it does not exist or will always return an error. .SH RETURN VALUE @@ -79,7 +67,7 @@ is greater than 3. This call is unimplemented. .TP .B EPERM -The calling process has insufficient privilege to call +The calling thread has insufficient privilege to call .BR iopl (); the .B CAP_SYS_RAWIO @@ -99,6 +87,12 @@ and in .IR <sys/perm.h> . Avoid the latter, it is available on i386 only. .PP +Prior to Linux 5.5 +.BR iopl () +allowed the thread to disable interrupts while running +at a higher I/O privilege level. This will probably crash +the system, and is not recommended. +.PP Prior to Linux 3.7, on some architectures (such as i386), permissions .I were -- 2.20.1 On 24.06.20 11:53 AM, Michael Kerrisk (man-pages) wrote: > Hi Thomas P, > > Might you have an update for this patch? > > Thanks, > > Michael > > > On Thu, 28 May 2020 at 16:52, Thomas Piekarski > <email@example.com> wrote: >> On 28.05.20 3:22 PM, Thomas Gleixner wrote: >>> "Michael Kerrisk (man-pages)" <firstname.lastname@example.org> writes: >>> >>>> I expect that the small change at Thomas P proposes in this patch is >>>> correct (i.e., iopl(2) operates per-thread, not per-process). I >>>> remember that you touch the relevant kernel source file often. Perhaps >>>> you are able to give a quick Ack? >>>>> >>>>> man2/iopl.2 | 6 +++--- >>>>> 1 file changed, 3 insertions(+), 3 deletions(-) >>>>> >>>>> diff --git a/man2/iopl.2 b/man2/iopl.2 >>>>> index e5b216a14..329095808 100644 >>>>> --- a/man2/iopl.2 >>>>> +++ b/man2/iopl.2 >>>>> @@ -39,7 +39,7 @@ iopl \- change I/O privilege level >>>>> .BI "int iopl(int " level ); >>>>> .SH DESCRIPTION >>>>> .BR iopl () >>>>> -changes the I/O privilege level of the calling process, >>>>> +changes the I/O privilege level of the calling thread, >>> >>> I'm fine with the s/process/thread/ changes. The permissions are really >>> per thread. >>> >>> Though the manpage should mention that a thread inherits the permissions >>> from the parent, i.e. clone() vs. fork(), exec(). >>> >>>>> as specified by the two least significant bits in >>>>> .IR level . >>>>> .PP >>>>> @@ -50,7 +50,7 @@ Since these X servers require access to all 65536 I/O >>>>> ports, the >>>>> call is not sufficient. >>>>> .PP >>>>> In addition to granting unrestricted I/O port access, running at a higher >>>>> -I/O privilege level also allows the process to disable interrupts. >>>>> +I/O privilege level also allows the thread to disable interrupts. >>> >>> This paragraph became outdated as of >>> >>> a24ca9976843 ("x86/iopl: Remove legacy IOPL option") >>> >>> in v5.5. The kernel no longer allows user space to disable >>> interrupts. It still grants access to _ALL_ 64k ioports. >>> >>> Also: >>> >>>> This call is necessary to allow 8514-compatible X servers to run under >>>> Linux. Since these X servers require access to all 65536 I/O ports, >>>> the ioperm(2) call is not sufficient. >>> >>> is outdated. >>> >>> ioperm() allows to set all 64k bits, but its significantly slower than >>> iopl(3) because it needs to copy 8k of data on context switch while >>> iopl(3) just maps an 'all bits set' static bitmap. >>> >>> Aside of that only really old x servers rely on iopl(3). >> >> >> Thanks for your feedback. I'll update the patch accordingly. >> >> 1. Rechecking that it says that permissions are inherited from parents >> 2. Stating that since Kernel v5.5 it is not possible anymore to >> disable interrupts from user space >> 3. Removing the paragraph "This call is necessary..." >> >> Should the man page mention that iopl is deprecated, provided only for >> compatibility to old X-Servers and significantly slower than ioperm?
next prev parent reply index Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top 2020-05-24 13:22 [PATCH] iopl.2: Changing description of permissions set per-process to per-thread Thomas Piekarski 2020-05-25 13:57 ` Michael Kerrisk (man-pages) 2020-05-28 13:22 ` Thomas Gleixner 2020-05-28 14:52 ` Thomas Piekarski 2020-06-24 9:53 ` Michael Kerrisk (man-pages) 2020-06-26 20:29 ` Thomas Piekarski [this message] 2020-06-29 11:49 ` [PATCH-v2] iopl.2: Updating description of permissions and disabling interrupts Michael Kerrisk (man-pages)
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ --email@example.com \ --firstname.lastname@example.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
Linux-man Archive on lore.kernel.org Archives are clonable: git clone --mirror https://lore.kernel.org/linux-man/0 linux-man/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 linux-man linux-man/ https://lore.kernel.org/linux-man \ email@example.com public-inbox-index linux-man Example config snippet for mirrors Newsgroup available over NNTP: nntp://nntp.lore.kernel.org/org.kernel.vger.linux-man AGPL code for this site: git clone https://public-inbox.org/public-inbox.git