LinuxQuestions.org - Kernels refuses to mmap (open FD) on /dev/mem ( CAP_SYS

- Linux - Kernel (https://www.linuxquestions.org/questions/linux-kernel-70/)

- - Kernels refuses to mmap (open FD) on /dev/mem ( CAP_SYS_RAWIO) (https://www.linuxquestions.org/questions/linux-kernel-70/kernels-refuses-to-mmap-open-fd-on-dev-mem-cap_sys_rawio-707276/)

Kernels refuses to mmap (open FD) on /dev/mem ( CAP_SYS_RAWIO)

Hi everybody !
(sorry if it is not the good forum.. but I think it is a SECURITY issue)

I use Linux kernel 2.6.27 on a embedded system based on ARM 9 Atmel At91sam9260.

I try to access the ARM register (last 4kB memory address in physical space) by opening a FD (file descriptor) on /dev/mem.
It does not work and it seems that the problem is related to the capabilities CAP_SYS_RAWIO. I don't really know how it works but I know it is related to security... I don't need this kind of security. Nobody
has "external access" to my embedded board. I really need to activate some GPIO and modifying some register value of my ARM processor.

Can you tell me how to disable this kind of security in my kernel for my embedded system ?

Or do you have any code snippet or instruction about how to access my ARM register (GPIO and other) ?

Wonder if this also made its way into the ARM tree ...
Check your kernel for CONFIG_STRICT_DEVMEM

Moved to Kernel for better exposure.

I should have mentioned that was merged in 2.6.27

I am not sure what you want me to do when you talk about CONFIG_STRICT_DEVMEM. First of all, this CONFIG flag is not inside my .config file of my kernel (2.6.27). So I took a chance to add it like this: CONFIG_STRICT_DEVMEM=y but now I am not sure if we need it or if we need to remove it ... like CONFIG_STRICT_DEVMEM is not set. I saw also that there is a small bug about /dev/mem mmap breakage when PAT is disabled. I saw the small patch (only 3 lines to add in pat.c file). But my problem is before the call to MMAP function.

Remember that the problem is when I try to OPEN the /dev/mem (a character device). If I understand, inside the mem.c file,
the "desired" action over /dev/mem is open_mem (which is a #define that equate open_port) and open_port check if the system
is CAPABLE of CAP_SYS_RAWIO. That's why I think that maybe I can just GIVE the capabilities to CAP_SYS_RAWIO but I don't know
how it works, what to do, etc.

- I DON'T SEE the effect or the link with CONFIG_STRICT_DEVMEM - The only thing I see is the relation between CONFIG_STRICT_DEVMEM and function range_is_allowed() which in turn is related to mmap and read function. OK, maybe I need
to define CONFIG_STRICT_DEVMEM=y for the mmap on /dev/mem but for the OPEN function, I don't know... or I don't understand.

Thanks for your help.

NOTE: Trying to access internal register (like GPIO) of a ARM9 processor, atmel at91sam9260 with LINUX kernel 2.6.27.

Hi, has anyone figured this out ? Thanks.