[PATCH V5 2/2] staging: vchiq_arm: Disable ability to dump memory by default

[Michael Zoran]

vc04_services has an ioctl interface to dump arbitrary memory
to a custom debug log.  This is typically only needed by
diagnostic tools, and can potentially be a security issue
if the devtmpfs node doesn't have adequate permissions set.

Since the ability to dump memory still has debugging value,
create a new build configuration and disable the feature
by default.

Signed-off-by: Michael Zoran <mzoran at crowfest.net>
---
 drivers/staging/vc04_services/Kconfig                      | 12 ++++++++++++
 .../staging/vc04_services/interface/vchiq_arm/vchiq_arm.c  | 14 ++++++++++++++
 2 files changed, 26 insertions(+)

diff --git a/drivers/staging/vc04_services/Kconfig b/drivers/staging/vc04_services/Kconfig
index eb52cec18c87..b9f316603308 100644
--- a/drivers/staging/vc04_services/Kconfig
+++ b/drivers/staging/vc04_services/Kconfig
@@ -18,6 +18,18 @@ config BCM2835_VCHIQ
 		Defaults to Y when the Broadcom Videocore services
 		are included in the build, N otherwise.
 
+if BCM2835_VCHIQ
+
+config BCM2835_VCHIQ_SUPPORT_MEMDUMP
+	bool "Support dumping memory contents to debug log"
+	help
+		BCM2835 VCHIQ supports the ability to dump the
+		contents of memory to the debug log.  This
+		is typically only needed by diagnostic tools used
+		to debug issues with VideoCore.
+
+endif
+
 source "drivers/staging/vc04_services/bcm2835-audio/Kconfig"
 
 source "drivers/staging/vc04_services/bcm2835-camera/Kconfig"
diff --git a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
index ca6ab47fba6f..ff96e71cfa8b 100644
--- a/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
+++ b/drivers/staging/vc04_services/interface/vchiq_arm/vchiq_arm.c
@@ -195,8 +195,10 @@ static const char *const ioctl_names[] = {
 vchiq_static_assert(ARRAY_SIZE(ioctl_names) ==
 		    (VCHIQ_IOC_MAX + 1));
 
+#if defined(CONFIG_BCM2835_VCHIQ_SUPPORT_MEMDUMP)
 static void
 dump_phys_mem(void *virt_addr, u32 num_bytes);
+#endif
 
 /****************************************************************************
 *
@@ -1159,6 +1161,7 @@ vchiq_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 				args.handle, args.option, args.value);
 	} break;
 
+#if defined(CONFIG_BCM2835_VCHIQ_SUPPORT_MEMDUMP)
 	case VCHIQ_IOC_DUMP_PHYS_MEM: {
 		VCHIQ_DUMP_MEM_T  args;
 
@@ -1170,6 +1173,7 @@ vchiq_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 		}
 		dump_phys_mem(args.virt_addr, args.num_bytes);
 	} break;
+#endif
 
 	case VCHIQ_IOC_LIB_VERSION: {
 		unsigned int lib_version = (unsigned int)arg;
@@ -1650,6 +1654,8 @@ vchiq_compat_ioctl_get_config(struct file *file,
 	return vchiq_ioctl(file, VCHIQ_IOC_GET_CONFIG, (unsigned long)args);
 }
 
+#if defined(CONFIG_BCM2835_VCHIQ_SUPPORT_MEMDUMP)
+
 struct vchiq_dump_mem32 {
 	compat_uptr_t virt_addr;
 	u32 num_bytes;
@@ -1682,6 +1688,8 @@ vchiq_compat_ioctl_dump_phys_mem(struct file *file,
 	return vchiq_ioctl(file, VCHIQ_IOC_DUMP_PHYS_MEM, (unsigned long)args);
 }
 
+#endif
+
 static long
 vchiq_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 {
@@ -1699,8 +1707,10 @@ vchiq_compat_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
 		return vchiq_compat_ioctl_dequeue_message(file, cmd, arg);
 	case VCHIQ_IOC_GET_CONFIG32:
 		return vchiq_compat_ioctl_get_config(file, cmd, arg);
+#if defined(CONFIG_BCM2835_VCHIQ_SUPPORT_MEMDUMP)
 	case VCHIQ_IOC_DUMP_PHYS_MEM32:
 		return vchiq_compat_ioctl_dump_phys_mem(file, cmd, arg);
+#endif
 	default:
 		return vchiq_ioctl(file, cmd, arg);
 	}
@@ -2044,6 +2054,8 @@ vchiq_dump_platform_service_state(void *dump_context, VCHIQ_SERVICE_T *service)
 *
 ***************************************************************************/
 
+#if defined(CONFIG_BCM2835_VCHIQ_SUPPORT_MEMDUMP)
+
 static void
 dump_phys_mem(void *virt_addr, u32 num_bytes)
 {
@@ -2126,6 +2138,8 @@ dump_phys_mem(void *virt_addr, u32 num_bytes)
 	kfree(pages);
 }
 
+#endif
+
 /****************************************************************************
 *
 *   vchiq_read
-- 
2.11.0