Re: [patch V3 17/20] x86/iopl: Restrict iopl() permission scope

From: Thomas Gleixner
Date: Thu Nov 14 2019 - 13:39:31 EST


On Thu, 14 Nov 2019, Borislav Petkov wrote:
> On Wed, Nov 13, 2019 at 09:42:57PM +0100, Thomas Gleixner wrote:
> > +config X86_IOPL_EMULATION
> > + bool "IOPL Emulation"
> > + ---help---
> > + Legacy IOPL support is an overbroad mechanism which allows user
> > + space aside of accessing all 65536 I/O ports also to disable
> > + interrupts. To gain this access the caller needs CAP_SYS_RAWIO
> > + capabilities and permission from eventually active security
>
> I think you mean here: s/eventually/potentially/ or so. "eventually" is
> one of the false friends. :)

Fixed