Skip to content

hi3516cv6xx: disable CONFIG_IO_STRICT_DEVMEM#2170

Merged
widgetii merged 2 commits into
masterfrom
hi3516cv6xx-disable-io-strict-devmem
Jun 4, 2026
Merged

hi3516cv6xx: disable CONFIG_IO_STRICT_DEVMEM#2170
widgetii merged 2 commits into
masterfrom
hi3516cv6xx-disable-io-strict-devmem

Conversation

@widgetii
Copy link
Copy Markdown
Member

@widgetii widgetii commented Jun 4, 2026

Summary

  • The hi3516cv6xx kernel defconfig added in hi3516cv6xx: add Hi3516CV610/Hi3516CV608 family support #2167 enables both `CONFIG_STRICT_DEVMEM=y` and `CONFIG_IO_STRICT_DEVMEM=y`. The latter rejects any `/dev/mem` mmap whose range overlaps a page already claimed by a driver via `request_mem_region()` — even for root.
  • That blocks userspace access to every SoC block driven by the kernel: CRG/clocks `0x11010000`, I2C `0x11060000`, SPI `0x11070000`, GPIO `0x11090000+`, UART `0x11040000+`. `ipctool`/`ipcinfo -s` and any similar diagnostic tool fail to read PLLs, probe sensors over I2C/SPI, or dump GPIO state.
  • Every other HiSilicon board in the tree that uses `CONFIG_STRICT_DEVMEM=y` already disables `CONFIG_IO_STRICT_DEVMEM` for exactly this reason (hi3516av100, hi3516dv100, hi3516cv500, hi3516av300, hi3516dv300, hi3516ev200, hi3516ev300, hi3516dv200, hi3536dv100, …). This PR aligns hi3516cv6xx with that convention.
  • `CONFIG_STRICT_DEVMEM=y` is kept, so /dev/mem still requires CAP_SYS_RAWIO and still gates non-RAM regions. Only the stronger I/O lockout is dropped.

Repro (before)

On OpenIPC `hi3516cv6xx` build, kernel 5.10.221:
```

ipctool

read_mem_reg mmap error: Operation not permitted (1)

ipcinfo -s

read_mem_reg mmap error: Operation not permitted (1)

busybox devmem 0x11010000 32

devmem: mmap: Operation not permitted # CRG/clock0, kernel-claimed
```
Same EPERM behaviour on 0x11040000 (UART), 0x11060000 (I2C), 0x11090000 (GPIO).

Related

Test plan

  • Diff matches the existing convention used across all V4/V4A HiSi boards in this repo
  • Rebuild `br-hi3516cv6xx-musl_defconfig` (or equivalent), flash a CV608 board, confirm `ipctool` emits complete YAML including `clocks:` (PLL frequencies), `sensors:` (I2C probe), and `gpio:`
  • Confirm `busybox devmem 0x11010000 32` returns a value instead of EPERM
  • `grep STRICT /sys/...` — sanity check that `CONFIG_STRICT_DEVMEM` is still on (still required for non-root attacker hardening)

🤖 Generated with Claude Code

@widgetii @claude
hi3516cv6xx: disable CONFIG_IO_STRICT_DEVMEM so ipctool can read SoC …
7db6ab5 
…regs

The kernel defconfig added in #2167 ships with both CONFIG_STRICT_DEVMEM=y
and CONFIG_IO_STRICT_DEVMEM=y. The latter rejects any /dev/mem mmap whose
range overlaps a page that has been claimed by a driver via
request_mem_region(), even for root. On Hi3516CV608 that blocks userspace
access to every page driven by the kernel -- CRG/clocks @ 0x11010000,
I2C @ 0x11060000, SPI @ 0x11070000, GPIO @ 0x11090000+, UART @ 0x11040000+
-- making ipctool, ipcinfo -s and similar hardware-discovery tools unable
to read PLL configuration, probe sensors over I2C/SPI, or dump GPIO state.

Every other HiSilicon board in the tree that uses CONFIG_STRICT_DEVMEM=y
explicitly disables CONFIG_IO_STRICT_DEVMEM (hi3516av100, hi3516dv100,
hi3516cv500, hi3516av300, hi3516dv300, hi3516ev200, hi3516ev300,
hi3516dv200, hi3536dv100, ...). Align hi3516cv6xx with that convention.

The basic devmem hardening (CONFIG_STRICT_DEVMEM=y, requiring CAP_SYS_RAWIO
and gating non-RAM regions) is preserved. Only the stronger I/O lockout
that conflicts with diagnostic userspace is dropped.

Verified on hi3516cv6xx target with kernel 5.10.221: before, every
ipctool probe of a claimed page returned EPERM; after, ipctool reads
CRG/I2C/SPI/GPIO normally and prints a complete YAML report.

Companion userspace patch in OpenIPC/ipctool#172 falls back from a
64 KiB to a single-page mmap on EPERM, which recovers chip-ID detection
even on kernels that keep IO_STRICT_DEVMEM on.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@widgetii widgetii merged commit bd88bb2 into master Jun 4, 2026
99 checks passed
@widgetii widgetii deleted the hi3516cv6xx-disable-io-strict-devmem branch June 4, 2026 12:59
@widgetii widgetii mentioned this pull request Jun 5, 2026
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cronyx cronyx Awaiting requested review from cronyx cronyx is a code owner

@flyrouter flyrouter Awaiting requested review from flyrouter flyrouter is a code owner

@viktorxda viktorxda Awaiting requested review from viktorxda viktorxda is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@widgetii