Skip to content

Commit

Permalink
iopl.2: Updating description of permissions and disabling interrupts
Browse files Browse the repository at this point in the history 
Update description of permissions for port-mapped I/O set
per-thread and not per-process. Mention that iopl() can not
disable interrupts since Linux 5.5 anymore and is in general
deprecated and only provided for legacy X servers.

See https://bugzilla.kernel.org/show_bug.cgi?id=205317

Reported-by: victorm007@yahoo.com
Signed-off-by: Thomas Piekarski <t.piekarski@deloquencia.de>
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
  • Loading branch information
@tpiekarski @mkerrisk
tpiekarski authored and mkerrisk committed Jun 29, 2020
1 parent ada17e7 commit 6caf6c4
Showing 1 changed file with 14 additions and 20 deletions.
34 changes: 14 additions & 20 deletions man2/iopl.2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,29 +39,17 @@ iopl \- change I/O privilege level
.BI "int iopl(int " level );
.SH DESCRIPTION
.BR iopl ()
changes the I/O privilege level of the calling process,
changes the I/O privilege level of the calling thread,
as specified by the two least significant bits in
.IR level .
.PP
This call is necessary to allow 8514-compatible X servers to run under
Linux.
Since these X servers require access to all 65536 I/O ports, the
.BR ioperm (2)
call is not sufficient.
The I/O privilege level for a normal thread is 0.
Permissions are inherited from parents to children.
.PP
In addition to granting unrestricted I/O port access, running at a higher
I/O privilege level also allows the process to disable interrupts.
This will probably crash the system, and is not recommended.
.PP
Permissions are not inherited by the child process created by
.BR fork (2)
and are not preserved across
.BR execve (2)
(but see NOTES).
.PP
The I/O privilege level for a normal process is 0.
.PP
This call is mostly for the i386 architecture.
This call is deprecated, significantly slower than
.BR ioperm(2)
and is only provided for older X servers which require
access to all 65536 I/O ports. It is mostly for the i386 architecture.
On many other architectures it does not exist or will always
return an error.
.SH RETURN VALUE
Expand All @@ -79,7 +67,7 @@ is greater than 3.
This call is unimplemented.
.TP
.B EPERM
The calling process has insufficient privilege to call
The calling thread has insufficient privilege to call
.BR iopl ();
the
.B CAP_SYS_RAWIO
Expand All @@ -99,6 +87,12 @@ and in
.IR <sys/perm.h> .
Avoid the latter, it is available on i386 only.
.PP
Prior to Linux 5.5
.BR iopl ()
allowed the thread to disable interrupts while running
at a higher I/O privilege level. This will probably crash
the system, and is not recommended.
.PP
Prior to Linux 3.7,
on some architectures (such as i386), permissions
.I were
Expand Down

0 comments on commit 6caf6c4

Please sign in to comment.