Commit 0f7cda2b authored Dec 01, 2017 by Kees Cook Committed by Ingo Molnar Dec 11, 2017

Kconfig: Make STRICT_DEVMEM default-y on x86 and arm64



Distros have been shipping with CONFIG_STRICT_DEVMEM=y for years now. It
is probably time to flip this default for x86 and arm64.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Laura Abbott <labbott@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: kernel-hardening@lists.openwall.com
Link: http://lkml.kernel.org/r/20171201201000.GA44539@beast


Signed-off-by: Ingo Molnar <mingo@kernel.org>

parent 50c4c4e2

lib/Kconfig.debug

+1 −1

Original line number	Diff line number	Diff line
		@@ -1985,7 +1985,7 @@ config STRICT_DEVMEM
		bool "Filter access to /dev/mem"
		depends on MMU && DEVMEM
		depends on ARCH_HAS_DEVMEM_IS_ALLOWED
		default y if TILE \|\| PPC
		default y if TILE \|\| PPC \|\| X86 \|\| ARM64
		---help---
		If this option is disabled, you allow userspace (root) access to all
		of memory, including kernel and userspace memory. Accidental