This change was applied during the Focal development cycle but then
reverted pending performance testing results. That performance testing
work was never finished and I'm no longer working on this bug.
** Changed in: linux (Ubuntu)
Status: Fix Committed => Triaged
** Changed in: linux (Ubuntu)
Assignee: Tyler Hicks (tyhicks) => (unassigned)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1855338
Title:
CONFIG_IO_STRICT_DEVMEM should be enabled
Status in linux package in Ubuntu:
Triaged
Bug description:
We should enable CONFIG_IO_STRICT_DEVMEM to restrict userspace access
of active io-memory ranges.
This could impact kernel debugability. In that case, you may reboot with
iomem=relaxed on the kernel commandline to override this setting.
This config option is recommended by the Kernel Self Protection Project[1]
and a 2019 study performed by Capsule 8 shows that it is enabled in many other
major distro kernels[2].
[1]
https://kernsec.org/wiki/index.php/Kernel_Self_Protection_Project/Recommended_Settings
[2]
https://capsule8.com/blog/millions-of-binaries-later-a-look-into-linux-hardening-in-the-wild/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1855338/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
