On Wed, Sep 7, 2016 at 10:17 AM, Kees Cook <keesc...@chromium.org> wrote:
>
> !DEVKMEM is easy to represent, but STRICT_DEVMEM=y gets a little ugly,
I think you can just do
config STRICT_DEVMEM
bool "Filter access to /dev/mem" if !HARDENED_USERCOPY
depends on MMU
depends on ARCH_HAS_DEVMEM_IS_ALLOWED
default y
ie you put the "if !HARDENED_USERCOPY" on the *question*, so that if
HARDENED_USERCOPY is set you'll never actually ask it.
Or you just make it go the other way, and make HARDENED_USERCOPY
depend on STRICT_DEVMEM.
Linus
