On Wed, Sep 7, 2016 at 10:17 AM, Kees Cook <keesc...@chromium.org> wrote: > > !DEVKMEM is easy to represent, but STRICT_DEVMEM=y gets a little ugly,
I think you can just do config STRICT_DEVMEM bool "Filter access to /dev/mem" if !HARDENED_USERCOPY depends on MMU depends on ARCH_HAS_DEVMEM_IS_ALLOWED default y ie you put the "if !HARDENED_USERCOPY" on the *question*, so that if HARDENED_USERCOPY is set you'll never actually ask it. Or you just make it go the other way, and make HARDENED_USERCOPY depend on STRICT_DEVMEM. Linus