On 10/06/16 at 02:39pm, Kees Cook wrote: > On Wed, Oct 5, 2016 at 10:12 PM, Dave Young <dyo...@redhat.com> wrote: > > With CONFIG_DEVMEM not set, CONFIG_STRICT_DEVMEM will be useless > > even if it is set =y, thus let's update the dependency in Kconfig. > > > > Signed-off-by: Dave Young <dyo...@redhat.com> > > Acked-by: Kees Cook <keesc...@chromium.org> > > > --- > > lib/Kconfig.debug | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > --- linux-x86.orig/lib/Kconfig.debug > > +++ linux-x86/lib/Kconfig.debug > > @@ -1980,7 +1980,7 @@ config ARCH_HAS_DEVMEM_IS_ALLOWED > > > > config STRICT_DEVMEM > > bool "Filter access to /dev/mem" > > - depends on MMU > > + depends on MMU && DEVMEM > > depends on ARCH_HAS_DEVMEM_IS_ALLOWED > > default y if TILE || PPC > > ---help--- > > While we're at it, can we make DEVKMEM default=n? The help text even > suggests making it "n".
It's fine to me, will send another patch for that. Thanks Dave > > -Kees > > -- > Kees Cook > Nexus Security