It doesn't make sense to have HARDENED_USERCOPY when either /dev/kmem is enabled or /dev/mem can be used to read kernel memory.
v2: add !MMU depend as well Signed-off-by: Tycho Andersen <[email protected]> CC: Kees Cook <[email protected]> CC: "Serge E. Hallyn" <[email protected]> CC: James Morris <[email protected]> --- security/Kconfig | 2 ++ 1 file changed, 2 insertions(+) diff --git a/security/Kconfig b/security/Kconfig index 3ff1bf9..aeabd40 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -142,6 +142,8 @@ config HARDENED_USERCOPY bool "Harden memory copies between kernel and userspace" depends on HAVE_ARCH_HARDENED_USERCOPY depends on HAVE_HARDENED_USERCOPY_ALLOCATOR + depends on !DEVKMEM + depends on !ARCH_HAS_DEVMEM_IS_ALLOWED || STRICT_DEVMEM || !MMU select BUG help This option checks for obviously wrong memory regions when -- 2.7.4
