diff options
| author | Kees Cook <keescook@chromium.org> | 2017-12-01 15:10:00 -0500 |
|---|---|---|
| committer | Ingo Molnar <mingo@kernel.org> | 2017-12-11 12:41:26 -0500 |
| commit | 0f7cda2b824bb2afe0d75716a8664117fa03f5e0 (patch) | |
| tree | cdc07e28d26c4f6aa8a57db99525b29dda0c8419 | |
| parent | 50c4c4e268a2d7a3e58ebb698ac74da0de40ae36 (diff) | |
Kconfig: Make STRICT_DEVMEM default-y on x86 and arm64
Distros have been shipping with CONFIG_STRICT_DEVMEM=y for years now. It
is probably time to flip this default for x86 and arm64.
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Laura Abbott <labbott@redhat.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Mark Rutland <mark.rutland@arm.com>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: Will Deacon <will.deacon@arm.com>
Cc: kernel-hardening@lists.openwall.com
Link: http://lkml.kernel.org/r/20171201201000.GA44539@beast
Signed-off-by: Ingo Molnar <mingo@kernel.org>
| -rw-r--r-- | lib/Kconfig.debug | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 947d3e2ed5c2..39b123d04a36 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug | |||
| @@ -1985,7 +1985,7 @@ config STRICT_DEVMEM | |||
| 1985 | bool "Filter access to /dev/mem" | 1985 | bool "Filter access to /dev/mem" |
| 1986 | depends on MMU && DEVMEM | 1986 | depends on MMU && DEVMEM |
| 1987 | depends on ARCH_HAS_DEVMEM_IS_ALLOWED | 1987 | depends on ARCH_HAS_DEVMEM_IS_ALLOWED |
| 1988 | default y if TILE || PPC | 1988 | default y if TILE || PPC || X86 || ARM64 |
| 1989 | ---help--- | 1989 | ---help--- |
| 1990 | If this option is disabled, you allow userspace (root) access to all | 1990 | If this option is disabled, you allow userspace (root) access to all |
| 1991 | of memory, including kernel and userspace memory. Accidental | 1991 | of memory, including kernel and userspace memory. Accidental |