Re: [PATCH] Let CONFIG_STRICT_DEVMEM depends on CONFIG_DEVMEM
From: Dave Young
Date: Thu Oct 06 2016 - 22:00:18 EST
On 10/06/16 at 02:39pm, Kees Cook wrote:
> On Wed, Oct 5, 2016 at 10:12 PM, Dave Young <dyoung@xxxxxxxxxx> wrote:
> > With CONFIG_DEVMEM not set, CONFIG_STRICT_DEVMEM will be useless
> > even if it is set =y, thus let's update the dependency in Kconfig.
> >
> > Signed-off-by: Dave Young <dyoung@xxxxxxxxxx>
>
> Acked-by: Kees Cook <keescook@xxxxxxxxxxxx>
>
> > ---
> > lib/Kconfig.debug | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > --- linux-x86.orig/lib/Kconfig.debug
> > +++ linux-x86/lib/Kconfig.debug
> > @@ -1980,7 +1980,7 @@ config ARCH_HAS_DEVMEM_IS_ALLOWED
> >
> > config STRICT_DEVMEM
> > bool "Filter access to /dev/mem"
> > - depends on MMU
> > + depends on MMU && DEVMEM
> > depends on ARCH_HAS_DEVMEM_IS_ALLOWED
> > default y if TILE || PPC
> > ---help---
>
> While we're at it, can we make DEVKMEM default=n? The help text even
> suggests making it "n".
It's fine to me, will send another patch for that.
Thanks
Dave
>
> -Kees
>
> --
> Kees Cook
> Nexus Security