LinuxLists.cc - [PATCH] Let CONFIG_STRICT_DEVMEM depends on CONFIG

2016-10-06 05:12:27

Subject: [PATCH] Let CONFIG_STRICT_DEVMEM depends on CONFIG_DEVMEM

With CONFIG_DEVMEM not set, CONFIG_STRICT_DEVMEM will be useless
even if it is set =y, thus let's update the dependency in Kconfig.

Signed-off-by: Dave Young <[email protected]>
---
lib/Kconfig.debug | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

--- linux-x86.orig/lib/Kconfig.debug
+++ linux-x86/lib/Kconfig.debug
@@ -1980,7 +1980,7 @@ config ARCH_HAS_DEVMEM_IS_ALLOWED

config STRICT_DEVMEM
bool "Filter access to /dev/mem"
- depends on MMU
+ depends on MMU && DEVMEM
depends on ARCH_HAS_DEVMEM_IS_ALLOWED
default y if TILE || PPC
---help---

2016-10-06 21:39:41

by Kees Cook

[permalink] [raw]

Subject: Re: [PATCH] Let CONFIG_STRICT_DEVMEM depends on CONFIG_DEVMEM

On Wed, Oct 5, 2016 at 10:12 PM, Dave Young <[email protected]> wrote:
> With CONFIG_DEVMEM not set, CONFIG_STRICT_DEVMEM will be useless
> even if it is set =y, thus let's update the dependency in Kconfig.
>
> Signed-off-by: Dave Young <[email protected]>

Acked-by: Kees Cook <[email protected]>

> ---
> lib/Kconfig.debug | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> --- linux-x86.orig/lib/Kconfig.debug
> +++ linux-x86/lib/Kconfig.debug
> @@ -1980,7 +1980,7 @@ config ARCH_HAS_DEVMEM_IS_ALLOWED
>
> config STRICT_DEVMEM
> bool "Filter access to /dev/mem"
> - depends on MMU
> + depends on MMU && DEVMEM
> depends on ARCH_HAS_DEVMEM_IS_ALLOWED
> default y if TILE || PPC
> ---help---

While we're at it, can we make DEVKMEM default=n? The help text even
suggests making it "n".

-Kees

--
Kees Cook
Nexus Security

2016-10-07 02:00:14

by Dave Young

[permalink] [raw]

Subject: Re: [PATCH] Let CONFIG_STRICT_DEVMEM depends on CONFIG_DEVMEM

On 10/06/16 at 02:39pm, Kees Cook wrote:
> On Wed, Oct 5, 2016 at 10:12 PM, Dave Young <[email protected]> wrote:
> > With CONFIG_DEVMEM not set, CONFIG_STRICT_DEVMEM will be useless
> > even if it is set =y, thus let's update the dependency in Kconfig.
> >
> > Signed-off-by: Dave Young <[email protected]>
>
> Acked-by: Kees Cook <[email protected]>
>
> > ---
> > lib/Kconfig.debug | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > --- linux-x86.orig/lib/Kconfig.debug
> > +++ linux-x86/lib/Kconfig.debug
> > @@ -1980,7 +1980,7 @@ config ARCH_HAS_DEVMEM_IS_ALLOWED
> >
> > config STRICT_DEVMEM
> > bool "Filter access to /dev/mem"
> > - depends on MMU
> > + depends on MMU && DEVMEM
> > depends on ARCH_HAS_DEVMEM_IS_ALLOWED
> > default y if TILE || PPC
> > ---help---
>
> While we're at it, can we make DEVKMEM default=n? The help text even
> suggests making it "n".

It's fine to me, will send another patch for that.

Thanks
Dave

>
> -Kees
>
> --
> Kees Cook
> Nexus Security