diff options
author | Dan Williams <dan.j.williams@intel.com> | 2015-11-20 03:19:29 +0100 |
---|---|---|
committer | Dan Williams <dan.j.williams@intel.com> | 2016-01-09 15:30:49 +0100 |
commit | 21266be9ed542f13436bd9c75316d43e1e84f6ae (patch) | |
tree | cc956d5321e1a9fde60b0e596b5e1d981cbe2409 /lib | |
parent | Linux 4.4-rc5 (diff) | |
download | linux-21266be9ed542f13436bd9c75316d43e1e84f6ae.tar.xz linux-21266be9ed542f13436bd9c75316d43e1e84f6ae.zip |
arch: consolidate CONFIG_STRICT_DEVM in lib/Kconfig.debug
Let all the archs that implement devmem_is_allowed() opt-in to a common
definition of CONFIG_STRICT_DEVM in lib/Kconfig.debug.
Cc: Kees Cook <keescook@chromium.org>
Cc: Russell King <linux@arm.linux.org.uk>
Cc: Will Deacon <will.deacon@arm.com>
Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org>
Cc: Martin Schwidefsky <schwidefsky@de.ibm.com>
Cc: Thomas Gleixner <tglx@linutronix.de>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: "David S. Miller" <davem@davemloft.net>
Acked-by: Catalin Marinas <catalin.marinas@arm.com>
Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com>
[heiko: drop 'default y' for s390]
Acked-by: Ingo Molnar <mingo@redhat.com>
Suggested-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Kconfig.debug | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug index 8c15b29d5adc..289dfcbc14eb 100644 --- a/lib/Kconfig.debug +++ b/lib/Kconfig.debug @@ -1853,3 +1853,25 @@ source "samples/Kconfig" source "lib/Kconfig.kgdb" +config ARCH_HAS_DEVMEM_IS_ALLOWED + bool + +config STRICT_DEVMEM + bool "Filter access to /dev/mem" + depends on MMU + depends on ARCH_HAS_DEVMEM_IS_ALLOWED + default y if TILE || PPC + ---help--- + If this option is disabled, you allow userspace (root) access to all + of memory, including kernel and userspace memory. Accidental + access to this is obviously disastrous, but specific access can + be used by people debugging the kernel. Note that with PAT support + enabled, even in this case there are restrictions on /dev/mem + use due to the cache aliasing requirements. + + If this option is switched on, the /dev/mem file only allows + userspace access to PCI space and the BIOS code and data regions. + This is sufficient for dosemu and X and all common users of + /dev/mem. + + If in doubt, say Y. |