From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752172AbdLDP4H (ORCPT ); Mon, 4 Dec 2017 10:56:07 -0500 Received: from usa-sjc-mx-foss1.foss.arm.com ([217.140.101.70]:37684 "EHLO foss.arm.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751619AbdLDP4G (ORCPT ); Mon, 4 Dec 2017 10:56:06 -0500 Date: Mon, 4 Dec 2017 15:56:10 +0000 From: Will Deacon To: Kees Cook Cc: Andrew Morton , linux-kernel@vger.kernel.org, kernel-hardening@lists.openwall.com, Mark Rutland , Laura Abbott , x86@kernel.org Subject: Re: [PATCH] Kconfig: Make STRICT_DEVMEM default-y on x86 and arm64 Message-ID: <20171204155610.GH29619@arm.com> References: <20171201201000.GA44539@beast> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20171201201000.GA44539@beast> User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Dec 01, 2017 at 12:10:00PM -0800, Kees Cook wrote: > Distros have been shipping with CONFIG_STRICT_DEVMEM=y for years now. It > is probably time to flip this default for x86 and arm64. Should we be defaulting IO_STRICT_DEVMEM on as well? Will > Signed-off-by: Kees Cook > --- > lib/Kconfig.debug | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug > index 947d3e2ed5c2..39b123d04a36 100644 > --- a/lib/Kconfig.debug > +++ b/lib/Kconfig.debug > @@ -1985,7 +1985,7 @@ config STRICT_DEVMEM > bool "Filter access to /dev/mem" > depends on MMU && DEVMEM > depends on ARCH_HAS_DEVMEM_IS_ALLOWED > - default y if TILE || PPC > + default y if TILE || PPC || X86 || ARM64 > ---help--- > If this option is disabled, you allow userspace (root) access to all > of memory, including kernel and userspace memory. Accidental > -- > 2.7.4 > > > -- > Kees Cook > Pixel Security