summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorDan Williams <dan.j.williams@intel.com>2015-11-20 05:19:29 +0300
committerDan Williams <dan.j.williams@intel.com>2016-01-09 17:30:49 +0300
commit21266be9ed542f13436bd9c75316d43e1e84f6ae (patch)
treecc956d5321e1a9fde60b0e596b5e1d981cbe2409 /lib
parent9f9499ae8e6415cefc4fe0a96ad0e27864353c89 (diff)
downloadlinux-21266be9ed542f13436bd9c75316d43e1e84f6ae.tar.xz
arch: consolidate CONFIG_STRICT_DEVM in lib/Kconfig.debug
Let all the archs that implement devmem_is_allowed() opt-in to a common definition of CONFIG_STRICT_DEVM in lib/Kconfig.debug. Cc: Kees Cook <keescook@chromium.org> Cc: Russell King <linux@arm.linux.org.uk> Cc: Will Deacon <will.deacon@arm.com> Cc: Benjamin Herrenschmidt <benh@kernel.crashing.org> Cc: Martin Schwidefsky <schwidefsky@de.ibm.com> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Cc: "David S. Miller" <davem@davemloft.net> Acked-by: Catalin Marinas <catalin.marinas@arm.com> Acked-by: Heiko Carstens <heiko.carstens@de.ibm.com> [heiko: drop 'default y' for s390] Acked-by: Ingo Molnar <mingo@redhat.com> Suggested-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Dan Williams <dan.j.williams@intel.com>
Diffstat (limited to 'lib')
-rw-r--r--lib/Kconfig.debug22
1 files changed, 22 insertions, 0 deletions
diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
index 8c15b29d5adc..289dfcbc14eb 100644
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -1853,3 +1853,25 @@ source "samples/Kconfig"
source "lib/Kconfig.kgdb"
+config ARCH_HAS_DEVMEM_IS_ALLOWED
+ bool
+
+config STRICT_DEVMEM
+ bool "Filter access to /dev/mem"
+ depends on MMU
+ depends on ARCH_HAS_DEVMEM_IS_ALLOWED
+ default y if TILE || PPC
+ ---help---
+ If this option is disabled, you allow userspace (root) access to all
+ of memory, including kernel and userspace memory. Accidental
+ access to this is obviously disastrous, but specific access can
+ be used by people debugging the kernel. Note that with PAT support
+ enabled, even in this case there are restrictions on /dev/mem
+ use due to the cache aliasing requirements.
+
+ If this option is switched on, the /dev/mem file only allows
+ userspace access to PCI space and the BIOS code and data regions.
+ This is sufficient for dosemu and X and all common users of
+ /dev/mem.
+
+ If in doubt, say Y.