Re: [PATCH] fs/proc/kcore.c: Omit kernel text area for hardened usercopy feature

From: Linus Torvalds
Date: Wed Sep 07 2016 - 13:24:30 EST

Next message: Iaroslav Gridin: "Re: [PATCH] crypto: qce: Initialize core src clock @100Mhz"
Previous message: Kees Cook: "Re: mm: GPF in __insert_vmap_area"
In reply to: Kees Cook: "Re: [PATCH] fs/proc/kcore.c: Omit kernel text area for hardened usercopy feature"
Next in thread: Jiri Olsa: "Re: [PATCH] fs/proc/kcore.c: Omit kernel text area for hardened usercopy feature"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Sep 7, 2016 at 10:17 AM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
> !DEVKMEM is easy to represent, but STRICT_DEVMEM=y gets a little ugly,

I think you can just do

config STRICT_DEVMEM
bool "Filter access to /dev/mem" if !HARDENED_USERCOPY
depends on MMU
depends on ARCH_HAS_DEVMEM_IS_ALLOWED
default y

ie you put the "if !HARDENED_USERCOPY" on the *question*, so that if
HARDENED_USERCOPY is set you'll never actually ask it.

Or you just make it go the other way, and make HARDENED_USERCOPY
depend on STRICT_DEVMEM.

Linus

Next message: Iaroslav Gridin: "Re: [PATCH] crypto: qce: Initialize core src clock @100Mhz"
Previous message: Kees Cook: "Re: mm: GPF in __insert_vmap_area"
In reply to: Kees Cook: "Re: [PATCH] fs/proc/kcore.c: Omit kernel text area for hardened usercopy feature"
Next in thread: Jiri Olsa: "Re: [PATCH] fs/proc/kcore.c: Omit kernel text area for hardened usercopy feature"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]