+ kconfig-make-strict_devmem-default-y-on-x86-and-arm64.patch added to -mm tree

[akpm@xxxxxxxxxxxxxxxxxxxx]

The patch titled
     Subject: Kconfig: make STRICT_DEVMEM default-y on x86 and arm64
has been added to the -mm tree.  Its filename is
     kconfig-make-strict_devmem-default-y-on-x86-and-arm64.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/kconfig-make-strict_devmem-default-y-on-x86-and-arm64.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/kconfig-make-strict_devmem-default-y-on-x86-and-arm64.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/SubmitChecklist when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Kees Cook <keescook@xxxxxxxxxxxx>
Subject: Kconfig: make STRICT_DEVMEM default-y on x86 and arm64

Distros have been shipping with CONFIG_STRICT_DEVMEM=y for years now.  It
is probably time to flip this default for x86 and arm64.

Link: http://lkml.kernel.org/r/20171201201000.GA44539@beast
Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Mark Rutland <mark.rutland@xxxxxxx>
Cc: Will Deacon <will.deacon@xxxxxxx>
Cc: Laura Abbott <labbott@xxxxxxxxxx>
Cc: Russell King <rmk+kernel@xxxxxxxxxxxxxxxx>
Cc: Ingo Molnar <mingo@xxxxxxx>
Cc: Thomas Gleixner <tglx@xxxxxxxxxxxxx>
Cc: "H. Peter Anvin" <hpa@xxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 lib/Kconfig.debug |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff -puN lib/Kconfig.debug~kconfig-make-strict_devmem-default-y-on-x86-and-arm64 lib/Kconfig.debug
--- a/lib/Kconfig.debug~kconfig-make-strict_devmem-default-y-on-x86-and-arm64
+++ a/lib/Kconfig.debug
@@ -1985,7 +1985,7 @@ config STRICT_DEVMEM
 	bool "Filter access to /dev/mem"
 	depends on MMU && DEVMEM
 	depends on ARCH_HAS_DEVMEM_IS_ALLOWED
-	default y if TILE || PPC
+	default y if TILE || PPC || X86 || ARM64
 	---help---
 	  If this option is disabled, you allow userspace (root) access to all
 	  of memory, including kernel and userspace memory. Accidental
_

Patches currently in -mm which might be from keescook@xxxxxxxxxxxx are

makefile-move-stack-protector-compiler-breakage-test-earlier.patch
makefile-move-stack-protector-availability-out-of-kconfig.patch
makefile-introduce-config_cc_stackprotector_auto.patch
kconfig-make-strict_devmem-default-y-on-x86-and-arm64.patch

--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html