mirror of
https://github.com/edk2-porting/linux-next.git
synced 2024-12-29 07:34:06 +08:00
ec6743bb06
Provide the devmem_is_allowed() routine to restrict access to kernel memory from userspace. Set the CONFIG_STRICT_DEVMEM config option to switch on checking. Signed-off-by: Hendrik Brueckner <brueckner@linux.vnet.ibm.com> Signed-off-by: Martin Schwidefsky <schwidefsky@de.ibm.com>
35 lines
981 B
Plaintext
35 lines
981 B
Plaintext
menu "Kernel hacking"
|
|
|
|
config TRACE_IRQFLAGS_SUPPORT
|
|
bool
|
|
default y
|
|
|
|
source "lib/Kconfig.debug"
|
|
|
|
config STRICT_DEVMEM
|
|
def_bool y
|
|
prompt "Filter access to /dev/mem"
|
|
---help---
|
|
This option restricts access to /dev/mem. If this option is
|
|
disabled, you allow userspace access to all memory, including
|
|
kernel and userspace memory. Accidental memory access is likely
|
|
to be disastrous.
|
|
Memory access is required for experts who want to debug the kernel.
|
|
|
|
If you are unsure, say Y.
|
|
|
|
config DEBUG_STRICT_USER_COPY_CHECKS
|
|
bool "Strict user copy size checks"
|
|
---help---
|
|
Enabling this option turns a certain set of sanity checks for user
|
|
copy operations into compile time warnings.
|
|
|
|
The copy_from_user() etc checks are there to help test if there
|
|
are sufficient security checks on the length argument of
|
|
the copy operation, by having gcc prove that the argument is
|
|
within bounds.
|
|
|
|
If unsure, or if you run an older (pre 4.4) gcc, say N.
|
|
|
|
endmenu
|