@@ -10506,7 +10506,7 @@ CONFIG_PROVIDE_OHCI1394_DMA_INIT policy<{'amd64': 'n', 'i386': 'n
CONFIG_MEMTEST policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}>
CONFIG_BUG_ON_DATA_CORRUPTION policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}>
CONFIG_STRICT_DEVMEM policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}>
-CONFIG_IO_STRICT_DEVMEM policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}>
+CONFIG_IO_STRICT_DEVMEM policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}>
CONFIG_PID_IN_CONTEXTIDR policy<{'arm64': 'n', 'armhf': 'n'}>
CONFIG_DEBUG_WX policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y'}>
CONFIG_DEBUG_ALIGN_RODATA policy<{'arm64': 'n', 'armhf': 'y'}>
@@ -10515,6 +10515,7 @@ CONFIG_EARLY_PRINTK policy<{'amd64': 'y', 'i386': 'y
CONFIG_PANIC_ON_OOPS note<keep working if at all possible>
CONFIG_BUG_ON_DATA_CORRUPTION flag<REVIEW>
CONFIG_STRICT_DEVMEM mark<ENFORCED>
+CONFIG_IO_STRICT_DEVMEM mark<ENFORCED> note<LP:1855338>
# Menu: Kernel hacking >> Architecture: arm
CONFIG_DEBUG_USER policy<{'armhf': 'n'}>
@@ -4614,7 +4614,7 @@ CONFIG_IO_DELAY_0XED=y
# CONFIG_IO_DELAY_NONE is not set
# CONFIG_IO_DELAY_UDELAY is not set
CONFIG_IO_EVENT_IRQ=y
-# CONFIG_IO_STRICT_DEVMEM is not set
+CONFIG_IO_STRICT_DEVMEM=y
CONFIG_IO_URING=y
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_IPTABLES=m
BugLink: https://launchpad.net/bugs/1855338 Enable CONFIG_IO_STRICT_DEVMEM to restrict userspace access of active io-memory ranges. This could impact kernel debugability. In that case, you may reboot with iomem=relaxed on the kernel commandline to override this setting. Signed-off-by: Tyler Hicks <tyhicks@canonical.com> --- debian.master/config/annotations | 3 ++- debian.master/config/config.common.ubuntu | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-)