>From 96f0e3764bb3c764cd103b2829ab10176cf5b8c7 Mon Sep 17 00:00:00 2001
From: Tycho Andersen <tycho@docker.com>
Date: Wed, 8 Mar 2017 16:19:26 -0800
Subject: [PATCH] security/Kconfig: further restrict HARDENED_USERCOPY

It doesn't make sense to have HARDENED_USERCOPY when either /dev/kmem is
enabled or /dev/mem can be used to read kernel memory.

Signed-off-by: Tycho Andersen <tycho@docker.com>
---
 security/Kconfig | 1 +
 1 file changed, 1 insertion(+)

diff --git a/security/Kconfig b/security/Kconfig
index d900f47..8ff32d3 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -137,6 +137,7 @@ config HARDENED_USERCOPY
 	bool "Harden memory copies between kernel and userspace"
 	depends on HAVE_ARCH_HARDENED_USERCOPY
 	depends on HAVE_HARDENED_USERCOPY_ALLOCATOR
+	depends on !DEVKMEM && (!ARCH_HAS_DEVMEM_IS_ALLOWED || STRICT_DEVMEM)
 	select BUG
 	help
 	  This option checks for obviously wrong memory regions when
-- 
2.7.4