From 0611462e3350df51a1eeab9fa72d181730105cb9 Mon Sep 17 00:00:00 2001
From: Emily <vcs@emily.moe>
Date: Sat, 4 Apr 2020 23:02:31 +0100
Subject: [PATCH] linux_*_hardened: don't set {,IO_}STRICT_DEVMEM

STRICT_DEVMEM is on by default in upstream 5.6.2; IO_STRICT_DEVMEM is
turned on by anthraxx/linux-hardened@103d23cb6645c1110fa33f2ce1ed1bba2b094081.

Note that anthraxx/linux-hardened@db1d27e10e0e624632ecda9e72abb9ab126da4ce
disables DEVMEM by default, so this is only relevant if that default is
overridden to turn it back on.
---
 pkgs/os-specific/linux/kernel/hardened-config.nix | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix
index 4e1c79b477e..14503854d3e 100644
--- a/pkgs/os-specific/linux/kernel/hardened-config.nix
+++ b/pkgs/os-specific/linux/kernel/hardened-config.nix
@@ -37,10 +37,6 @@ assert (versionAtLeast version "4.9");
 
   STRICT_KERNEL_RWX = whenAtLeast "4.11" yes;
 
-  # Stricter /dev/mem
-  STRICT_DEVMEM    = option yes;
-  IO_STRICT_DEVMEM = option yes;
-
   # Perform additional validation of commonly targeted structures.
   DEBUG_CREDENTIALS     = yes;
   DEBUG_NOTIFIERS       = yes;