--- linux-2.6.4/drivers/char/mem.c.secure_kmem	Sat Mar 20 13:56:11 2004
+++ linux-2.6.4/drivers/char/mem.c	Sat Mar 20 14:01:13 2004
@@ -205,10 +205,10 @@
 	if (!valid_phys_addr_range(p, &count))
 		return -EFAULT;
 
-#ifdef CONFIG_GRKERNSEC_KMEM
+	if (grsec_enable_secure_kmem) {
 	gr_handle_mem_write();
 	return -EPERM;
-#endif
+	}
 
 	return do_write_mem(file, __va(p), p, buf, count, ppos);
 }
@@ -225,10 +225,10 @@
 		vma->vm_page_prot = pgprot_noncached(vma->vm_page_prot);
 #endif
 
-#ifdef CONFIG_GRKERNSEC_KMEM
+	if (grsec_enable_secure_kmem) {
 	if (gr_handle_mem_mmap(offset, vma))
 		return -EPERM;
-#endif
+	}
 
 	/* Don't try to swap out physical pages.. */
 	vma->vm_flags |= VM_RESERVED;
@@ -333,10 +333,10 @@
 	
 	return -EPERM;
 
-#ifdef CONFIG_GRKERNSEC_KMEM
+	if (grsec_enable_secure_kmem) {
 	gr_handle_kmem_write();
 	return -EPERM;
-#endif
+	}
 
 	if (p < (unsigned long) high_memory) {
 		wrote = count;
@@ -620,10 +620,10 @@
 
 static int open_port(struct inode * inode, struct file * filp)
 {
-#ifdef CONFIG_GRKERNSEC_KMEM
+	if (grsec_enable_secure_kmem) {
 	gr_handle_open_port();
 	return -EPERM;
-#endif
+	}
 
 	return capable(CAP_SYS_RAWIO) ? 0 : -EPERM;
 }
--- linux-2.6.4/include/linux/grsecurity.h.secure_kmem	Sat Mar 20 13:56:11 2004
+++ linux-2.6.4/include/linux/grsecurity.h	Sat Mar 20 13:56:11 2004
@@ -177,6 +177,7 @@
 extern unsigned long get_random_long(void);
 
 extern int grsec_enable_secure_io;
+extern int grsec_enable_secure_kmem;
 extern int grsec_enable_dmesg;
 extern int grsec_enable_randid;
 extern int grsec_enable_randisn;
--- linux-2.6.4/grsecurity/grsec_init.c.secure_kmem	Sat Mar 20 13:56:11 2004
+++ linux-2.6.4/grsecurity/grsec_init.c	Sat Mar 20 13:56:11 2004
@@ -49,6 +49,7 @@
 int grsec_enable_socket_server;
 int grsec_socket_server_gid;
 int grsec_enable_secure_io;
+int grsec_enable_secure_kmem;
 int grsec_lock;
 
 spinlock_t grsec_alert_lock = SPIN_LOCK_UNLOCKED;
@@ -221,6 +222,9 @@
 #ifdef CONFIG_GRKERNSEC_IO
 	grsec_enable_secure_io = 1;
 #endif
+#ifdef CONFIG_GRKERNSEC_KMEM
+	grsec_enable_secure_kmem = 1;
+#endif
 #endif
 
 	return;
--- linux-2.6.4/grsecurity/grsec_sysctl.c.secure_kmem	Sat Mar 20 13:56:11 2004
+++ linux-2.6.4/grsecurity/grsec_sysctl.c	Sat Mar 20 14:02:52 2004
@@ -26,7 +26,7 @@
 GS_SOCKET_ALL, GS_SOCKET_ALL_GID, GS_SOCKET_CLIENT,
 GS_SOCKET_CLIENT_GID, GS_SOCKET_SERVER, GS_SOCKET_SERVER_GID, GS_TTY, GS_TTYS,
 GS_PTY, GS_GROUP, GS_GID, GS_ACHDIR, GS_AMOUNT, GS_AIPC, GS_DMSG, GS_RANDRPC,
-GS_FINDTASK, GS_IO, GS_LOCK};
+GS_FINDTASK, GS_IO, GS_KMEM, GS_LOCK};
 
 
 ctl_table grsecurity_table[] = {
@@ -438,6 +438,16 @@
 		.maxlen		= sizeof(int),
 		.mode		= 0600,
 		.proc_handler	= &proc_dointvec,
+	},
+#endif
+#ifdef CONFIG_GRKERNSEC_KMEM
+	{
+		.ctl_name	= GS_KMEM,
+		.procname	= "secure_kmem",
+		.data		= &grsec_enable_secure_kmem,
+		.maxlen		= sizeof(int),
+		.mode		= 0600,
+		.proc_handler	= &proc_dointvec,
 	},
 #endif
 	{