diff options
author | Matthew Wilcox (Oracle) <willy@infradead.org> | 2022-01-10 23:15:30 +0000 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2022-04-13 12:15:52 -0700 |
commit | 1109a5d907015005cdbe9eaa4fec40213e2f9010 (patch) | |
tree | a671d6240ee6101982c23a606912cfc0f12788ac /security/Kconfig | |
parent | ab502103ae3ce4c0fc393e598455efede3e523c9 (diff) | |
download | lwn-1109a5d907015005cdbe9eaa4fec40213e2f9010.tar.gz lwn-1109a5d907015005cdbe9eaa4fec40213e2f9010.zip |
usercopy: Remove HARDENED_USERCOPY_PAGESPAN
There isn't enough information to make this a useful check any more;
the useful parts of it were moved in earlier patches, so remove this
set of checks now.
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
Acked-by: Kees Cook <keescook@chromium.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20220110231530.665970-5-willy@infradead.org
Diffstat (limited to 'security/Kconfig')
-rw-r--r-- | security/Kconfig | 13 |
1 files changed, 1 insertions, 12 deletions
diff --git a/security/Kconfig b/security/Kconfig index 9b2c4925585a..f29e4c656983 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -160,20 +160,9 @@ config HARDENED_USERCOPY copy_from_user() functions) by rejecting memory ranges that are larger than the specified heap object, span multiple separately allocated pages, are not on the process stack, - or are part of the kernel text. This kills entire classes + or are part of the kernel text. This prevents entire classes of heap overflow exploits and similar kernel memory exposures. -config HARDENED_USERCOPY_PAGESPAN - bool "Refuse to copy allocations that span multiple pages" - depends on HARDENED_USERCOPY - depends on BROKEN - help - When a multi-page allocation is done without __GFP_COMP, - hardened usercopy will reject attempts to copy it. There are, - however, several cases of this in the kernel that have not all - been removed. This config is intended to be used only while - trying to find such users. - config FORTIFY_SOURCE bool "Harden common str/mem functions against buffer overflows" depends on ARCH_HAS_FORTIFY_SOURCE |