summaryrefslogtreecommitdiff
path: root/security/Kconfig
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2017-11-30 13:04:32 -0800
committerKees Cook <keescook@chromium.org>2018-01-15 12:07:48 -0800
commit2d891fbc3bb681ba1f826e7ee70dbe38ca7465fe (patch)
tree1dac3dd3aac5a0fed8046b6f85bd944211260c70 /security/Kconfig
parentafcc90f8621e289cd082ba97900e76f01afe778c (diff)
downloadlwn-2d891fbc3bb681ba1f826e7ee70dbe38ca7465fe.tar.gz
lwn-2d891fbc3bb681ba1f826e7ee70dbe38ca7465fe.zip
usercopy: Allow strict enforcement of whitelists
This introduces CONFIG_HARDENED_USERCOPY_FALLBACK to control the behavior of hardened usercopy whitelist violations. By default, whitelist violations will continue to WARN() so that any bad or missing usercopy whitelists can be discovered without being too disruptive. If this config is disabled at build time or a system is booted with "slab_common.usercopy_fallback=0", usercopy whitelists will BUG() instead of WARN(). This is useful for admins that want to use usercopy whitelists immediately. Suggested-by: Matthew Garrett <mjg59@google.com> Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'security/Kconfig')
-rw-r--r--security/Kconfig14
1 files changed, 14 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig
index e8e449444e65..ae457b018da5 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -152,6 +152,20 @@ config HARDENED_USERCOPY
or are part of the kernel text. This kills entire classes
of heap overflow exploits and similar kernel memory exposures.
+config HARDENED_USERCOPY_FALLBACK
+ bool "Allow usercopy whitelist violations to fallback to object size"
+ depends on HARDENED_USERCOPY
+ default y
+ help
+ This is a temporary option that allows missing usercopy whitelists
+ to be discovered via a WARN() to the kernel log, instead of
+ rejecting the copy, falling back to non-whitelisted hardened
+ usercopy that checks the slab allocation size instead of the
+ whitelist size. This option will be removed once it seems like
+ all missing usercopy whitelists have been identified and fixed.
+ Booting with "slab_common.usercopy_fallback=Y/N" can change
+ this setting.
+
config HARDENED_USERCOPY_PAGESPAN
bool "Refuse to copy allocations that span multiple pages"
depends on HARDENED_USERCOPY