Merge branch 'v4.4/topic/mm-kaslr-pax_usercopy' into linux-linaro-lsk-v4.4

author: Alex Shi <alex.shi@linaro.org> 2016-09-24 18:14:12 +0800
committer: Alex Shi <alex.shi@linaro.org> 2016-09-24 18:14:12 +0800
commit: daa56e80f38501651e9fd9d7f76920c4e9f5c6e9 (patch)
tree: db92f168af25936a0090713b43dad341f7f8e339 /security
parent: d2d693d1ba7d93ec7c5db8aca2da29a4c91f6782 (diff)
parent: ed67fb82b17db1f5e3c7818e10560814c7d2e019 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig
index 46c00a674eec..ddb3e8a8d9bd 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -146,6 +146,17 @@ config HARDENED_USERCOPY
 	  or are part of the kernel text. This kills entire classes
 	  of heap overflow exploits and similar kernel memory exposures.
 
+config HARDENED_USERCOPY_PAGESPAN
+	bool "Refuse to copy allocations that span multiple pages"
+	depends on HARDENED_USERCOPY
+	depends on !COMPILE_TEST
+	help
+	  When a multi-page allocation is done without __GFP_COMP,
+	  hardened usercopy will reject attempts to copy it. There are,
+	  however, several cases of this in the kernel that have not all
+	  been removed. This config is intended to be used only while
+	  trying to find such users.
+
 source security/selinux/Kconfig
 source security/smack/Kconfig
 source security/tomoyo/Kconfig
author	Alex Shi <alex.shi@linaro.org>	2016-09-24 18:14:12 +0800
committer	Alex Shi <alex.shi@linaro.org>	2016-09-24 18:14:12 +0800
commit	daa56e80f38501651e9fd9d7f76920c4e9f5c6e9 (patch)
tree	db92f168af25936a0090713b43dad341f7f8e339 /security
parent	d2d693d1ba7d93ec7c5db8aca2da29a4c91f6782 (diff)
parent	ed67fb82b17db1f5e3c7818e10560814c7d2e019 (diff)