diff options
| author | Kees Cook <keescook@chromium.org> | 2016-09-07 09:54:34 -0700 |
|---|---|---|
| committer | Amit Pundir <amit.pundir@linaro.org> | 2016-09-14 14:44:29 +0530 |
| commit | f9ae153c0546111f4f11a6a63473802fcad345c2 (patch) | |
| tree | 79bb88b86708c4c7ee32f69b5766a6ac82ee1bbc /security | |
| parent | 0c9f69c443b43eb8b545c605cf65f509a7ab64f7 (diff) | |
UPSTREAM: usercopy: remove page-spanning test for now
A custom allocator without __GFP_COMP that copies to userspace has been
found in vmw_execbuf_process[1], so this disables the page-span checker
by placing it behind a CONFIG for future work where such things can be
tracked down later.
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1373326
Reported-by: Vinson Lee <vlee@freedesktop.org>
Fixes: f5509cc18daa ("mm: Hardened usercopy")
Signed-off-by: Kees Cook <keescook@chromium.org>
Change-Id: I4177c0fb943f14a5faf5c70f5e54bf782c316f43
(cherry picked from commit 8e1f74ea02cf4562404c48c6882214821552c13f)
Signed-off-by: Sami Tolvanen <samitolvanen@google.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/Kconfig | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig index 2b42c225de28..3aa60791f84d 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -156,6 +156,17 @@ config HARDENED_USERCOPY or are part of the kernel text. This kills entire classes of heap overflow exploits and similar kernel memory exposures. +config HARDENED_USERCOPY_PAGESPAN + bool "Refuse to copy allocations that span multiple pages" + depends on HARDENED_USERCOPY + depends on !COMPILE_TEST + help + When a multi-page allocation is done without __GFP_COMP, + hardened usercopy will reject attempts to copy it. There are, + however, several cases of this in the kernel that have not all + been removed. This config is intended to be used only while + trying to find such users. + source security/selinux/Kconfig source security/smack/Kconfig source security/tomoyo/Kconfig |