From 9b1239451d6598f39b3689c8c6e0d6147965e601 Mon Sep 17 00:00:00 2001 From: Hauke Mehrtens Date: Sun, 7 Apr 2019 16:38:44 +0200 Subject: [PATCH] Kernel: Activate CONFIG_HARDENED_USERCOPY This adds additional checks to the copy_from_user() and copy_to_user() functions. The details are described in this article: https://lwn.net/Articles/695991/ This should only have a very small performance impact on system calls and should not affect routing performance. Signed-off-by: Hauke Mehrtens --- target/linux/generic/config-4.14 | 3 ++- target/linux/generic/config-4.19 | 4 +++- target/linux/generic/config-4.9 | 3 ++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14 index 396139cb3926..4154314951f6 100644 --- a/target/linux/generic/config-4.14 +++ b/target/linux/generic/config-4.14 @@ -1593,7 +1593,8 @@ CONFIG_GENERIC_NET_UTILS=y # CONFIG_HAMACHI is not set # CONFIG_HAMRADIO is not set # CONFIG_HAPPYMEAL is not set -# CONFIG_HARDENED_USERCOPY is not set +CONFIG_HARDENED_USERCOPY=y +# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set # CONFIG_HARDLOCKUP_DETECTOR is not set # CONFIG_HAVE_AOUT is not set CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19 index a4b5a7d07252..48d0094bb460 100644 --- a/target/linux/generic/config-4.19 +++ b/target/linux/generic/config-4.19 @@ -1688,7 +1688,9 @@ CONFIG_GPIOLIB_FASTPATH_LIMIT=512 # CONFIG_HAMACHI is not set # CONFIG_HAMRADIO is not set # CONFIG_HAPPYMEAL is not set -# CONFIG_HARDENED_USERCOPY is not set +CONFIG_HARDENED_USERCOPY=y +# CONFIG_HARDENED_USERCOPY_FALLBACK is not set +# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set CONFIG_HARDEN_EL2_VECTORS=y # CONFIG_HARDLOCKUP_DETECTOR is not set # CONFIG_HAVE_AOUT is not set diff --git a/target/linux/generic/config-4.9 b/target/linux/generic/config-4.9 index 1ed16edf0239..cf50b4919cc9 100644 --- a/target/linux/generic/config-4.9 +++ b/target/linux/generic/config-4.9 @@ -1439,7 +1439,8 @@ CONFIG_GENERIC_NET_UTILS=y # CONFIG_HAMACHI is not set # CONFIG_HAMRADIO is not set # CONFIG_HAPPYMEAL is not set -# CONFIG_HARDENED_USERCOPY is not set +CONFIG_HARDENED_USERCOPY=y +# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set # CONFIG_HARDLOCKUP_DETECTOR is not set # CONFIG_HAVE_AOUT is not set CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y -- 2.30.2