From: Hauke Mehrtens Date: Sun, 7 Apr 2019 14:38:44 +0000 (+0200) Subject: Kernel: Activate CONFIG_HARDENED_USERCOPY X-Git-Tag: v19.07.0-rc1~686 X-Git-Url: http://git.openwrt.org/?p=openwrt%2Fopenwrt.git;a=commitdiff_plain;h=9b1239451d6598f39b3689c8c6e0d6147965e601;hp=bdaaf66e28bd45837e420ac2300df108091ec97a Kernel: Activate CONFIG_HARDENED_USERCOPY This adds additional checks to the copy_from_user() and copy_to_user() functions. The details are described in this article: https://lwn.net/Articles/695991/ This should only have a very small performance impact on system calls and should not affect routing performance. Signed-off-by: Hauke Mehrtens --- diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14 index 396139cb39..4154314951 100644 --- a/target/linux/generic/config-4.14 +++ b/target/linux/generic/config-4.14 @@ -1593,7 +1593,8 @@ CONFIG_GENERIC_NET_UTILS=y # CONFIG_HAMACHI is not set # CONFIG_HAMRADIO is not set # CONFIG_HAPPYMEAL is not set -# CONFIG_HARDENED_USERCOPY is not set +CONFIG_HARDENED_USERCOPY=y +# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set # CONFIG_HARDLOCKUP_DETECTOR is not set # CONFIG_HAVE_AOUT is not set CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19 index a4b5a7d072..48d0094bb4 100644 --- a/target/linux/generic/config-4.19 +++ b/target/linux/generic/config-4.19 @@ -1688,7 +1688,9 @@ CONFIG_GPIOLIB_FASTPATH_LIMIT=512 # CONFIG_HAMACHI is not set # CONFIG_HAMRADIO is not set # CONFIG_HAPPYMEAL is not set -# CONFIG_HARDENED_USERCOPY is not set +CONFIG_HARDENED_USERCOPY=y +# CONFIG_HARDENED_USERCOPY_FALLBACK is not set +# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set CONFIG_HARDEN_EL2_VECTORS=y # CONFIG_HARDLOCKUP_DETECTOR is not set # CONFIG_HAVE_AOUT is not set diff --git a/target/linux/generic/config-4.9 b/target/linux/generic/config-4.9 index 1ed16edf02..cf50b4919c 100644 --- a/target/linux/generic/config-4.9 +++ b/target/linux/generic/config-4.9 @@ -1439,7 +1439,8 @@ CONFIG_GENERIC_NET_UTILS=y # CONFIG_HAMACHI is not set # CONFIG_HAMRADIO is not set # CONFIG_HAPPYMEAL is not set -# CONFIG_HARDENED_USERCOPY is not set +CONFIG_HARDENED_USERCOPY=y +# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set # CONFIG_HARDLOCKUP_DETECTOR is not set # CONFIG_HAVE_AOUT is not set CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y