mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git
synced 2026-04-18 03:23:53 -04:00
mm: security: Move hardened usercopy under 'Kernel hardening options'
There is a submenu for 'Kernel hardening options' under "Security". Move HARDENED_USERCOPY under the hardening options as it is clearly related. Signed-off-by: Mel Gorman <mgorman@techsingularity.net> Acked-by: Paul Moore <paul@paul-moore.com> Link: https://lore.kernel.org/r/20250123221115.19722-2-mgorman@techsingularity.net Signed-off-by: Kees Cook <kees@kernel.org>
This commit is contained in:
Mel Gorman
@@ -164,18 +164,6 @@ config LSM_MMAP_MIN_ADDR
|
||||
this low address space will need the permission specific to the
|
||||
systems running LSM.
|
||||
|
||||
config HARDENED_USERCOPY
|
||||
bool "Harden memory copies between kernel and userspace"
|
||||
imply STRICT_DEVMEM
|
||||
help
|
||||
This option checks for obviously wrong memory regions when
|
||||
copying memory to/from the kernel (via copy_to_user() and
|
||||
copy_from_user() functions) by rejecting memory ranges that
|
||||
are larger than the specified heap object, span multiple
|
||||
separately allocated pages, are not on the process stack,
|
||||
or are part of the kernel text. This prevents entire classes
|
||||
of heap overflow exploits and similar kernel memory exposures.
|
||||
|
||||
config FORTIFY_SOURCE
|
||||
bool "Harden common str/mem functions against buffer overflows"
|
||||
depends on ARCH_HAS_FORTIFY_SOURCE
|
||||
|
||||
Reference in New Issue
Block a user