Kernel: Activate CONFIG_HARDENED_USERCOPY

This adds additional checks to the copy_from_user() and copy_to_user() functions. The details are described in this article: https://lwn.net/Articles/695991/ This should only have a very small performance impact on system calls and should not affect routing performance. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
openwrt · May 11, 2019 · 9b12394 · 9b12394
1 parent bdaaf66
commit 9b12394
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 3 deletions.
diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14
@@ -1593,7 +1593,8 @@ CONFIG_GENERIC_NET_UTILS=y
 # CONFIG_HAMACHI is not set
 # CONFIG_HAMRADIO is not set
 # CONFIG_HAPPYMEAL is not set
-# CONFIG_HARDENED_USERCOPY is not set
+CONFIG_HARDENED_USERCOPY=y
+# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 # CONFIG_HARDLOCKUP_DETECTOR is not set
 # CONFIG_HAVE_AOUT is not set
 CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y

diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19
@@ -1688,7 +1688,9 @@ CONFIG_GPIOLIB_FASTPATH_LIMIT=512
 # CONFIG_HAMACHI is not set
 # CONFIG_HAMRADIO is not set
 # CONFIG_HAPPYMEAL is not set
-# CONFIG_HARDENED_USERCOPY is not set
+CONFIG_HARDENED_USERCOPY=y
+# CONFIG_HARDENED_USERCOPY_FALLBACK is not set
+# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 CONFIG_HARDEN_EL2_VECTORS=y
 # CONFIG_HARDLOCKUP_DETECTOR is not set
 # CONFIG_HAVE_AOUT is not set

diff --git a/target/linux/generic/config-4.9 b/target/linux/generic/config-4.9
@@ -1439,7 +1439,8 @@ CONFIG_GENERIC_NET_UTILS=y
 # CONFIG_HAMACHI is not set
 # CONFIG_HAMRADIO is not set
 # CONFIG_HAPPYMEAL is not set
-# CONFIG_HARDENED_USERCOPY is not set
+CONFIG_HARDENED_USERCOPY=y
+# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 # CONFIG_HARDLOCKUP_DETECTOR is not set
 # CONFIG_HAVE_AOUT is not set
 CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y