[OpenWrt-Devel] [PATCH 01/10] Kernel: Activate CONFIG_HARDENED_USERCOPY

Hauke Mehrtens hauke at hauke-m.de
Fri May 3 13:51:58 PDT 2019


This adds additional checks to the copy_from_user() and copy_to_user()
functions. The details are described in this article:
https://lwn.net/Articles/695991/

This should only have a very small performance impact on system calls
and should not affect routing performance.

Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
 target/linux/generic/config-4.14 | 3 ++-
 target/linux/generic/config-4.19 | 4 +++-
 target/linux/generic/config-4.9  | 3 ++-
 3 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14
index 6f2db60989..e607c6dc80 100644
--- a/target/linux/generic/config-4.14
+++ b/target/linux/generic/config-4.14
@@ -1593,7 +1593,8 @@ CONFIG_GENERIC_NET_UTILS=y
 # CONFIG_HAMACHI is not set
 # CONFIG_HAMRADIO is not set
 # CONFIG_HAPPYMEAL is not set
-# CONFIG_HARDENED_USERCOPY is not set
+CONFIG_HARDENED_USERCOPY=y
+# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 # CONFIG_HARDLOCKUP_DETECTOR is not set
 # CONFIG_HAVE_AOUT is not set
 CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y
diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19
index 3acfbb1f69..7e1528f517 100644
--- a/target/linux/generic/config-4.19
+++ b/target/linux/generic/config-4.19
@@ -1688,7 +1688,9 @@ CONFIG_GPIOLIB_FASTPATH_LIMIT=512
 # CONFIG_HAMACHI is not set
 # CONFIG_HAMRADIO is not set
 # CONFIG_HAPPYMEAL is not set
-# CONFIG_HARDENED_USERCOPY is not set
+CONFIG_HARDENED_USERCOPY=y
+# CONFIG_HARDENED_USERCOPY_FALLBACK is not set
+# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 CONFIG_HARDEN_EL2_VECTORS=y
 # CONFIG_HARDLOCKUP_DETECTOR is not set
 # CONFIG_HAVE_AOUT is not set
diff --git a/target/linux/generic/config-4.9 b/target/linux/generic/config-4.9
index 1ed16edf02..cf50b4919c 100644
--- a/target/linux/generic/config-4.9
+++ b/target/linux/generic/config-4.9
@@ -1439,7 +1439,8 @@ CONFIG_GENERIC_NET_UTILS=y
 # CONFIG_HAMACHI is not set
 # CONFIG_HAMRADIO is not set
 # CONFIG_HAPPYMEAL is not set
-# CONFIG_HARDENED_USERCOPY is not set
+CONFIG_HARDENED_USERCOPY=y
+# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 # CONFIG_HARDLOCKUP_DETECTOR is not set
 # CONFIG_HAVE_AOUT is not set
 CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y
-- 
2.20.1




More information about the openwrt-devel mailing list