diff options
| author | Mel Gorman <mgorman@techsingularity.net> | 2025-01-23 22:11:13 +0000 |
|---|---|---|
| committer | Kees Cook <kees@kernel.org> | 2025-02-28 11:51:31 -0800 |
| commit | d2132f453e3308adc82ab7c101bd5220a9a34167 (patch) | |
| tree | 4971a7438d70cdff1ac07fec100879a45a28af89 /security | |
| parent | f4d4e8b9d6afe880a855e919c4ba4139455e11db (diff) | |
| download | linux-d2132f453e3308adc82ab7c101bd5220a9a34167.tar.gz linux-d2132f453e3308adc82ab7c101bd5220a9a34167.tar.bz2 linux-d2132f453e3308adc82ab7c101bd5220a9a34167.zip | |
mm: security: Allow default HARDENED_USERCOPY to be set at compile time
HARDENED_USERCOPY defaults to on if enabled at compile time. Allow
hardened_usercopy= default to be set at compile time similar to
init_on_alloc= and init_on_free=. The intent is that hardening
options that can be disabled at runtime can set their default at
build time.
Signed-off-by: Mel Gorman <mgorman@techsingularity.net>
Link: https://lore.kernel.org/r/20250123221115.19722-3-mgorman@techsingularity.net
Signed-off-by: Kees Cook <kees@kernel.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/Kconfig.hardening | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index 9f1bea733523..45748379f896 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -294,6 +294,14 @@ config HARDENED_USERCOPY or are part of the kernel text. This prevents entire classes of heap overflow exploits and similar kernel memory exposures. +config HARDENED_USERCOPY_DEFAULT_ON + bool "Harden memory copies by default" + depends on HARDENED_USERCOPY + default HARDENED_USERCOPY + help + This has the effect of setting "hardened_usercopy=on" on the kernel + command line. This can be disabled with "hardened_usercopy=off". + endmenu menu "Hardening of kernel data structures" |