diff options
| author | Mel Gorman <mgorman@techsingularity.net> | 2025-01-23 22:11:12 +0000 |
|---|---|---|
| committer | Kees Cook <kees@kernel.org> | 2025-02-28 11:51:31 -0800 |
| commit | f4d4e8b9d6afe880a855e919c4ba4139455e11db (patch) | |
| tree | 39729ee1e75a5b7b61c53eab999662b2aa251ca6 /security | |
| parent | 808aac63e2bdf9bae08485e072bf3d317a18acbf (diff) | |
| download | linux-f4d4e8b9d6afe880a855e919c4ba4139455e11db.tar.gz linux-f4d4e8b9d6afe880a855e919c4ba4139455e11db.tar.bz2 linux-f4d4e8b9d6afe880a855e919c4ba4139455e11db.zip | |
mm: security: Move hardened usercopy under 'Kernel hardening options'
There is a submenu for 'Kernel hardening options' under "Security".
Move HARDENED_USERCOPY under the hardening options as it is clearly
related.
Signed-off-by: Mel Gorman <mgorman@techsingularity.net>
Acked-by: Paul Moore <paul@paul-moore.com>
Link: https://lore.kernel.org/r/20250123221115.19722-2-mgorman@techsingularity.net
Signed-off-by: Kees Cook <kees@kernel.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/Kconfig | 12 | ||||
| -rw-r--r-- | security/Kconfig.hardening | 16 |
2 files changed, 16 insertions, 12 deletions
diff --git a/security/Kconfig b/security/Kconfig index f10dbf15c294..38ad111e07d0 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -164,18 +164,6 @@ config LSM_MMAP_MIN_ADDR this low address space will need the permission specific to the systems running LSM. -config HARDENED_USERCOPY - bool "Harden memory copies between kernel and userspace" - imply STRICT_DEVMEM - help - This option checks for obviously wrong memory regions when - copying memory to/from the kernel (via copy_to_user() and - copy_from_user() functions) by rejecting memory ranges that - are larger than the specified heap object, span multiple - separately allocated pages, are not on the process stack, - or are part of the kernel text. This prevents entire classes - of heap overflow exploits and similar kernel memory exposures. - config FORTIFY_SOURCE bool "Harden common str/mem functions against buffer overflows" depends on ARCH_HAS_FORTIFY_SOURCE diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index b56e001e0c6a..9f1bea733523 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -280,6 +280,22 @@ config ZERO_CALL_USED_REGS endmenu +menu "Bounds checking" + +config HARDENED_USERCOPY + bool "Harden memory copies between kernel and userspace" + imply STRICT_DEVMEM + help + This option checks for obviously wrong memory regions when + copying memory to/from the kernel (via copy_to_user() and + copy_from_user() functions) by rejecting memory ranges that + are larger than the specified heap object, span multiple + separately allocated pages, are not on the process stack, + or are part of the kernel text. This prevents entire classes + of heap overflow exploits and similar kernel memory exposures. + +endmenu + menu "Hardening of kernel data structures" config LIST_HARDENED |