diff options
Diffstat (limited to 'security/Kconfig.hardening')
| -rw-r--r-- | security/Kconfig.hardening | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index b56e001e0c6a..9f1bea733523 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -280,6 +280,22 @@ config ZERO_CALL_USED_REGS endmenu +menu "Bounds checking" + +config HARDENED_USERCOPY + bool "Harden memory copies between kernel and userspace" + imply STRICT_DEVMEM + help + This option checks for obviously wrong memory regions when + copying memory to/from the kernel (via copy_to_user() and + copy_from_user() functions) by rejecting memory ranges that + are larger than the specified heap object, span multiple + separately allocated pages, are not on the process stack, + or are part of the kernel text. This prevents entire classes + of heap overflow exploits and similar kernel memory exposures. + +endmenu + menu "Hardening of kernel data structures" config LIST_HARDENED |