Merge tag 'rproc-v4.16' of git://github.com/andersson/remoteproc

[linux-2.6-microblaze.git] / security / Kconfig

diff --git a/security/Kconfig b/security/Kconfig
index b0cb9a5..c430206 100644 (file)
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -154,6 +154,7 @@ config HARDENED_USERCOPY
        bool "Harden memory copies between kernel and userspace"
        depends on HAVE_HARDENED_USERCOPY_ALLOCATOR
        select BUG
+       imply STRICT_DEVMEM
        help
          This option checks for obviously wrong memory regions when
          copying memory to/from the kernel (via copy_to_user() and
@@ -163,6 +164,20 @@ config HARDENED_USERCOPY
          or are part of the kernel text. This kills entire classes
          of heap overflow exploits and similar kernel memory exposures.
 
+config HARDENED_USERCOPY_FALLBACK
+       bool "Allow usercopy whitelist violations to fallback to object size"
+       depends on HARDENED_USERCOPY
+       default y
+       help
+         This is a temporary option that allows missing usercopy whitelists
+         to be discovered via a WARN() to the kernel log, instead of
+         rejecting the copy, falling back to non-whitelisted hardened
+         usercopy that checks the slab allocation size instead of the
+         whitelist size. This option will be removed once it seems like
+         all missing usercopy whitelists have been identified and fixed.
+         Booting with "slab_common.usercopy_fallback=Y/N" can change
+         this setting.
+
 config HARDENED_USERCOPY_PAGESPAN
        bool "Refuse to copy allocations that span multiple pages"
        depends on HARDENED_USERCOPY