diff options
Diffstat (limited to 'security/Kconfig')
| -rw-r--r-- | security/Kconfig | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig index da10d9b573a4..2dfc0ce4083e 100644 --- a/security/Kconfig +++ b/security/Kconfig | |||
| @@ -147,6 +147,17 @@ config HARDENED_USERCOPY | |||
| 147 | or are part of the kernel text. This kills entire classes | 147 | or are part of the kernel text. This kills entire classes |
| 148 | of heap overflow exploits and similar kernel memory exposures. | 148 | of heap overflow exploits and similar kernel memory exposures. |
| 149 | 149 | ||
| 150 | config HARDENED_USERCOPY_PAGESPAN | ||
| 151 | bool "Refuse to copy allocations that span multiple pages" | ||
| 152 | depends on HARDENED_USERCOPY | ||
| 153 | depends on !COMPILE_TEST | ||
| 154 | help | ||
| 155 | When a multi-page allocation is done without __GFP_COMP, | ||
| 156 | hardened usercopy will reject attempts to copy it. There are, | ||
| 157 | however, several cases of this in the kernel that have not all | ||
| 158 | been removed. This config is intended to be used only while | ||
| 159 | trying to find such users. | ||
| 160 | |||
| 150 | source security/selinux/Kconfig | 161 | source security/selinux/Kconfig |
| 151 | source security/smack/Kconfig | 162 | source security/smack/Kconfig |
| 152 | source security/tomoyo/Kconfig | 163 | source security/tomoyo/Kconfig |