On Mon, Sep 11, 2017 at 8:26 AM, Mark Salyzyn <[email protected]> wrote: > Make it possible to disable the kuser helpers by adding a KUSER_HELPERS > config option (enabled by default). When disabled, all kuser > helpers-related code is removed from the kernel and no mapping is done > at the fixed high address (0xffff0000); any attempt to use a kuser > helper from a 32-bit process will result in a segfault. > > Signed-off-by: Mark Salyzyn <[email protected]> > > v2: > - vectors_page and compat_vdso_spec as array of 2 > - free sigpage if vectors allocation failed > - adjust makefile so one line for each of the assembler source modules > - split off assembler changes to a new previous patch in series to reduce > churn > - modify slightly the feature documentation to reduce its reach > - modify slightly the feature documentation to rationalize the yes default. > - There are more ifdefs as a result of the rebase. > > v3: > - rebase (minor conflicts)
This looks great to me. I'd love to see kuser helpers gone. :) Catalin, Will, does this need anything else? -Kees -- Kees Cook Pixel Security
