This adds additional checks to the copy_from_user() and copy_to_user() functions. The details are described in this article: https://lwn.net/Articles/695991/
This should only have a very small performance impact on system calls and should not affect routing performance. Signed-off-by: Hauke Mehrtens <[email protected]> --- target/linux/generic/config-4.14 | 3 ++- target/linux/generic/config-4.19 | 4 +++- target/linux/generic/config-4.9 | 3 ++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/target/linux/generic/config-4.14 b/target/linux/generic/config-4.14 index 6f2db60989..e607c6dc80 100644 --- a/target/linux/generic/config-4.14 +++ b/target/linux/generic/config-4.14 @@ -1593,7 +1593,8 @@ CONFIG_GENERIC_NET_UTILS=y # CONFIG_HAMACHI is not set # CONFIG_HAMRADIO is not set # CONFIG_HAPPYMEAL is not set -# CONFIG_HARDENED_USERCOPY is not set +CONFIG_HARDENED_USERCOPY=y +# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set # CONFIG_HARDLOCKUP_DETECTOR is not set # CONFIG_HAVE_AOUT is not set CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y diff --git a/target/linux/generic/config-4.19 b/target/linux/generic/config-4.19 index 3acfbb1f69..7e1528f517 100644 --- a/target/linux/generic/config-4.19 +++ b/target/linux/generic/config-4.19 @@ -1688,7 +1688,9 @@ CONFIG_GPIOLIB_FASTPATH_LIMIT=512 # CONFIG_HAMACHI is not set # CONFIG_HAMRADIO is not set # CONFIG_HAPPYMEAL is not set -# CONFIG_HARDENED_USERCOPY is not set +CONFIG_HARDENED_USERCOPY=y +# CONFIG_HARDENED_USERCOPY_FALLBACK is not set +# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set CONFIG_HARDEN_EL2_VECTORS=y # CONFIG_HARDLOCKUP_DETECTOR is not set # CONFIG_HAVE_AOUT is not set diff --git a/target/linux/generic/config-4.9 b/target/linux/generic/config-4.9 index 1ed16edf02..cf50b4919c 100644 --- a/target/linux/generic/config-4.9 +++ b/target/linux/generic/config-4.9 @@ -1439,7 +1439,8 @@ CONFIG_GENERIC_NET_UTILS=y # CONFIG_HAMACHI is not set # CONFIG_HAMRADIO is not set # CONFIG_HAPPYMEAL is not set -# CONFIG_HARDENED_USERCOPY is not set +CONFIG_HARDENED_USERCOPY=y +# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set # CONFIG_HARDLOCKUP_DETECTOR is not set # CONFIG_HAVE_AOUT is not set CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y -- 2.20.1 _______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
