diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/Kconfig | 9 | ||||
| -rw-r--r-- | security/security.c | 12 | ||||
| -rw-r--r-- | security/tomoyo/network.c | 2 |
3 files changed, 9 insertions, 14 deletions
diff --git a/security/Kconfig b/security/Kconfig index d900f47eaa68..213df4d4f2c1 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -125,17 +125,8 @@ config HAVE_HARDENED_USERCOPY_ALLOCATOR validating memory ranges against heap object sizes in support of CONFIG_HARDENED_USERCOPY. -config HAVE_ARCH_HARDENED_USERCOPY - bool - help - The architecture supports CONFIG_HARDENED_USERCOPY by - calling check_object_size() just before performing the - userspace copies in the low level implementation of - copy_to_user() and copy_from_user(). - config HARDENED_USERCOPY bool "Harden memory copies between kernel and userspace" - depends on HAVE_ARCH_HARDENED_USERCOPY depends on HAVE_HARDENED_USERCOPY_ALLOCATOR select BUG help diff --git a/security/security.c b/security/security.c index d0e07f269b2d..23555c5504f6 100644 --- a/security/security.c +++ b/security/security.c @@ -103,10 +103,14 @@ static int lsm_append(char *new, char **result) * to avoid security registration races. This method may also be used * to check if your LSM is currently loaded during kernel initialization. * - * Return true if: - * -The passed LSM is the one chosen by user at boot time, - * -or the passed LSM is configured as the default and the user did not - * choose an alternate LSM at boot time. + * Returns: + * + * true if: + * + * - The passed LSM is the one chosen by user at boot time, + * - or the passed LSM is configured as the default and the user did not + * choose an alternate LSM at boot time. + * * Otherwise, return false. */ int __init security_module_enable(const char *module) diff --git a/security/tomoyo/network.c b/security/tomoyo/network.c index 97527710a72a..6c02ac478247 100644 --- a/security/tomoyo/network.c +++ b/security/tomoyo/network.c @@ -608,7 +608,7 @@ static int tomoyo_check_unix_address(struct sockaddr *addr, static bool tomoyo_kernel_service(void) { /* Nothing to do if I am a kernel service. */ - return segment_eq(get_fs(), KERNEL_DS); + return uaccess_kernel(); } /** |