diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/Kconfig | 29 | ||||
| -rw-r--r-- | security/security.c | 2 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 2 |
3 files changed, 31 insertions, 2 deletions
diff --git a/security/Kconfig b/security/Kconfig index 176758cdfa57..da10d9b573a4 100644 --- a/security/Kconfig +++ b/security/Kconfig @@ -118,6 +118,35 @@ config LSM_MMAP_MIN_ADDR this low address space will need the permission specific to the systems running LSM. +config HAVE_HARDENED_USERCOPY_ALLOCATOR + bool + help + The heap allocator implements __check_heap_object() for + validating memory ranges against heap object sizes in + support of CONFIG_HARDENED_USERCOPY. + +config HAVE_ARCH_HARDENED_USERCOPY + bool + help + The architecture supports CONFIG_HARDENED_USERCOPY by + calling check_object_size() just before performing the + userspace copies in the low level implementation of + copy_to_user() and copy_from_user(). + +config HARDENED_USERCOPY + bool "Harden memory copies between kernel and userspace" + depends on HAVE_ARCH_HARDENED_USERCOPY + depends on HAVE_HARDENED_USERCOPY_ALLOCATOR + select BUG + help + This option checks for obviously wrong memory regions when + copying memory to/from the kernel (via copy_to_user() and + copy_from_user() functions) by rejecting memory ranges that + are larger than the specified heap object, span multiple + separately allocates pages, are not on the process stack, + or are part of the kernel text. This kills entire classes + of heap overflow exploits and similar kernel memory exposures. + source security/selinux/Kconfig source security/smack/Kconfig source security/tomoyo/Kconfig diff --git a/security/security.c b/security/security.c index c4bb47db30ee..4838e7fefa1f 100644 --- a/security/security.c +++ b/security/security.c @@ -356,7 +356,7 @@ void security_inode_free(struct inode *inode) } int security_dentry_init_security(struct dentry *dentry, int mode, - struct qstr *name, void **ctx, + const struct qstr *name, void **ctx, u32 *ctxlen) { return call_int_hook(dentry_init_security, -EOPNOTSUPP, dentry, mode, diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index ec30880c4b98..13185a6c266a 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2832,7 +2832,7 @@ static void selinux_inode_free_security(struct inode *inode) } static int selinux_dentry_init_security(struct dentry *dentry, int mode, - struct qstr *name, void **ctx, + const struct qstr *name, void **ctx, u32 *ctxlen) { u32 newsid; |