[linux-kvm-bionic][PATCH 0/2] Enable CONFIG_HARDENED_USERCOPY

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[linux-kvm-bionic][PATCH 0/2] Enable CONFIG_HARDENED_USERCOPY

Kamal Mostafa-2
BugLink: https://bugs.launchpad.net/bugs/1766777

Cherry-pick "usercopy: Do not select BUG" Kconfig oneliner from linux-next,
and enable CONFIG_HARDENED_USERCOPY in linux-kvm-bionic in order to match
the standard Bionic security configuration.

 -Kamal

Kamal Mostafa (2):
  usercopy: Do not select BUG with HARDENED_USERCOPY
  UBUNTU: kvm: [Config] Enable CONFIG_HARDENED_USERCOPY

 debian.kvm/config/config.common.ubuntu | 3 ++-
 security/Kconfig                       | 1 -
 2 files changed, 2 insertions(+), 2 deletions(-)

--
2.7.4


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[linux-kvm-bionic][PATCH 1/2] usercopy: Do not select BUG with HARDENED_USERCOPY

Kamal Mostafa-2
BugLink: https://bugs.launchpad.net/bugs/1766777

There is no need to "select BUG" when CONFIG_HARDENED_USERCOPY is enabled.
The kernel thread will always die, regardless of the CONFIG_BUG.

Signed-off-by: Kamal Mostafa <[hidden email]>
[kees: tweak commit log]
Signed-off-by: Kees Cook <[hidden email]>

(cherry picked from commit 6aa56f44253a6dd802e45d8ab1b48847feaf063a linux-next)
Signed-off-by: Kamal Mostafa <[hidden email]>
---
 security/Kconfig | 1 -
 1 file changed, 1 deletion(-)

diff --git a/security/Kconfig b/security/Kconfig
index 16803be..8320651 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -195,7 +195,6 @@ config HAVE_HARDENED_USERCOPY_ALLOCATOR
 config HARDENED_USERCOPY
  bool "Harden memory copies between kernel and userspace"
  depends on HAVE_HARDENED_USERCOPY_ALLOCATOR
- select BUG
  imply STRICT_DEVMEM
  help
   This option checks for obviously wrong memory regions when
--
2.7.4


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[linux-kvm-bionic][PATCH 2/2] UBUNTU: kvm: [Config] Enable CONFIG_HARDENED_USERCOPY

Kamal Mostafa-2
In reply to this post by Kamal Mostafa-2
BugLink: https://bugs.launchpad.net/bugs/1766777

Signed-off-by: Kamal Mostafa <[hidden email]>
---
 debian.kvm/config/config.common.ubuntu | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/debian.kvm/config/config.common.ubuntu b/debian.kvm/config/config.common.ubuntu
index 42a15c8..6087b19 100644
--- a/debian.kvm/config/config.common.ubuntu
+++ b/debian.kvm/config/config.common.ubuntu
@@ -796,7 +796,8 @@ CONFIG_GRO_CELLS=y
 # CONFIG_GUP_BENCHMARK is not set
 # CONFIG_HAMRADIO is not set
 # CONFIG_HANGCHECK_TIMER is not set
-# CONFIG_HARDENED_USERCOPY is not set
+CONFIG_HARDENED_USERCOPY=y
+# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y
 # CONFIG_HARDLOCKUP_DETECTOR is not set
 CONFIG_HAS_DMA=y
--
2.7.4


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [linux-kvm-bionic][PATCH 0/2] Enable CONFIG_HARDENED_USERCOPY

Khalid Elmously
In reply to this post by Kamal Mostafa-2

Acked-by: Khalid Elmously ‎<[hidden email]>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [linux-kvm-bionic][PATCH 0/2] Enable CONFIG_HARDENED_USERCOPY

Po-Hsu Lin (Sam)
In reply to this post by Kamal Mostafa-2
Thanks!
Acked-by: Po-Hsu Lin <[hidden email]>

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team