kernel: enable CONFIG_HARDENED_USERCOPY

This is something we had to work around in libceph, see linux.git
commit 7e241f647dc7 ("libceph: fall back to sendmsg for slab pages").
It is enabled by default in many distros.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

diff --git a/kernel/build/kernel-config-deb.sh b/kernel/build/kernel-config-deb.sh
index 590f9e75ab86b8c640529fa3b7efe1bc2aec0f80..36f2c99e04eb4fd9b5fefdfc793c20f606f2b843 100755 (executable)
--- a/kernel/build/kernel-config-deb.sh
+++ b/kernel/build/kernel-config-deb.sh
@@ -4587,6 +4587,7 @@ CONFIG_SECURITY_NETWORK_XFRM=y
 CONFIG_SECURITY_PATH=y
 CONFIG_INTEL_TXT=y
 CONFIG_LSM_MMAP_MIN_ADDR=0
+CONFIG_HARDENED_USERCOPY=y
 CONFIG_SECURITY_SELINUX=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0

diff --git a/kernel/build/kernel-config-rpm.sh b/kernel/build/kernel-config-rpm.sh
index 9be8ccc9d8ee4aed3e40498a8957b0106519bf82..37b02ff33e94f3e507947720248a25f4094434bc 100755 (executable)
--- a/kernel/build/kernel-config-rpm.sh
+++ b/kernel/build/kernel-config-rpm.sh
@@ -4239,6 +4239,7 @@ CONFIG_SECURITY_NETWORK_XFRM=y
 # CONFIG_SECURITY_PATH is not set
 CONFIG_INTEL_TXT=y
 CONFIG_LSM_MMAP_MIN_ADDR=65536
+CONFIG_HARDENED_USERCOPY=y
 CONFIG_SECURITY_SELINUX=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1