From: Ilya Dryomov <idryomov@gmail.com>
Date: Tue, 24 Sep 2019 08:40:35 +0000 (+0200)
Subject: kernel: enable CONFIG_HARDENED_USERCOPY
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=e1edf3f4886148f80be87f66246d4e04204d23ce;p=ceph-build.git

kernel: enable CONFIG_HARDENED_USERCOPY

This is something we had to work around in libceph, see linux.git
commit 7e241f647dc7 ("libceph: fall back to sendmsg for slab pages").
It is enabled by default in many distros.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
---

diff --git a/kernel/build/kernel-config-deb.sh b/kernel/build/kernel-config-deb.sh
index 590f9e75..36f2c99e 100755
--- a/kernel/build/kernel-config-deb.sh
+++ b/kernel/build/kernel-config-deb.sh
@@ -4587,6 +4587,7 @@ CONFIG_SECURITY_NETWORK_XFRM=y
 CONFIG_SECURITY_PATH=y
 CONFIG_INTEL_TXT=y
 CONFIG_LSM_MMAP_MIN_ADDR=0
+CONFIG_HARDENED_USERCOPY=y
 CONFIG_SECURITY_SELINUX=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
diff --git a/kernel/build/kernel-config-rpm.sh b/kernel/build/kernel-config-rpm.sh
index 9be8ccc9..37b02ff3 100755
--- a/kernel/build/kernel-config-rpm.sh
+++ b/kernel/build/kernel-config-rpm.sh
@@ -4239,6 +4239,7 @@ CONFIG_SECURITY_NETWORK_XFRM=y
 # CONFIG_SECURITY_PATH is not set
 CONFIG_INTEL_TXT=y
 CONFIG_LSM_MMAP_MIN_ADDR=65536
+CONFIG_HARDENED_USERCOPY=y
 CONFIG_SECURITY_SELINUX=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1