From e1edf3f4886148f80be87f66246d4e04204d23ce Mon Sep 17 00:00:00 2001
From: Ilya Dryomov <idryomov@gmail.com>
Date: Tue, 24 Sep 2019 10:40:35 +0200
Subject: [PATCH] kernel: enable CONFIG_HARDENED_USERCOPY

This is something we had to work around in libceph, see linux.git
commit 7e241f647dc7 ("libceph: fall back to sendmsg for slab pages").
It is enabled by default in many distros.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
---
 kernel/build/kernel-config-deb.sh | 1 +
 kernel/build/kernel-config-rpm.sh | 1 +
 2 files changed, 2 insertions(+)

diff --git a/kernel/build/kernel-config-deb.sh b/kernel/build/kernel-config-deb.sh
index 590f9e75..36f2c99e 100755
--- a/kernel/build/kernel-config-deb.sh
+++ b/kernel/build/kernel-config-deb.sh
@@ -4587,6 +4587,7 @@ CONFIG_SECURITY_NETWORK_XFRM=y
 CONFIG_SECURITY_PATH=y
 CONFIG_INTEL_TXT=y
 CONFIG_LSM_MMAP_MIN_ADDR=0
+CONFIG_HARDENED_USERCOPY=y
 CONFIG_SECURITY_SELINUX=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=0
diff --git a/kernel/build/kernel-config-rpm.sh b/kernel/build/kernel-config-rpm.sh
index 9be8ccc9..37b02ff3 100755
--- a/kernel/build/kernel-config-rpm.sh
+++ b/kernel/build/kernel-config-rpm.sh
@@ -4239,6 +4239,7 @@ CONFIG_SECURITY_NETWORK_XFRM=y
 # CONFIG_SECURITY_PATH is not set
 CONFIG_INTEL_TXT=y
 CONFIG_LSM_MMAP_MIN_ADDR=65536
+CONFIG_HARDENED_USERCOPY=y
 CONFIG_SECURITY_SELINUX=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM=y
 CONFIG_SECURITY_SELINUX_BOOTPARAM_VALUE=1
-- 
2.39.5