Re: [PATCH] security: CONFIG_HARDENED_USERCOPY does not need to select BUG

From: Kees Cook
Date: Fri Jun 29 2018 - 16:27:15 EST

Next message: Bjorn Helgaas: "[PATCH v1 0/2] PCI: Add patch submission and ACPI FW/OS info"
Previous message: Kees Cook: "Re: [PATCH] arm64: Clear the stack"
In reply to: Kamal Mostafa: "[PATCH] security: CONFIG_HARDENED_USERCOPY does not need to select BUG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jun 29, 2018 at 1:04 PM, Kamal Mostafa <kamal@xxxxxxxxxxxxx> wrote:
> Allows for CONFIG_HARDENED_USERCOPY without CONFIG_BUG.
>
> Signed-off-by: Kamal Mostafa <kamal@xxxxxxxxxxxxx>
> ---
> security/Kconfig | 1 -
> 1 file changed, 1 deletion(-)
>
> diff --git a/security/Kconfig b/security/Kconfig
> index c430206..7667774 100644
> --- a/security/Kconfig
> +++ b/security/Kconfig
> @@ -153,7 +153,6 @@ config HAVE_HARDENED_USERCOPY_ALLOCATOR
> config HARDENED_USERCOPY
> bool "Harden memory copies between kernel and userspace"
> depends on HAVE_HARDENED_USERCOPY_ALLOCATOR
> - select BUG
> imply STRICT_DEVMEM
> help
> This option checks for obviously wrong memory regions when

Do the lkdtm tests for usercopy correctly halt the kernel thread if
CONFIG_BUG is removed?

-Kees

--
Kees Cook
Pixel Security

Next message: Bjorn Helgaas: "[PATCH v1 0/2] PCI: Add patch submission and ACPI FW/OS info"
Previous message: Kees Cook: "Re: [PATCH] arm64: Clear the stack"
In reply to: Kamal Mostafa: "[PATCH] security: CONFIG_HARDENED_USERCOPY does not need to select BUG"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]