@@ -1593,7 +1593,8 @@ CONFIG_GENERIC_NET_UTILS=y
# CONFIG_HAMACHI is not set
# CONFIG_HAMRADIO is not set
# CONFIG_HAPPYMEAL is not set
-# CONFIG_HARDENED_USERCOPY is not set
+CONFIG_HARDENED_USERCOPY=y
+# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
# CONFIG_HARDLOCKUP_DETECTOR is not set
# CONFIG_HAVE_AOUT is not set
CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y
@@ -1688,7 +1688,9 @@ CONFIG_GPIOLIB_FASTPATH_LIMIT=512
# CONFIG_HAMACHI is not set
# CONFIG_HAMRADIO is not set
# CONFIG_HAPPYMEAL is not set
-# CONFIG_HARDENED_USERCOPY is not set
+CONFIG_HARDENED_USERCOPY=y
+# CONFIG_HARDENED_USERCOPY_FALLBACK is not set
+# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
CONFIG_HARDEN_EL2_VECTORS=y
# CONFIG_HARDLOCKUP_DETECTOR is not set
# CONFIG_HAVE_AOUT is not set
@@ -1439,7 +1439,8 @@ CONFIG_GENERIC_NET_UTILS=y
# CONFIG_HAMACHI is not set
# CONFIG_HAMRADIO is not set
# CONFIG_HAPPYMEAL is not set
-# CONFIG_HARDENED_USERCOPY is not set
+CONFIG_HARDENED_USERCOPY=y
+# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
# CONFIG_HARDLOCKUP_DETECTOR is not set
# CONFIG_HAVE_AOUT is not set
CONFIG_HAVE_ARCH_HARDENED_USERCOPY=y
This adds additional checks to the copy_from_user() and copy_to_user() functions. The details are described in this article: https://lwn.net/Articles/695991/ This should only have a very small performance impact on system calls and should not affect routing performance. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> --- target/linux/generic/config-4.14 | 3 ++- target/linux/generic/config-4.19 | 4 +++- target/linux/generic/config-4.9 | 3 ++- 3 files changed, 7 insertions(+), 3 deletions(-)