From 33615ccfa5a7c324a694f630f0b48fba8d40f9ba Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sun, 29 Apr 2018 12:00:16 +0200 Subject: [PATCH] linux_hardened: enforce usercopy whitelisting The default is to warn only --- pkgs/os-specific/linux/kernel/hardened-config.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 3a82c00c501..a00ba9ab7b8 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -78,6 +78,9 @@ ${optionalString (versionAtLeast version "4.13") '' # Perform usercopy bounds checking. HARDENED_USERCOPY y +${optionalString (versionAtLeast version "4.16") '' + HARDENED_USERCOPY_FALLBACK n +''} # Randomize allocator freelists. SLAB_FREELIST_RANDOM y