I would like to propose two new compile time settings.
Both are fruits of the Kernel Self Protection Project.
# CONFIG_HARDENED_USERCOPY_FALLBACK is not set
# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
This option checks for obviously wrong memory regions when copying
memory to/from the kernel (via copy_to_user() and copy_from_user()
functions) by rejecting memory ranges that are larger than the
heap object, span multiple separately allocated pages, are not on
process stack, or are part of the kernel text. This kills entire
of heap overflow exploits and similar kernel memory exposures.
Debian, Ubuntu and CentOS build their kernels like this by default,
which I think underlines the general usefulness.
The performance penalty has been reported to be very small or not
in common scenarios. There have been, though, issues with networking
performance under heavy load, which led to the introduction of a
hardened_usercopy=off boot parameter
Many kernel heap attacks try to target slab cache metadata and other
infrastructure. This options makes minor performance sacrifies to
the kernel slab allocator against common freelist exploit methods.
Debian and Ubuntu build their kernels with this enabled.
According to Kees Cook, the performance penalty is almost
immeasurably small: https://lkml.org/lkml/2017/7/26/4
Thanks for consideration.
To unsubscribe, e-mail: opensuse-kernel+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-kernel+owner(a)opensuse.org