X-Git-Url: http://git.cascardo.info/?a=blobdiff_plain;f=security%2FKconfig;h=118f4549404ef2ed0241e86faceb03f2d3646d79;hb=80a77045daacc660659093b312ca0708b53ed558;hp=da10d9b573a4a809f6159d82660a717f224903ec;hpb=748e7fc20983fccd742e93c5b6a38ece1f71f80f;p=cascardo%2Flinux.git

diff --git a/security/Kconfig b/security/Kconfig
index da10d9b573a4..118f4549404e 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -147,6 +147,17 @@ config HARDENED_USERCOPY
 	  or are part of the kernel text. This kills entire classes
 	  of heap overflow exploits and similar kernel memory exposures.
 
+config HARDENED_USERCOPY_PAGESPAN
+	bool "Refuse to copy allocations that span multiple pages"
+	depends on HARDENED_USERCOPY
+	depends on EXPERT
+	help
+	  When a multi-page allocation is done without __GFP_COMP,
+	  hardened usercopy will reject attempts to copy it. There are,
+	  however, several cases of this in the kernel that have not all
+	  been removed. This config is intended to be used only while
+	  trying to find such users.
+
 source security/selinux/Kconfig
 source security/smack/Kconfig
 source security/tomoyo/Kconfig