usercopy: Disable CONFIG_HARDENED_USERCOPY_PAGESPAN

kees · kees · commit ef3e787c21d1 · 2022-03-24T15:57:25.000-07:00
CONFIG_HARDENED_USERCOPY_PAGESPAN has been mostly broken for a while, and it has become hard to ignore with some recent scsi changes[1]. While there is a more complete series to replace it with better checks[2], it should have more soak time in -next. Instead, disable the config now, with the expectation that it will be fully replaced in the next kernel release. [1] https://lore.kernel.org/lkml/20220324064846.GA12961@lst.de/ [2] https://lore.kernel.org/linux-hardening/20220110231530.665970-1-willy@infradead.org/ Suggested-by: Christoph Hellwig <hch@lst.de> Cc: "Matthew Wilcox (Oracle)" <willy@infradead.org> Signed-off-by: Kees Cook <keescook@chromium.org>
diff --git a/security/Kconfig b/security/Kconfig
@@ -166,7 +166,7 @@ config HARDENED_USERCOPY
 config HARDENED_USERCOPY_PAGESPAN
 	bool "Refuse to copy allocations that span multiple pages"
 	depends on HARDENED_USERCOPY
-	depends on EXPERT
+	depends on BROKEN
 	help
 	  When a multi-page allocation is done without __GFP_COMP,
 	  hardened usercopy will reject attempts to copy it. There are,
