On Mon, Jun 25, 2018 at 3:29 PM, Christoph von Recklinghausen <crecklin@xxxxxxxxxx> wrote: > I have a small set of customers that want CONFIG_HARDENED_USERCOPY > enabled, and a large number of customers who would be impacted by its > default behavior (before my change). The desire was to have the smaller > number of users need to change their boot lines to get the behavior they > wanted. Adding CONFIG_HUC_DEFAULT_OFF was an attempt to preserve the > default behavior of existing users of CONFIG_HARDENED_USERCOPY (default > enabled) and allowing that to coexist with the desires of the greater > number of my customers (default disabled). > > If folks think that it's better to have it enabled by default and the > command line option to turn it off I can do that (it is simpler). Does > anyone else have opinions one way or the other? I would prefer to isolate the actual problem case, and fix it if possible. (i.e. try to make the copy fixed-length, etc) Barring that, yes, a kernel command line to disable the protection would be okay. Note that the test needs to be inside __check_object_size() otherwise the inline optimization with __builtin_constant_p() gets broken and makes everyone slower. :) -Kees -- Kees Cook Pixel Security
