On 06/25/2018 06:35 PM, Kees Cook wrote: > On Mon, Jun 25, 2018 at 3:29 PM, Christoph von Recklinghausen > <crecklin@xxxxxxxxxx> wrote: >> I have a small set of customers that want CONFIG_HARDENED_USERCOPY >> enabled, and a large number of customers who would be impacted by its >> default behavior (before my change). The desire was to have the smaller >> number of users need to change their boot lines to get the behavior they >> wanted. Adding CONFIG_HUC_DEFAULT_OFF was an attempt to preserve the >> default behavior of existing users of CONFIG_HARDENED_USERCOPY (default >> enabled) and allowing that to coexist with the desires of the greater >> number of my customers (default disabled). >> >> If folks think that it's better to have it enabled by default and the >> command line option to turn it off I can do that (it is simpler). Does >> anyone else have opinions one way or the other? > I would prefer to isolate the actual problem case, and fix it if > possible. (i.e. try to make the copy fixed-length, etc) Barring that, > yes, a kernel command line to disable the protection would be okay. > > Note that the test needs to be inside __check_object_size() otherwise > the inline optimization with __builtin_constant_p() gets broken and > makes everyone slower. :) > > -Kees > Thanks Kees, I'll make that change and retest. Chris
