[linux] 04/04: [arm*, powerpc*, s390x, sparc64, x86] Enable HARDENED_USERCOPY

[debian-kernel at lists.debian.org]

This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch master
in repository linux.

commit 357c2335a58d52d26f9fc6e79f3f87d0b5813cf4
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Wed Oct 5 22:04:38 2016 +0100

    [arm*,powerpc*,s390x,sparc64,x86] Enable HARDENED_USERCOPY
    
    This enables HARDENED_USERCOPY in the top-level config rather than
    per-architecture, but it depends on a feature not yet implemented for
    all architectures.
---
 debian/changelog     | 1 +
 debian/config/config | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index f1fdc78..e1c60a4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -12,6 +12,7 @@ linux (4.8-1~exp1) UNRELEASED; urgency=medium
     iomem=relaxed
   * [mips*] Enable RANDOMIZE_BASE
   * Enable SLAB_FREELIST_RANDOM
+  * [arm*,powerpc*,s390x,sparc64,x86] Enable HARDENED_USERCOPY
 
  -- Ben Hutchings <ben at decadent.org.uk>  Sat, 01 Oct 2016 21:51:33 +0100
 
diff --git a/debian/config/config b/debian/config/config
index a97d375..21a8a5d 100644
--- a/debian/config/config
+++ b/debian/config/config
@@ -6656,6 +6656,8 @@ CONFIG_SECURITY_NETWORK_XFRM=y
 CONFIG_SECURITY_SECURELEVEL=y
 # CONFIG_INTEL_TXT is not set
 CONFIG_LSM_MMAP_MIN_ADDR=32768
+CONFIG_HARDENED_USERCOPY=y
+# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
 ## choice: Default security module
 CONFIG_DEFAULT_SECURITY_DAC=y
 ## end choice

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git