On Wed, 17 Aug 2016 14:42:07 -0700 Kees Cook <keesc...@chromium.org> wrote:
> This adds CONFIG_BUG_ON_DATA_CORRUPTION to trigger BUG()s when the kernel > encounters unexpected data structure integrity as currently detected > with CONFIG_DEBUG_LIST. > > Specifically list operations have been a target for widening flaws to gain > "write anywhere" primitives for attackers, so this also consolidates the > debug checking to avoid code and check duplication (e.g. RCU list debug > was missing a check that got added to regular list debug). It also stops > manipulations when corruption is detected, since worsening the corruption > makes no sense. (Really, everyone should build with CONFIG_DEBUG_LIST > since the checks are so inexpensive.) > > This is mostly a refactoring of similar code from PaX and Grsecurity, > along with MSM kernel changes by Syed Rameez Mustafa. > > Along with the patches is a new lkdtm test to validate that setting > CONFIG_DEBUG_LIST actually does what is desired. > The series looks fine by me. Acked-by: Steven Rostedt <rost...@goodmis.org> -- Steve > Thanks, > > -Kees > > v3: > - fix MSM attribution, sboyd > - use pr_err, joe > > v2: > - consolidate printk/WARN/BUG/return logic into a CONFIG-specific macro > - drop non-list BUGs, labbott