[PATCH 0/5] bug: Provide toggle for BUG on data corruption

From: Kees Cook
Date: Tue Aug 16 2016 - 17:11:31 EST

Next message: Kees Cook: "[PATCH 1/5] list: Split list_add() debug checking into separate function"
Previous message: Kees Cook: "[PATCH 3/5] list: Split list_del() debug checking into separate function"
Next in thread: Kees Cook: "[PATCH 3/5] list: Split list_del() debug checking into separate function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This adds a CONFIG to trigger BUG()s when the kernel encounters
unexpected data structure integrity as currently detected with
CONFIG_DEBUG_LIST, CONFIG_DEBUG_SPINLOCK, and with workqueues.

Specifically list operations have been a target for widening flaws to gain
"write anywhere" primitives for attackers, so this also consolidates the
debug checking to avoid code and check duplication (e.g. RCU list debug
was missing a check that got added to regular list debug). It also stops
manipulations when corruption is detected, since worsening the corruption
makes no sense. (Really, everyone should build with CONFIG_DEBUG_LIST
since the checks are so inexpensive.)

This is mostly a refactoring of similar code from PaX and Grsecurity,
along with MSM kernel changes by Stephen Boyd.

Along with the patches is a new lkdtm test to validate that setting
CONFIG_DEBUG_LIST actually does what is desired.

Thanks,

-Kees

Next message: Kees Cook: "[PATCH 1/5] list: Split list_add() debug checking into separate function"
Previous message: Kees Cook: "[PATCH 3/5] list: Split list_del() debug checking into separate function"
Next in thread: Kees Cook: "[PATCH 3/5] list: Split list_del() debug checking into separate function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]