[PATCH v2 0/5] bug: Provide toggle for BUG on data corruption

From: Kees Cook
Date: Tue Aug 16 2016 - 20:27:03 EST

Next message: Ben Hutchings: "Re: [PATCH 3.16 289/305] netfilter: x_tables: validate targets of jumps"
Previous message: Guenter Roeck: "Re: Problem with atomic accesses in pstore on some ARM CPUs"
Next in thread: Kees Cook: "[PATCH v2 1/5] list: Split list_add() debug checking into separate function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This adds a CONFIG to trigger BUG()s when the kernel encounters
unexpected data structure integrity as currently detected with
CONFIG_DEBUG_LIST.

Specifically list operations have been a target for widening flaws to gain
"write anywhere" primitives for attackers, so this also consolidates the
debug checking to avoid code and check duplication (e.g. RCU list debug
was missing a check that got added to regular list debug). It also stops
manipulations when corruption is detected, since worsening the corruption
makes no sense. (Really, everyone should build with CONFIG_DEBUG_LIST
since the checks are so inexpensive.)

This is mostly a refactoring of similar code from PaX and Grsecurity,
along with MSM kernel changes by Stephen Boyd.

Along with the patches is a new lkdtm test to validate that setting
CONFIG_DEBUG_LIST actually does what is desired.

Thanks,

-Kees

Next message: Ben Hutchings: "Re: [PATCH 3.16 289/305] netfilter: x_tables: validate targets of jumps"
Previous message: Guenter Roeck: "Re: Problem with atomic accesses in pstore on some ARM CPUs"
Next in thread: Kees Cook: "[PATCH v2 1/5] list: Split list_add() debug checking into separate function"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]