[PATCH v3 0/5] bug: Provide toggle for BUG on data corruption

From: Kees Cook
Date: Wed Aug 17 2016 - 17:43:18 EST

Next message: Rik van Riel: "Re: [x86/uaccess] 5b710f34e1: kernel BUG at mm/usercopy.c:75!"
Previous message: Pavel Machek: "Re: [PATCH v6 0/5] /dev/random - a new approach"
Next in thread: Kees Cook: "[PATCH v3 5/5] lkdtm: Add tests for struct list corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This adds CONFIG_BUG_ON_DATA_CORRUPTION to trigger BUG()s when the kernel
encounters unexpected data structure integrity as currently detected
with CONFIG_DEBUG_LIST.

Specifically list operations have been a target for widening flaws to gain
"write anywhere" primitives for attackers, so this also consolidates the
debug checking to avoid code and check duplication (e.g. RCU list debug
was missing a check that got added to regular list debug). It also stops
manipulations when corruption is detected, since worsening the corruption
makes no sense. (Really, everyone should build with CONFIG_DEBUG_LIST
since the checks are so inexpensive.)

This is mostly a refactoring of similar code from PaX and Grsecurity,
along with MSM kernel changes by Syed Rameez Mustafa.

Along with the patches is a new lkdtm test to validate that setting
CONFIG_DEBUG_LIST actually does what is desired.

Thanks,

-Kees

v3:
- fix MSM attribution, sboyd
- use pr_err, joe

v2:
- consolidate printk/WARN/BUG/return logic into a CONFIG-specific macro
- drop non-list BUGs, labbott

Next message: Rik van Riel: "Re: [x86/uaccess] 5b710f34e1: kernel BUG at mm/usercopy.c:75!"
Previous message: Pavel Machek: "Re: [PATCH v6 0/5] /dev/random - a new approach"
Next in thread: Kees Cook: "[PATCH v3 5/5] lkdtm: Add tests for struct list corruption"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]