Please add oops_limit to -stable

From: Kees Cook
Date: Thu Jan 19 2023 - 19:27:05 EST

Next message: KP Singh: "Re: [PATCH V2] bpf: security enhancement by limiting the offensive eBPF helpers"
Previous message: Andrew Jeffery: "Re: [PATCH 1/2] dt-bindings: fsi: Document the IBM I2C Responder virtual FSI master"
Next in thread: Greg Kroah-Hartman: "Re: Please add oops_limit to -stable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

I'd like to ask that the oops_limit series get included in -stable
releases. It's a recommended defense developed while writing this
report:
https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html

I've had a few people ask about having it in -stable, for example:
https://lore.kernel.org/lkml/20230119201023.4003-1-sj@xxxxxxxxxx

This is the series:

9360d035a579 panic: Separate sysctl logic from CONFIG_SMP
d4ccd54d28d3 exit: Put an upper limit on how often we can oops
9db89b411170 exit: Expose "oops_count" to sysfs
de92f65719cd exit: Allow oops_limit to be disabled
79cc1ba7badf panic: Consolidate open-coded panic_on_warn checks
9fc9e278a5c0 panic: Introduce warn_limit
8b05aa263361 panic: Expose "warn_count" to sysfs
00dd027f721e docs: Fix path paste-o for /sys/kernel/warn_count
7535b832c639 exit: Use READ_ONCE() for all oops/warn limit reads

For v6.1.x they apply cleanly and behave as expected.

I'm hoping someone can step up and do backports for v5.15.x and earlier,
as there appear to be a number of conflicts and I'm swamped with other
stuff to do. :P

Thanks!

-Kees

--
Kees Cook

Next message: KP Singh: "Re: [PATCH V2] bpf: security enhancement by limiting the offensive eBPF helpers"
Previous message: Andrew Jeffery: "Re: [PATCH 1/2] dt-bindings: fsi: Document the IBM I2C Responder virtual FSI master"
Next in thread: Greg Kroah-Hartman: "Re: Please add oops_limit to -stable"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]