diff options
author | Marco Elver <elver@google.com> | 2023-08-11 17:18:41 +0200 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2023-08-15 14:57:25 -0700 |
commit | aa9f10d57056cea51d41283d3785bccbbb9f459e (patch) | |
tree | 712f14060857e79e26767cf46bd5e767592d422b /security | |
parent | aebc7b0d8d91bbc69e976909963046bc48bca4fd (diff) | |
download | lwn-aa9f10d57056cea51d41283d3785bccbbb9f459e.tar.gz lwn-aa9f10d57056cea51d41283d3785bccbbb9f459e.zip |
hardening: Move BUG_ON_DATA_CORRUPTION to hardening options
BUG_ON_DATA_CORRUPTION is turning detected corruptions of list data
structures from WARNings into BUGs. This can be useful to stop further
corruptions or even exploitation attempts.
However, the option has less to do with debugging than with hardening.
With the introduction of LIST_HARDENED, it makes more sense to move it
to the hardening options, where it selects LIST_HARDENED instead.
Without this change, combining BUG_ON_DATA_CORRUPTION with LIST_HARDENED
alone wouldn't be possible, because DEBUG_LIST would always be selected
by BUG_ON_DATA_CORRUPTION.
Signed-off-by: Marco Elver <elver@google.com>
Link: https://lore.kernel.org/r/20230811151847.1594958-4-elver@google.com
Signed-off-by: Kees Cook <keescook@chromium.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/Kconfig.hardening | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening index ffc3c702b461..2cff851ebfd7 100644 --- a/security/Kconfig.hardening +++ b/security/Kconfig.hardening @@ -290,6 +290,16 @@ config LIST_HARDENED If unsure, say N. +config BUG_ON_DATA_CORRUPTION + bool "Trigger a BUG when data corruption is detected" + select LIST_HARDENED + help + Select this option if the kernel should BUG when it encounters + data corruption in kernel memory structures when they get checked + for validity. + + If unsure, say N. + endmenu config CC_HAS_RANDSTRUCT |