Skip to content

Commit aa9f10d

Browse files
melverkees
melver
authored and
kees
committed
hardening: Move BUG_ON_DATA_CORRUPTION to hardening options
BUG_ON_DATA_CORRUPTION is turning detected corruptions of list data structures from WARNings into BUGs. This can be useful to stop further corruptions or even exploitation attempts. However, the option has less to do with debugging than with hardening. With the introduction of LIST_HARDENED, it makes more sense to move it to the hardening options, where it selects LIST_HARDENED instead. Without this change, combining BUG_ON_DATA_CORRUPTION with LIST_HARDENED alone wouldn't be possible, because DEBUG_LIST would always be selected by BUG_ON_DATA_CORRUPTION. Signed-off-by: Marco Elver <elver@google.com> Link: https://lore.kernel.org/r/20230811151847.1594958-4-elver@google.com Signed-off-by: Kees Cook <keescook@chromium.org>
1 parent aebc7b0 commit aa9f10d

File tree

2 files changed

+11
-11
lines changed

2 files changed

+11
-11
lines changed

lib/Kconfig.debug

Lines changed: 1 addition & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1673,7 +1673,7 @@ menu "Debug kernel data structures"
16731673

16741674
config DEBUG_LIST
16751675
bool "Debug linked list manipulation"
1676-
depends on DEBUG_KERNEL || BUG_ON_DATA_CORRUPTION
1676+
depends on DEBUG_KERNEL
16771677
select LIST_HARDENED
16781678
help
16791679
Enable this to turn on extended checks in the linked-list walking
@@ -1715,16 +1715,6 @@ config DEBUG_NOTIFIERS
17151715
This is a relatively cheap check but if you care about maximum
17161716
performance, say N.
17171717

1718-
config BUG_ON_DATA_CORRUPTION
1719-
bool "Trigger a BUG when data corruption is detected"
1720-
select DEBUG_LIST
1721-
help
1722-
Select this option if the kernel should BUG when it encounters
1723-
data corruption in kernel memory structures when they get checked
1724-
for validity.
1725-
1726-
If unsure, say N.
1727-
17281718
config DEBUG_MAPLE_TREE
17291719
bool "Debug maple trees"
17301720
depends on DEBUG_KERNEL

security/Kconfig.hardening

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -290,6 +290,16 @@ config LIST_HARDENED
290290

291291
If unsure, say N.
292292

293+
config BUG_ON_DATA_CORRUPTION
294+
bool "Trigger a BUG when data corruption is detected"
295+
select LIST_HARDENED
296+
help
297+
Select this option if the kernel should BUG when it encounters
298+
data corruption in kernel memory structures when they get checked
299+
for validity.
300+
301+
If unsure, say N.
302+
293303
endmenu
294304

295305
config CC_HAS_RANDSTRUCT

0 commit comments

Comments
 (0)