On Wed, 2016-08-17 at 14:42 -0700, Kees Cook wrote: > This adds CONFIG_BUG_ON_DATA_CORRUPTION to trigger BUG()s when the > kernel > encounters unexpected data structure integrity as currently detected > with CONFIG_DEBUG_LIST. > > Specifically list operations have been a target for widening flaws to > gain > "write anywhere" primitives for attackers, so this also consolidates > the > debug checking to avoid code and check duplication (e.g. RCU list > debug > was missing a check that got added to regular list debug). It also > stops > manipulations when corruption is detected, since worsening the > corruption > makes no sense. (Really, everyone should build with CONFIG_DEBUG_LIST > since the checks are so inexpensive.) > > This is mostly a refactoring of similar code from PaX and Grsecurity, > along with MSM kernel changes by Syed Rameez Mustafa. > > Along with the patches is a new lkdtm test to validate that setting > CONFIG_DEBUG_LIST actually does what is desired. >
Series looks good to me, too.
