Commit aa9f10d5 authored by Marco Elver's avatar Marco Elver Committed by Kees Cook
Browse files

hardening: Move BUG_ON_DATA_CORRUPTION to hardening options 



BUG_ON_DATA_CORRUPTION is turning detected corruptions of list data
structures from WARNings into BUGs. This can be useful to stop further
corruptions or even exploitation attempts.

However, the option has less to do with debugging than with hardening.
With the introduction of LIST_HARDENED, it makes more sense to move it
to the hardening options, where it selects LIST_HARDENED instead.

Without this change, combining BUG_ON_DATA_CORRUPTION with LIST_HARDENED
alone wouldn't be possible, because DEBUG_LIST would always be selected
by BUG_ON_DATA_CORRUPTION.

Signed-off-by: default avatarMarco Elver <elver@google.com>
Link: https://lore.kernel.org/r/20230811151847.1594958-4-elver@google.com


Signed-off-by: default avatarKees Cook <keescook@chromium.org>
parent aebc7b0d

lib/Kconfig.debug

+1 −11
Original line number Diff line number Diff line
@@ -1673,7 +1673,7 @@ menu "Debug kernel data structures" 


config DEBUG_LIST

	bool "Debug linked list manipulation"

	depends on DEBUG_KERNEL || BUG_ON_DATA_CORRUPTION

	depends on DEBUG_KERNEL

	select LIST_HARDENED

	help

	  Enable this to turn on extended checks in the linked-list walking
@@ -1715,16 +1715,6 @@ config DEBUG_NOTIFIERS 
	  This is a relatively cheap check but if you care about maximum

	  performance, say N.



config BUG_ON_DATA_CORRUPTION

	bool "Trigger a BUG when data corruption is detected"

	select DEBUG_LIST

	help

	  Select this option if the kernel should BUG when it encounters

	  data corruption in kernel memory structures when they get checked

	  for validity.



	  If unsure, say N.



config DEBUG_MAPLE_TREE

	bool "Debug maple trees"

	depends on DEBUG_KERNEL

security/Kconfig.hardening

+10 −0
Original line number Diff line number Diff line
@@ -290,6 +290,16 @@ config LIST_HARDENED 


	  If unsure, say N.



config BUG_ON_DATA_CORRUPTION

	bool "Trigger a BUG when data corruption is detected"

	select LIST_HARDENED

	help

	  Select this option if the kernel should BUG when it encounters

	  data corruption in kernel memory structures when they get checked

	  for validity.



	  If unsure, say N.



endmenu



config CC_HAS_RANDSTRUCT