[X/B/C/D linux-kvm][SRU][PATCH 0/1] enable SCHED_STACK_END_CHECK
Po-Hsu Lin
po-hsu.lin at canonical.com
Thu Jun 6 09:26:49 UTC 2019
BugLink: https://bugs.launchpad.net/bugs/1812159
== SRU Justification ==
Security team requires the SCHED_STACK_END_CHECK config to be enabled
on all of our kernel.
The test_380_config_sched_stack_end_check test from q-r-t will fail on
all the KVM kernels.
Copied from the config help text:
This option checks for a stack overrun on calls to schedule(). If the
stack end location is found to be over written always panic as the
content of the corrupted region can no longer be trusted. This is to
ensure no erroneous behaviour occurs which could result in data
corruption or a sporadic crash at a later stage once the region is
examined. The runtime overhead introduced is minimal.
== Test ==
Test kernels could be found here:
https://people.canonical.com/~phlin/kernel/lp-1812159-kvm-sched-check/
This issue can be verified with test_380_config_sched_stack_end_check
test from q-r-t, the test will pass with the patched kernel.
== Regression Potential ==
Low, the introduced runtime overhead is minimal, and it's already
enabled in the generic kernel.
Po-Hsu Lin (1):
UBUNTU: [Config]: enable SCHED_STACK_END_CHECK
debian.kvm/config/config.common.ubuntu | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.7.4
More information about the kernel-team
mailing list