ACK: [X/B/C/D linux-kvm][SRU][PATCH 0/1] enable SCHED_STACK_END_CHECK
Kamal Mostafa
kamal at canonical.com
Wed Jun 26 15:40:00 UTC 2019
Common security feature; aligns with GA kernel config; LGTM.
Acked-by: Kamal Mostafa <kamal at canonical.com>
-Kamal
On Thu, Jun 06, 2019 at 05:26:49PM +0800, Po-Hsu Lin wrote:
> BugLink: https://bugs.launchpad.net/bugs/1812159
>
> == SRU Justification ==
> Security team requires the SCHED_STACK_END_CHECK config to be enabled
> on all of our kernel.
>
> The test_380_config_sched_stack_end_check test from q-r-t will fail on
> all the KVM kernels.
>
> Copied from the config help text:
> This option checks for a stack overrun on calls to schedule(). If the
> stack end location is found to be over written always panic as the
> content of the corrupted region can no longer be trusted. This is to
> ensure no erroneous behaviour occurs which could result in data
> corruption or a sporadic crash at a later stage once the region is
> examined. The runtime overhead introduced is minimal.
>
> == Test ==
> Test kernels could be found here:
> https://people.canonical.com/~phlin/kernel/lp-1812159-kvm-sched-check/
> This issue can be verified with test_380_config_sched_stack_end_check
> test from q-r-t, the test will pass with the patched kernel.
>
> == Regression Potential ==
> Low, the introduced runtime overhead is minimal, and it's already
> enabled in the generic kernel.
>
>
> Po-Hsu Lin (1):
> UBUNTU: [Config]: enable SCHED_STACK_END_CHECK
>
> debian.kvm/config/config.common.ubuntu | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> --
> 2.7.4
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list