[PATCH 2/8] UBUNTU: [Config] Enable linked list manipulation checks
Tyler Hicks
tyhicks at canonical.com
Sun Jan 19 13:10:23 UTC 2020
BugLink: https://launchpad.net/bugs/1855334
Turn on CONFIG_DEBUG_LIST which does some sanity checking on the
surrounding linked list elements when adding or removing an element. If
the sanity check fails, the list manipulation operation is not performed
and a loud warning is printed to the logs.
This may prevent some exploits that involve manipulating a linked list.
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
debian.master/config/annotations | 3 ++-
debian.master/config/config.common.ubuntu | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/debian.master/config/annotations b/debian.master/config/annotations
index a14064062df2..c8781797bfe8 100644
--- a/debian.master/config/annotations
+++ b/debian.master/config/annotations
@@ -10621,7 +10621,7 @@ CONFIG_SCHED_STACK_END_CHECK policy<{'amd64': 'y', 'arm64': '
CONFIG_DEBUG_PREEMPT policy<{'amd64-lowlatency': 'n', 'i386-lowlatency': 'n'}>
CONFIG_DEBUG_KOBJECT policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}>
CONFIG_DEBUG_BUGVERBOSE policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}>
-CONFIG_DEBUG_LIST policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}>
+CONFIG_DEBUG_LIST policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}>
CONFIG_DEBUG_PLIST policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}>
CONFIG_DEBUG_SG policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}>
CONFIG_DEBUG_NOTIFIERS policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}>
@@ -10631,6 +10631,7 @@ CONFIG_DEBUG_BLOCK_EXT_DEVT policy<{'amd64': 'n', 'arm64': '
CONFIG_CPU_HOTPLUG_STATE_CONTROL policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}>
CONFIG_LATENCYTOP policy<{'amd64-generic': 'n', 'amd64-lowlatency': 'y', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}>
#
+CONFIG_DEBUG_LIST mark<ENFORCED> note<LP:1855334>
CONFIG_LATENCYTOP mark<ENFORCED> note<https://lists.ubuntu.com/archives/kernel-team/2014-July/045006.html, LP#1655986>
# Menu: Kernel hacking >> Kernel debugging >> Architecture: arm
diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
index 4aace08c2bfa..b0b3b98cfa6f 100644
--- a/debian.master/config/config.common.ubuntu
+++ b/debian.master/config/config.common.ubuntu
@@ -2323,7 +2323,7 @@ CONFIG_DEBUG_KERNEL=y
# CONFIG_DEBUG_KERNEL_DC is not set
# CONFIG_DEBUG_KMEMLEAK is not set
# CONFIG_DEBUG_KOBJECT is not set
-# CONFIG_DEBUG_LIST is not set
+CONFIG_DEBUG_LIST=y
# CONFIG_DEBUG_LL is not set
CONFIG_DEBUG_LL_INCLUDE="mach/debug-macro.S"
# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set
--
2.17.1
More information about the kernel-team
mailing list