diff mbox series

[07/11] Kernel: Trigger BUG if data corruption is detected

Message ID	0588411b-01e1-cb02-0d2f-7e40831b3338@ipfire.org
State	Rejected
Headers	Message-ID: <0588411b-01e1-cb02-0d2f-7e40831b3338@ipfire.org> Date: Sat, 19 Mar 2022 21:10:11 +0000 MIME-Version: 1.0 Subject: [PATCH 07/11] Kernel: Trigger BUG if data corruption is detected Content-Language: en-US To: development@lists.ipfire.org References: <771528ff-9bb0-2073-4819-471ab16bb920@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@ipfire.org> In-Reply-To: <771528ff-9bb0-2073-4819-471ab16bb920@ipfire.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org>
Series	Kernel: Improve hardening \| [00/11] Kernel: Improve hardening [01/11] Kernel: Set CONFIG_ARCH_MMAP_RND_BITS to 32 bits [02/11] Kernel: Disable support for tracing block I/O actions [03/11] Kernel: Pin loading kernel files to one filesystem [04/11] Kernel: Enable undefined behaviour sanity checker [05/11] Kernel: Gate SETID transitions to limit CAP_SET(G\|U)ID capabilities [06/11] Kernel: Enable LSM support and set security level to "integrity" [07/11] Kernel: Trigger BUG if data corruption is detected [08/11] Kernel: Do not automatically load TTY line disciplines, only if necessary [09/11] Kernel: Enable SVA support for both Intel and AMD CPUs [10/11] Kernel: Disable function and stack tracers [11/11] Kernel: Update rootfile for x86_64

Commit Message

Peter Müller March 19, 2022, 9:10 p.m. UTC

  Since we cannot trust the kernel to do the right thing (tm) in such a
situation anymore, triggering a BUG is less bad than running on a kernel
in an undefined state.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 config/kernel/kernel.config.aarch64-ipfire | 4 ++--
 config/kernel/kernel.config.armv6l-ipfire  | 4 ++--
 config/kernel/kernel.config.riscv64-ipfire | 4 ++--
 config/kernel/kernel.config.x86_64-ipfire  | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

Comments

Michael Tremer March 23, 2022, 5:53 p.m. UTC | #1

I don’t quite follow what the benefit of this is.

The kernel would log something. That is it. Not bad, but I don’t see how this would help.

> On 19 Mar 2022, at 21:10, Peter Müller <peter.mueller@ipfire.org> wrote:
> 
> Since we cannot trust the kernel to do the right thing (tm) in such a
> situation anymore, triggering a BUG is less bad than running on a kernel
> in an undefined state.
> 
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> ---
> config/kernel/kernel.config.aarch64-ipfire | 4 ++--
> config/kernel/kernel.config.armv6l-ipfire  | 4 ++--
> config/kernel/kernel.config.riscv64-ipfire | 4 ++--
> config/kernel/kernel.config.x86_64-ipfire  | 4 ++--
> 4 files changed, 8 insertions(+), 8 deletions(-)
> 
> diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire
> index 356d9051d..06379d544 100644
> --- a/config/kernel/kernel.config.aarch64-ipfire
> +++ b/config/kernel/kernel.config.aarch64-ipfire
> @@ -8125,11 +8125,11 @@ CONFIG_STACKTRACE=y
> #
> # Debug kernel data structures
> #
> -# CONFIG_DEBUG_LIST is not set
> +CONFIG_DEBUG_LIST=y

Why did this have to be changed? CONFIG_BUG_ON_DATA_CORRUPTION does not depends on this as far as I can see.

> # CONFIG_DEBUG_PLIST is not set
> # CONFIG_DEBUG_SG is not set
> # CONFIG_DEBUG_NOTIFIERS is not set
> -# CONFIG_BUG_ON_DATA_CORRUPTION is not set
> +CONFIG_BUG_ON_DATA_CORRUPTION=y
> # end of Debug kernel data structures
> 
> # CONFIG_DEBUG_CREDENTIALS is not set
> diff --git a/config/kernel/kernel.config.armv6l-ipfire b/config/kernel/kernel.config.armv6l-ipfire
> index 9dab473d4..68e37304a 100644
> --- a/config/kernel/kernel.config.armv6l-ipfire
> +++ b/config/kernel/kernel.config.armv6l-ipfire
> @@ -8091,11 +8091,11 @@ CONFIG_STACKTRACE=y
> #
> # Debug kernel data structures
> #
> -# CONFIG_DEBUG_LIST is not set
> +CONFIG_DEBUG_LIST=y
> # CONFIG_DEBUG_PLIST is not set
> # CONFIG_DEBUG_SG is not set
> # CONFIG_DEBUG_NOTIFIERS is not set
> -# CONFIG_BUG_ON_DATA_CORRUPTION is not set
> +CONFIG_BUG_ON_DATA_CORRUPTION=y
> # end of Debug kernel data structures
> 
> # CONFIG_DEBUG_CREDENTIALS is not set
> diff --git a/config/kernel/kernel.config.riscv64-ipfire b/config/kernel/kernel.config.riscv64-ipfire
> index adef88dc9..8cec9a200 100644
> --- a/config/kernel/kernel.config.riscv64-ipfire
> +++ b/config/kernel/kernel.config.riscv64-ipfire
> @@ -6714,11 +6714,11 @@ CONFIG_STACKTRACE=y
> #
> # Debug kernel data structures
> #
> -# CONFIG_DEBUG_LIST is not set
> +CONFIG_DEBUG_LIST=y
> # CONFIG_DEBUG_PLIST is not set
> # CONFIG_DEBUG_SG is not set
> # CONFIG_DEBUG_NOTIFIERS is not set
> -# CONFIG_BUG_ON_DATA_CORRUPTION is not set
> +CONFIG_BUG_ON_DATA_CORRUPTION=y
> # end of Debug kernel data structures
> 
> # CONFIG_DEBUG_CREDENTIALS is not set
> diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire
> index 222b2dc53..0c6731bd1 100644
> --- a/config/kernel/kernel.config.x86_64-ipfire
> +++ b/config/kernel/kernel.config.x86_64-ipfire
> @@ -7556,11 +7556,11 @@ CONFIG_STACKTRACE=y
> #
> # Debug kernel data structures
> #
> -# CONFIG_DEBUG_LIST is not set
> +CONFIG_DEBUG_LIST=y
> # CONFIG_DEBUG_PLIST is not set
> # CONFIG_DEBUG_SG is not set
> # CONFIG_DEBUG_NOTIFIERS is not set
> -# CONFIG_BUG_ON_DATA_CORRUPTION is not set
> +CONFIG_BUG_ON_DATA_CORRUPTION=y
> # end of Debug kernel data structures
> 
> # CONFIG_DEBUG_CREDENTIALS is not set
> -- 
> 2.34.1

diff mbox series

Patch

diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire
index 356d9051d..06379d544 100644
--- a/config/kernel/kernel.config.aarch64-ipfire
+++ b/config/kernel/kernel.config.aarch64-ipfire
@@ -8125,11 +8125,11 @@  CONFIG_STACKTRACE=y
 #
 # Debug kernel data structures
 #
-# CONFIG_DEBUG_LIST is not set
+CONFIG_DEBUG_LIST=y
 # CONFIG_DEBUG_PLIST is not set
 # CONFIG_DEBUG_SG is not set
 # CONFIG_DEBUG_NOTIFIERS is not set
-# CONFIG_BUG_ON_DATA_CORRUPTION is not set
+CONFIG_BUG_ON_DATA_CORRUPTION=y
 # end of Debug kernel data structures
 
 # CONFIG_DEBUG_CREDENTIALS is not set
diff --git a/config/kernel/kernel.config.armv6l-ipfire b/config/kernel/kernel.config.armv6l-ipfire
index 9dab473d4..68e37304a 100644
--- a/config/kernel/kernel.config.armv6l-ipfire
+++ b/config/kernel/kernel.config.armv6l-ipfire
@@ -8091,11 +8091,11 @@  CONFIG_STACKTRACE=y
 #
 # Debug kernel data structures
 #
-# CONFIG_DEBUG_LIST is not set
+CONFIG_DEBUG_LIST=y
 # CONFIG_DEBUG_PLIST is not set
 # CONFIG_DEBUG_SG is not set
 # CONFIG_DEBUG_NOTIFIERS is not set
-# CONFIG_BUG_ON_DATA_CORRUPTION is not set
+CONFIG_BUG_ON_DATA_CORRUPTION=y
 # end of Debug kernel data structures
 
 # CONFIG_DEBUG_CREDENTIALS is not set
diff --git a/config/kernel/kernel.config.riscv64-ipfire b/config/kernel/kernel.config.riscv64-ipfire
index adef88dc9..8cec9a200 100644
--- a/config/kernel/kernel.config.riscv64-ipfire
+++ b/config/kernel/kernel.config.riscv64-ipfire
@@ -6714,11 +6714,11 @@  CONFIG_STACKTRACE=y
 #
 # Debug kernel data structures
 #
-# CONFIG_DEBUG_LIST is not set
+CONFIG_DEBUG_LIST=y
 # CONFIG_DEBUG_PLIST is not set
 # CONFIG_DEBUG_SG is not set
 # CONFIG_DEBUG_NOTIFIERS is not set
-# CONFIG_BUG_ON_DATA_CORRUPTION is not set
+CONFIG_BUG_ON_DATA_CORRUPTION=y
 # end of Debug kernel data structures
 
 # CONFIG_DEBUG_CREDENTIALS is not set
diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire
index 222b2dc53..0c6731bd1 100644
--- a/config/kernel/kernel.config.x86_64-ipfire
+++ b/config/kernel/kernel.config.x86_64-ipfire
@@ -7556,11 +7556,11 @@  CONFIG_STACKTRACE=y
 #
 # Debug kernel data structures
 #
-# CONFIG_DEBUG_LIST is not set
+CONFIG_DEBUG_LIST=y
 # CONFIG_DEBUG_PLIST is not set
 # CONFIG_DEBUG_SG is not set
 # CONFIG_DEBUG_NOTIFIERS is not set
-# CONFIG_BUG_ON_DATA_CORRUPTION is not set
+CONFIG_BUG_ON_DATA_CORRUPTION=y
 # end of Debug kernel data structures
 
 # CONFIG_DEBUG_CREDENTIALS is not set