kernel: enable CONFIG_SCHED_STACK_END_CHECK on x86_64, armv5tel and aarch64
Commit Message
> This option checks for a stack overrun on calls to schedule(). If the stack
> end location is found to be over written always panic as the content of the
> corrupted region can no longer be trusted. This is to ensure no erroneous
> behaviour occurs which could result in data corruption or a sporadic crash at a
> later stage once the region is examined. The runtime overhead introduced is
> minimal.
Fixes: #12376
Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
config/kernel/kernel.config.aarch64-ipfire | 2 +-
config/kernel/kernel.config.armv5tel-ipfire-multi | 2 +-
config/kernel/kernel.config.x86_64-ipfire | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
Comments
Acked-by: Michael Tremer <michael.tremer@ipfire.org>
> On 18 Apr 2020, at 09:42, Peter Müller <peter.mueller@ipfire.org> wrote:
>
>> This option checks for a stack overrun on calls to schedule(). If the stack
>> end location is found to be over written always panic as the content of the
>> corrupted region can no longer be trusted. This is to ensure no erroneous
>> behaviour occurs which could result in data corruption or a sporadic crash at a
>> later stage once the region is examined. The runtime overhead introduced is
>> minimal.
>
> Fixes: #12376
>
> Cc: Arne Fitzenreiter <arne.fitzenreiter@ipfire.org>
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> ---
> config/kernel/kernel.config.aarch64-ipfire | 2 +-
> config/kernel/kernel.config.armv5tel-ipfire-multi | 2 +-
> config/kernel/kernel.config.x86_64-ipfire | 2 +-
> 3 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire
> index 32ad2df07..2043e044a 100644
> --- a/config/kernel/kernel.config.aarch64-ipfire
> +++ b/config/kernel/kernel.config.aarch64-ipfire
> @@ -6442,7 +6442,7 @@ CONFIG_PANIC_TIMEOUT=0
> CONFIG_SCHED_DEBUG=y
> CONFIG_SCHED_INFO=y
> CONFIG_SCHEDSTATS=y
> -# CONFIG_SCHED_STACK_END_CHECK is not set
> +CONFIG_SCHED_STACK_END_CHECK=y
> # CONFIG_DEBUG_TIMEKEEPING is not set
>
> #
> diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi
> index cfa766005..dc09d33de 100644
> --- a/config/kernel/kernel.config.armv5tel-ipfire-multi
> +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi
> @@ -6924,7 +6924,7 @@ CONFIG_PANIC_TIMEOUT=0
> CONFIG_SCHED_DEBUG=y
> CONFIG_SCHED_INFO=y
> CONFIG_SCHEDSTATS=y
> -# CONFIG_SCHED_STACK_END_CHECK is not set
> +CONFIG_SCHED_STACK_END_CHECK=y
> # CONFIG_DEBUG_TIMEKEEPING is not set
>
> #
> diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire
> index b16d13504..c4b1a7ae3 100644
> --- a/config/kernel/kernel.config.x86_64-ipfire
> +++ b/config/kernel/kernel.config.x86_64-ipfire
> @@ -6429,7 +6429,7 @@ CONFIG_PANIC_TIMEOUT=0
> CONFIG_SCHED_DEBUG=y
> CONFIG_SCHED_INFO=y
> CONFIG_SCHEDSTATS=y
> -# CONFIG_SCHED_STACK_END_CHECK is not set
> +CONFIG_SCHED_STACK_END_CHECK=y
> # CONFIG_DEBUG_TIMEKEEPING is not set
>
> #
> --
> 2.16.4
@@ -6442,7 +6442,7 @@ CONFIG_PANIC_TIMEOUT=0
CONFIG_SCHED_DEBUG=y
CONFIG_SCHED_INFO=y
CONFIG_SCHEDSTATS=y
-# CONFIG_SCHED_STACK_END_CHECK is not set
+CONFIG_SCHED_STACK_END_CHECK=y
# CONFIG_DEBUG_TIMEKEEPING is not set
#
@@ -6924,7 +6924,7 @@ CONFIG_PANIC_TIMEOUT=0
CONFIG_SCHED_DEBUG=y
CONFIG_SCHED_INFO=y
CONFIG_SCHEDSTATS=y
-# CONFIG_SCHED_STACK_END_CHECK is not set
+CONFIG_SCHED_STACK_END_CHECK=y
# CONFIG_DEBUG_TIMEKEEPING is not set
#
@@ -6429,7 +6429,7 @@ CONFIG_PANIC_TIMEOUT=0
CONFIG_SCHED_DEBUG=y
CONFIG_SCHED_INFO=y
CONFIG_SCHEDSTATS=y
-# CONFIG_SCHED_STACK_END_CHECK is not set
+CONFIG_SCHED_STACK_END_CHECK=y
# CONFIG_DEBUG_TIMEKEEPING is not set
#