* [PATCH] kernel: enable CONFIG_SCHED_STACK_END_CHECK on x86_64, armv5tel and aarch64
@ 2020-04-18 8:42 Peter Müller
2020-04-20 7:12 ` Michael Tremer
0 siblings, 1 reply; 2+ messages in thread
From: Peter Müller @ 2020-04-18 8:42 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2237 bytes --]
> This option checks for a stack overrun on calls to schedule(). If the stack
> end location is found to be over written always panic as the content of the
> corrupted region can no longer be trusted. This is to ensure no erroneous
> behaviour occurs which could result in data corruption or a sporadic crash at a
> later stage once the region is examined. The runtime overhead introduced is
> minimal.
Fixes: #12376
Cc: Arne Fitzenreiter <arne.fitzenreiter(a)ipfire.org>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
config/kernel/kernel.config.aarch64-ipfire | 2 +-
config/kernel/kernel.config.armv5tel-ipfire-multi | 2 +-
config/kernel/kernel.config.x86_64-ipfire | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire
index 32ad2df07..2043e044a 100644
--- a/config/kernel/kernel.config.aarch64-ipfire
+++ b/config/kernel/kernel.config.aarch64-ipfire
@@ -6442,7 +6442,7 @@ CONFIG_PANIC_TIMEOUT=0
CONFIG_SCHED_DEBUG=y
CONFIG_SCHED_INFO=y
CONFIG_SCHEDSTATS=y
-# CONFIG_SCHED_STACK_END_CHECK is not set
+CONFIG_SCHED_STACK_END_CHECK=y
# CONFIG_DEBUG_TIMEKEEPING is not set
#
diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi
index cfa766005..dc09d33de 100644
--- a/config/kernel/kernel.config.armv5tel-ipfire-multi
+++ b/config/kernel/kernel.config.armv5tel-ipfire-multi
@@ -6924,7 +6924,7 @@ CONFIG_PANIC_TIMEOUT=0
CONFIG_SCHED_DEBUG=y
CONFIG_SCHED_INFO=y
CONFIG_SCHEDSTATS=y
-# CONFIG_SCHED_STACK_END_CHECK is not set
+CONFIG_SCHED_STACK_END_CHECK=y
# CONFIG_DEBUG_TIMEKEEPING is not set
#
diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire
index b16d13504..c4b1a7ae3 100644
--- a/config/kernel/kernel.config.x86_64-ipfire
+++ b/config/kernel/kernel.config.x86_64-ipfire
@@ -6429,7 +6429,7 @@ CONFIG_PANIC_TIMEOUT=0
CONFIG_SCHED_DEBUG=y
CONFIG_SCHED_INFO=y
CONFIG_SCHEDSTATS=y
-# CONFIG_SCHED_STACK_END_CHECK is not set
+CONFIG_SCHED_STACK_END_CHECK=y
# CONFIG_DEBUG_TIMEKEEPING is not set
#
--
2.16.4
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] kernel: enable CONFIG_SCHED_STACK_END_CHECK on x86_64, armv5tel and aarch64
2020-04-18 8:42 [PATCH] kernel: enable CONFIG_SCHED_STACK_END_CHECK on x86_64, armv5tel and aarch64 Peter Müller
@ 2020-04-20 7:12 ` Michael Tremer
0 siblings, 0 replies; 2+ messages in thread
From: Michael Tremer @ 2020-04-20 7:12 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 2468 bytes --]
Acked-by: Michael Tremer <michael.tremer(a)ipfire.org>
> On 18 Apr 2020, at 09:42, Peter Müller <peter.mueller(a)ipfire.org> wrote:
>
>> This option checks for a stack overrun on calls to schedule(). If the stack
>> end location is found to be over written always panic as the content of the
>> corrupted region can no longer be trusted. This is to ensure no erroneous
>> behaviour occurs which could result in data corruption or a sporadic crash at a
>> later stage once the region is examined. The runtime overhead introduced is
>> minimal.
>
> Fixes: #12376
>
> Cc: Arne Fitzenreiter <arne.fitzenreiter(a)ipfire.org>
> Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
> ---
> config/kernel/kernel.config.aarch64-ipfire | 2 +-
> config/kernel/kernel.config.armv5tel-ipfire-multi | 2 +-
> config/kernel/kernel.config.x86_64-ipfire | 2 +-
> 3 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire
> index 32ad2df07..2043e044a 100644
> --- a/config/kernel/kernel.config.aarch64-ipfire
> +++ b/config/kernel/kernel.config.aarch64-ipfire
> @@ -6442,7 +6442,7 @@ CONFIG_PANIC_TIMEOUT=0
> CONFIG_SCHED_DEBUG=y
> CONFIG_SCHED_INFO=y
> CONFIG_SCHEDSTATS=y
> -# CONFIG_SCHED_STACK_END_CHECK is not set
> +CONFIG_SCHED_STACK_END_CHECK=y
> # CONFIG_DEBUG_TIMEKEEPING is not set
>
> #
> diff --git a/config/kernel/kernel.config.armv5tel-ipfire-multi b/config/kernel/kernel.config.armv5tel-ipfire-multi
> index cfa766005..dc09d33de 100644
> --- a/config/kernel/kernel.config.armv5tel-ipfire-multi
> +++ b/config/kernel/kernel.config.armv5tel-ipfire-multi
> @@ -6924,7 +6924,7 @@ CONFIG_PANIC_TIMEOUT=0
> CONFIG_SCHED_DEBUG=y
> CONFIG_SCHED_INFO=y
> CONFIG_SCHEDSTATS=y
> -# CONFIG_SCHED_STACK_END_CHECK is not set
> +CONFIG_SCHED_STACK_END_CHECK=y
> # CONFIG_DEBUG_TIMEKEEPING is not set
>
> #
> diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire
> index b16d13504..c4b1a7ae3 100644
> --- a/config/kernel/kernel.config.x86_64-ipfire
> +++ b/config/kernel/kernel.config.x86_64-ipfire
> @@ -6429,7 +6429,7 @@ CONFIG_PANIC_TIMEOUT=0
> CONFIG_SCHED_DEBUG=y
> CONFIG_SCHED_INFO=y
> CONFIG_SCHEDSTATS=y
> -# CONFIG_SCHED_STACK_END_CHECK is not set
> +CONFIG_SCHED_STACK_END_CHECK=y
> # CONFIG_DEBUG_TIMEKEEPING is not set
>
> #
> --
> 2.16.4
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-04-20 7:12 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-18 8:42 [PATCH] kernel: enable CONFIG_SCHED_STACK_END_CHECK on x86_64, armv5tel and aarch64 Peter Müller
2020-04-20 7:12 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox