lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CAGXu5jJfpOFs-T7qeGc4tf0GMu54uxNKPZmrTkk5O4kfZx=E4Q@mail.gmail.com>
Date:   Mon, 2 Oct 2017 11:10:46 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Randy Dunlap <rdunlap@...radead.org>
Cc:     LKML <linux-kernel@...r.kernel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Luis Rodriguez <mcgrof@...nel.org>,
        Dave Hansen <dave.hansen@...el.com>
Subject: Re: [PATCH] Kernel hacking menu: Runtime testing: keep tests together

On Mon, Oct 2, 2017 at 10:48 AM, Randy Dunlap <rdunlap@...radead.org> wrote:
> From: Randy Dunlap <rdunlap@...radead.org>
>
> Expand the "Runtime testing" menu by including more entries inside
> it instead of after it. This is just Kconfig symbol movement.

Thanks!

Acked-by: Kees Cook <keescook@...omium.org>

-Kees

>
> This causes the (arch-independent) Runtime tests to be presented
> (listed) all in one place instead of in multiple places.
>
> Signed-off-by: Randy Dunlap <rdunlap@...radead.org>
> Cc: Kees Cook <keescook@...omium.org>
> Cc: Dave Hansen <dave.hansen@...el.com>
> Cc: "Luis R. Rodriguez" <mcgrof@...nel.org>
> ---
>  lib/Kconfig.debug |  143 +++++++++++++++++++++-----------------------
>  1 file changed, 71 insertions(+), 72 deletions(-)
>
> --- lnx-414-rc3.orig/lib/Kconfig.debug
> +++ lnx-414-rc3/lib/Kconfig.debug
> @@ -1590,6 +1590,54 @@ config LATENCYTOP
>
>  source kernel/trace/Kconfig
>
> +config PROVIDE_OHCI1394_DMA_INIT
> +       bool "Remote debugging over FireWire early on boot"
> +       depends on PCI && X86
> +       help
> +         If you want to debug problems which hang or crash the kernel early
> +         on boot and the crashing machine has a FireWire port, you can use
> +         this feature to remotely access the memory of the crashed machine
> +         over FireWire. This employs remote DMA as part of the OHCI1394
> +         specification which is now the standard for FireWire controllers.
> +
> +         With remote DMA, you can monitor the printk buffer remotely using
> +         firescope and access all memory below 4GB using fireproxy from gdb.
> +         Even controlling a kernel debugger is possible using remote DMA.
> +
> +         Usage:
> +
> +         If ohci1394_dma=early is used as boot parameter, it will initialize
> +         all OHCI1394 controllers which are found in the PCI config space.
> +
> +         As all changes to the FireWire bus such as enabling and disabling
> +         devices cause a bus reset and thereby disable remote DMA for all
> +         devices, be sure to have the cable plugged and FireWire enabled on
> +         the debugging host before booting the debug target for debugging.
> +
> +         This code (~1k) is freed after boot. By then, the firewire stack
> +         in charge of the OHCI-1394 controllers should be used instead.
> +
> +         See Documentation/debugging-via-ohci1394.txt for more information.
> +
> +config DMA_API_DEBUG
> +       bool "Enable debugging of DMA-API usage"
> +       depends on HAVE_DMA_API_DEBUG
> +       help
> +         Enable this option to debug the use of the DMA API by device drivers.
> +         With this option you will be able to detect common bugs in device
> +         drivers like double-freeing of DMA mappings or freeing mappings that
> +         were never allocated.
> +
> +         This also attempts to catch cases where a page owned by DMA is
> +         accessed by the cpu in a way that could cause data corruption.  For
> +         example, this enables cow_user_page() to check that the source page is
> +         not undergoing DMA.
> +
> +         This option causes a performance degradation.  Use only if you want to
> +         debug device drivers and dma interactions.
> +
> +         If unsure, say N.
> +
>  menu "Runtime Testing"
>
>  config LKDTM
> @@ -1749,56 +1797,6 @@ config TEST_PARMAN
>
>           If unsure, say N.
>
> -endmenu # runtime tests
> -
> -config PROVIDE_OHCI1394_DMA_INIT
> -       bool "Remote debugging over FireWire early on boot"
> -       depends on PCI && X86
> -       help
> -         If you want to debug problems which hang or crash the kernel early
> -         on boot and the crashing machine has a FireWire port, you can use
> -         this feature to remotely access the memory of the crashed machine
> -         over FireWire. This employs remote DMA as part of the OHCI1394
> -         specification which is now the standard for FireWire controllers.
> -
> -         With remote DMA, you can monitor the printk buffer remotely using
> -         firescope and access all memory below 4GB using fireproxy from gdb.
> -         Even controlling a kernel debugger is possible using remote DMA.
> -
> -         Usage:
> -
> -         If ohci1394_dma=early is used as boot parameter, it will initialize
> -         all OHCI1394 controllers which are found in the PCI config space.
> -
> -         As all changes to the FireWire bus such as enabling and disabling
> -         devices cause a bus reset and thereby disable remote DMA for all
> -         devices, be sure to have the cable plugged and FireWire enabled on
> -         the debugging host before booting the debug target for debugging.
> -
> -         This code (~1k) is freed after boot. By then, the firewire stack
> -         in charge of the OHCI-1394 controllers should be used instead.
> -
> -         See Documentation/debugging-via-ohci1394.txt for more information.
> -
> -config DMA_API_DEBUG
> -       bool "Enable debugging of DMA-API usage"
> -       depends on HAVE_DMA_API_DEBUG
> -       help
> -         Enable this option to debug the use of the DMA API by device drivers.
> -         With this option you will be able to detect common bugs in device
> -         drivers like double-freeing of DMA mappings or freeing mappings that
> -         were never allocated.
> -
> -         This also attempts to catch cases where a page owned by DMA is
> -         accessed by the cpu in a way that could cause data corruption.  For
> -         example, this enables cow_user_page() to check that the source page is
> -         not undergoing DMA.
> -
> -         This option causes a performance degradation.  Use only if you want to
> -         debug device drivers and dma interactions.
> -
> -         If unsure, say N.
> -
>  config TEST_LKM
>         tristate "Test module loading with 'hello world' module"
>         default n
> @@ -1873,18 +1871,6 @@ config TEST_UDELAY
>
>           If unsure, say N.
>
> -config MEMTEST
> -       bool "Memtest"
> -       depends on HAVE_MEMBLOCK
> -       ---help---
> -         This option adds a kernel parameter 'memtest', which allows memtest
> -         to be set.
> -               memtest=0, mean disabled; -- default
> -               memtest=1, mean do 1 test pattern;
> -               ...
> -               memtest=17, mean do 17 test patterns.
> -         If you are unsure how to answer this question, answer N.
> -
>  config TEST_STATIC_KEYS
>         tristate "Test static keys"
>         default n
> @@ -1894,16 +1880,6 @@ config TEST_STATIC_KEYS
>
>           If unsure, say N.
>
> -config BUG_ON_DATA_CORRUPTION
> -       bool "Trigger a BUG when data corruption is detected"
> -       select DEBUG_LIST
> -       help
> -         Select this option if the kernel should BUG when it encounters
> -         data corruption in kernel memory structures when they get checked
> -         for validity.
> -
> -         If unsure, say N.
> -
>  config TEST_KMOD
>         tristate "kmod stress tester"
>         default n
> @@ -1941,6 +1917,29 @@ config TEST_DEBUG_VIRTUAL
>
>           If unsure, say N.
>
> +endmenu # runtime tests
> +
> +config MEMTEST
> +       bool "Memtest"
> +       depends on HAVE_MEMBLOCK
> +       ---help---
> +         This option adds a kernel parameter 'memtest', which allows memtest
> +         to be set.
> +               memtest=0, mean disabled; -- default
> +               memtest=1, mean do 1 test pattern;
> +               ...
> +               memtest=17, mean do 17 test patterns.
> +         If you are unsure how to answer this question, answer N.
> +
> +config BUG_ON_DATA_CORRUPTION
> +       bool "Trigger a BUG when data corruption is detected"
> +       select DEBUG_LIST
> +       help
> +         Select this option if the kernel should BUG when it encounters
> +         data corruption in kernel memory structures when they get checked
> +         for validity.
> +
> +         If unsure, say N.
>
>  source "samples/Kconfig"
>
>
>



-- 
Kees Cook
Pixel Security

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ