[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200324164220.GC2518746@kroah.com>
Date: Tue, 24 Mar 2020 17:42:20 +0100
From: Greg KH <gregkh@...uxfoundation.org>
To: Will Deacon <will@...nel.org>
Cc: linux-kernel@...r.kernel.org, Eric Dumazet <edumazet@...gle.com>,
Jann Horn <jannh@...gle.com>,
Kees Cook <keescook@...omium.org>,
Maddie Stone <maddiestone@...gle.com>,
Marco Elver <elver@...gle.com>,
"Paul E . McKenney" <paulmck@...nel.org>,
Peter Zijlstra <peterz@...radead.org>,
Thomas Gleixner <tglx@...utronix.de>, kernel-team@...roid.com,
kernel-hardening@...ts.openwall.com
Subject: Re: [RFC PATCH 10/21] kernel-hacking: Make
DEBUG_{LIST,PLIST,SG,NOTIFIERS} non-debug options
On Tue, Mar 24, 2020 at 03:36:32PM +0000, Will Deacon wrote:
> The CONFIG_DEBUG_{LIST,PLIST,SG,NOTIFIERS} options can provide useful
> security hardening properties outside of debug scenarios. For example,
> CVE-2019-2215 and CVE-2019-2025 are mitigated with negligible runtime
> overhead by enabling CONFIG_DEBUG_LIST, and this option is already
> enabled by default on many distributions:
>
> https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html
>
> Rename these options across the tree so that the naming better reflects
> their operation and remove the dependency on DEBUG_KERNEL.
>
> Cc: Maddie Stone <maddiestone@...gle.com>
> Cc: Jann Horn <jannh@...gle.com>
> Cc: Kees Cook <keescook@...omium.org>
> Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org
> Cc: Paul E. McKenney <paulmck@...nel.org>
> Cc: Peter Zijlstra <peterz@...radead.org>
> Signed-off-by: Will Deacon <will@...nel.org>
Reviewed-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Powered by blists - more mailing lists