[PATCH 4/8] UBUNTU: [Config] Enable scatterlist validation
Tyler Hicks
tyhicks at canonical.com
Sun Jan 19 13:10:25 UTC 2020
BugLink: https://launchpad.net/bugs/1855336
Enable CONFIG_DEBUG_SG to perform sanity checks when performing
operations on scatterlists. If a sanity check fails a loud warning is
printed to the logs.
This change may help in detection of an attack that relies on
scatterlist manipulation.
Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
debian.master/config/annotations | 3 ++-
debian.master/config/config.common.ubuntu | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/debian.master/config/annotations b/debian.master/config/annotations
index 3ce3a62a8d7d..5bd7b6a2bda2 100644
--- a/debian.master/config/annotations
+++ b/debian.master/config/annotations
@@ -10623,7 +10623,7 @@ CONFIG_DEBUG_KOBJECT policy<{'amd64': 'n', 'arm64': '
CONFIG_DEBUG_BUGVERBOSE policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}>
CONFIG_DEBUG_LIST policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}>
CONFIG_DEBUG_PLIST policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}>
-CONFIG_DEBUG_SG policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}>
+CONFIG_DEBUG_SG policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}>
CONFIG_DEBUG_NOTIFIERS policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}>
CONFIG_DEBUG_CREDENTIALS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}>
CONFIG_DEBUG_WQ_FORCE_RR_CPU policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'i386': 'n', 'ppc64el': 'n', 's390x': 'n'}>
@@ -10633,6 +10633,7 @@ CONFIG_LATENCYTOP policy<{'amd64-generic': 'n', 'a
#
CONFIG_DEBUG_LIST mark<ENFORCED> note<LP:1855334>
CONFIG_DEBUG_CREDENTIALS mark<ENFORCED> note<LP:1855335>
+CONFIG_DEBUG_SG mark<ENFORCED> note<LP:1855336>
CONFIG_LATENCYTOP mark<ENFORCED> note<https://lists.ubuntu.com/archives/kernel-team/2014-July/045006.html, LP#1655986>
# Menu: Kernel hacking >> Kernel debugging >> Architecture: arm
diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
index f989a8ba30ca..46309da0e559 100644
--- a/debian.master/config/config.common.ubuntu
+++ b/debian.master/config/config.common.ubuntu
@@ -2346,7 +2346,7 @@ CONFIG_DEBUG_MISC=y
# CONFIG_DEBUG_RT_MUTEXES is not set
# CONFIG_DEBUG_RWSEMS is not set
# CONFIG_DEBUG_SECTION_MISMATCH is not set
-# CONFIG_DEBUG_SG is not set
+CONFIG_DEBUG_SG=y
# CONFIG_DEBUG_SHIRQ is not set
# CONFIG_DEBUG_SPINLOCK is not set
# CONFIG_DEBUG_STACKOVERFLOW is not set
--
2.17.1
More information about the kernel-team
mailing list