From patchwork Thu Jun  6 09:26:50 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Po-Hsu Lin <po-hsu.lin@canonical.com>
X-Patchwork-Id: 1110978
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 45KL0L3z1fz9sNp;
	Thu,  6 Jun 2019 19:27:14 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1hYofr-0004LF-Hj; Thu, 06 Jun 2019 09:27:07 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <po-hsu.lin@canonical.com>)
	id 1hYofq-0004Je-4I
	for kernel-team@lists.ubuntu.com; Thu, 06 Jun 2019 09:27:06 +0000
Received: from mail-pl1-f198.google.com ([209.85.214.198])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <po-hsu.lin@canonical.com>)
	id 1hYofp-0002rM-L7
	for kernel-team@lists.ubuntu.com; Thu, 06 Jun 2019 09:27:05 +0000
Received: by mail-pl1-f198.google.com with SMTP id c3so1147971plr.16
	for <kernel-team@lists.ubuntu.com>;
	Thu, 06 Jun 2019 02:27:05 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=DUdbPxXlGSaiXWJ7lvAEOimBFnpke433gw+0KRb9wHI=;
	b=ZyVOZXoC5yVfIlaAaY0w0gxavSTCpVRKKgigDnoEbQp5R0eU9I578Wj2+Wldi5yEvO
	NVaiFUPixkNqAG2jbGe/tB+OYVvnf9ql0Z+oh9Q5IgAGDkRWk8leH/fqyC9D7AFklP9P
	klw2zVNxgzAwrDQEbebEx/f4X2z+tJG9EzVZHGDbPbIQD6Gf+I2CFiPwxAtSeD8P0Bpc
	l4uvIpnqw5zMDUCtIlcGJJMiY5WC6zYFAdcQCDYwSHzvNeoEAsb9AtkzVK1K7E7QSztQ
	tKne2JVlqTGfn06HMNeY8N+gAAFivstC4qyJZ/jBSl629nv+eOB/2gqHC3F7NCtmn3o5
	PkzA==
X-Gm-Message-State: APjAAAXrW7rajXsYPUsqJdkFFboFp7K/NDqz6rPeyDzaiCRJM78gHBzS
	3k8KqhgYL4UK0SGiH3j1bwSFba5donb0fbVa4N6rF8K3BuXvjh/1LGPWD7o1EDSnetCR3el7Ops
	b7GwZ8c4Z7OtqH3FNLWLTx5clREBPwxrPjS4saAwj
X-Received: by 2002:a17:90a:ca09:: with SMTP id
	x9mr49199962pjt.105.1559813224134;
	Thu, 06 Jun 2019 02:27:04 -0700 (PDT)
X-Google-Smtp-Source: 
 APXvYqwf1kOXmBK4+GLxzH2CyNHyVUNg3Ge8wpe7B4GBq8Dku5/LVn+6R+nj/2JzbOngCnVzejer5Q==
X-Received: by 2002:a17:90a:ca09:: with SMTP id
	x9mr49199940pjt.105.1559813223823;
	Thu, 06 Jun 2019 02:27:03 -0700 (PDT)
Received: from Leggiero.taipei.internal (61-220-137-37.HINET-IP.hinet.net.
	[61.220.137.37]) by smtp.gmail.com with ESMTPSA id
	139sm1687989pfw.152.2019.06.06.02.27.02
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 06 Jun 2019 02:27:03 -0700 (PDT)
From: Po-Hsu Lin <po-hsu.lin@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [B/linux-kvm][C/linux-kvm][D/linux-kvm][SRU][PATCH 1/1] UBUNTU:
	[Config]: enable SCHED_STACK_END_CHECK
Date: Thu,  6 Jun 2019 17:26:50 +0800
Message-Id: <20190606092651.1135-2-po-hsu.lin@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20190606092651.1135-1-po-hsu.lin@canonical.com>
References: <20190606092651.1135-1-po-hsu.lin@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

BugLink: https://bugs.launchpad.net/bugs/1812159

Security team requires the SCHED_STACK_END_CHECK config to be enabled
on all of our kernel.

This option checks for a stack overrun on calls to schedule(). If the
stack end location is found to be over written always panic as the
content of the corrupted region can no longer be trusted. This is to
ensure no erroneous behaviour occurs which could result in data
corruption or a sporadic crash at a later stage once the region is
examined. The runtime overhead introduced is minimal.

Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
---
 debian.kvm/config/config.common.ubuntu | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian.kvm/config/config.common.ubuntu b/debian.kvm/config/config.common.ubuntu
index 965b25a..5f66988 100644
--- a/debian.kvm/config/config.common.ubuntu
+++ b/debian.kvm/config/config.common.ubuntu
@@ -2013,7 +2013,7 @@ CONFIG_SCHED_MC=y
 CONFIG_SCHED_MC_PRIO=y
 # CONFIG_SCHED_OMIT_FRAME_POINTER is not set
 CONFIG_SCHED_SMT=y
-# CONFIG_SCHED_STACK_END_CHECK is not set
+CONFIG_SCHED_STACK_END_CHECK=y
 # CONFIG_SCIF_BUS is not set
 CONFIG_SCSI=y
 # CONFIG_SCSI_3W_9XXX is not set