hardening: Move BUG_ON_DATA_CORRUPTION to hardening options

BUG_ON_DATA_CORRUPTION is turning detected corruptions of list data structures from WARNings into BUGs. This can be useful to stop further corruptions or even exploitation attempts. However, the option has less to do with debugging than with hardening. With the introduction of LIST_HARDENED, it makes more sense to move it to the hardening options, where it selects LIST_HARDENED instead. Without this change, combining BUG_ON_DATA_CORRUPTION with LIST_HARDENED alone wouldn't be possible, because DEBUG_LIST would always be selected by BUG_ON_DATA_CORRUPTION. Signed-off-by: Marco Elver <elver@google.com> Link: https://lore.kernel.org/r/20230811151847.1594958-4-elver@google.com Signed-off-by: Kees Cook <keescook@chromium.org>
author: Marco Elver <elver@google.com> 2023-08-11 17:18:41 +0200
committer: Kees Cook <keescook@chromium.org> 2023-08-15 14:57:25 -0700
commit: aa9f10d57056cea51d41283d3785bccbbb9f459e (patch)
tree: 712f14060857e79e26767cf46bd5e767592d422b /security
parent: aebc7b0d8d91bbc69e976909963046bc48bca4fd (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/security/Kconfig.hardening b/security/Kconfig.hardening
index ffc3c702b461..2cff851ebfd7 100644
--- a/security/Kconfig.hardening
+++ b/security/Kconfig.hardening
@@ -290,6 +290,16 @@ config LIST_HARDENED
 
 	  If unsure, say N.
 
+config BUG_ON_DATA_CORRUPTION
+	bool "Trigger a BUG when data corruption is detected"
+	select LIST_HARDENED
+	help
+	  Select this option if the kernel should BUG when it encounters
+	  data corruption in kernel memory structures when they get checked
+	  for validity.
+
+	  If unsure, say N.
+
 endmenu
 
 config CC_HAS_RANDSTRUCT
author	Marco Elver <elver@google.com>	2023-08-11 17:18:41 +0200
committer	Kees Cook <keescook@chromium.org>	2023-08-15 14:57:25 -0700
commit	aa9f10d57056cea51d41283d3785bccbbb9f459e (patch)
tree	712f14060857e79e26767cf46bd5e767592d422b /security
parent	aebc7b0d8d91bbc69e976909963046bc48bca4fd (diff)