CRED: Add some configurable debugging [try #6]
Add a config option (CONFIG_DEBUG_CREDENTIALS) to turn on some debug checking for credential management. The additional code keeps track of the number of pointers from task_structs to any given cred struct, and checks to see that this number never exceeds the usage count of the cred struct (which includes all references, not just those from task_structs). Furthermore, if SELinux is enabled, the code also checks that the security pointer in the cred struct is never seen to be invalid. This attempts to catch the bug whereby inode_has_perm() faults in an nfsd kernel thread on seeing cred->security be a NULL pointer (it appears that the credential struct has been previously released): http://www.kerneloops.org/oops.php?number=252883 Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
David Howells
committed by
James Morris
James Morris
parent
ed6d76e4c3
commit
e0e817392b
@@ -653,6 +653,21 @@ config DEBUG_NOTIFIERS
|
||||
This is a relatively cheap check but if you care about maximum
|
||||
performance, say N.
|
||||
|
||||
config DEBUG_CREDENTIALS
|
||||
bool "Debug credential management"
|
||||
depends on DEBUG_KERNEL
|
||||
help
|
||||
Enable this to turn on some debug checking for credential
|
||||
management. The additional code keeps track of the number of
|
||||
pointers from task_structs to any given cred struct, and checks to
|
||||
see that this number never exceeds the usage count of the cred
|
||||
struct.
|
||||
|
||||
Furthermore, if SELinux is enabled, this also checks that the
|
||||
security pointer in the cred struct is never seen to be invalid.
|
||||
|
||||
If unsure, say N.
|
||||
|
||||
#
|
||||
# Select this config option from the architecture Kconfig, if it
|
||||
# it is preferred to always offer frame pointers as a config
|
||||
|
||||
Reference in New Issue
Block a user