On Thu, Jan 19, 2023 at 04:26:55PM -0800, Kees Cook wrote:
Hi,
I'd like to ask that the oops_limit series get included in -stable releases. It's a recommended defense developed while writing this report: https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-...
I've had a few people ask about having it in -stable, for example: https://lore.kernel.org/lkml/20230119201023.4003-1-sj@kernel.org
This is the series:
9360d035a579 panic: Separate sysctl logic from CONFIG_SMP d4ccd54d28d3 exit: Put an upper limit on how often we can oops 9db89b411170 exit: Expose "oops_count" to sysfs de92f65719cd exit: Allow oops_limit to be disabled 79cc1ba7badf panic: Consolidate open-coded panic_on_warn checks 9fc9e278a5c0 panic: Introduce warn_limit 8b05aa263361 panic: Expose "warn_count" to sysfs 00dd027f721e docs: Fix path paste-o for /sys/kernel/warn_count 7535b832c639 exit: Use READ_ONCE() for all oops/warn limit reads
For v6.1.x they apply cleanly and behave as expected.
All now queued up.
I'm hoping someone can step up and do backports for v5.15.x and earlier, as there appear to be a number of conflicts and I'm swamped with other stuff to do. :P
If any distro/release cares about 5.15.y and earlier, I will be glad to take backports.
thanks,
greg k-h