On Thu, Mar 18, 2021 at 01:56:05PM +0100, Vlastimil Babka wrote: > I was going to suggest adding a panic_on_taint parameter... but turns out it was > already added last year! And various memory corruption detections already use > TAINT_BAD_PAGE, including SLUB. > If anything's missing an add_taint() it can be added, and with the parameter you > should get what you want. Ah-ha! That works too. I hadn't seen that -- I wonder if I can wire some other hardening things up to that. (e.g. refactor BUG_ON_CORRUPTION finally.) -- Kees Cook
