>
> It's a Linux kernel module that performs runtime integrity checking of the
> kernel and detects kernel vulnerability exploits. The aim of LKRG anti-exploit
> functionality is to detect specific kernel data corruption performed during vulnerability
> exploitation
>
> Что из перечисленого является хоть каким-то аналогом упомянутого?Вас, зубоногих уже вроде бы ткнули:
> A kernel compiled with the INVARIANTS configuration option attempts to
> detect memory corruption caused by such things as writing outside the
> allocated area and imbalanced calls to the malloc() and free() functions
kern/kern_malloc.c
#ifdef INVARIANTS
...
KASSERT(mtp->ks_magic == M_MAGIC, ("malloc: bad malloc type magic"));
/*
* Check that exactly one of M_WAITOK or M_NOWAIT is specified.
*/...
#ifdef INVARIANTS
mtrash_ctor, mtrash_dtor, mtrash_init, mtrash_fini,
kern/subr_sbuf.c
#if defined(_KERNEL) && defined(INVARIANTS)
static void
...
#define assert_sbuf_integrity(s) _assert_sbuf_integrity(__func__, (s))
#define assert_sbuf_state(s, i) _assert_sbuf_state(__func__, (s), (i))#else /* _KERNEL && INVARIANTS */
#define assert_sbuf_integrity(s) do { } while (0)
#define assert_sbuf_state(s, i) do { } while (0)
#endif /* _KERNEL && INVARIANTS */
netpfil/pf/pf.c
#ifdef INVARIANTS
struct pf_keyhash *kh = &V_pf_keyhash[pf_hashkey(sk)]; PF_HASHROW_ASSERT(kh);
net/bpf_buffer.c
#ifdef INVARIANTS
d->bd_sbuf = d->bd_hbuf = d->bd_fbuf = (caddr_t)~0;
kern/uipc_socket.c
#ifdef INVARIANTS
bzero(&so->so_rcv,
sizeof(struct socket) - offsetof(struct socket, so_rcv));
#endif
и т.д.
