10 go via their respective subsystems, and once all
of those are in Linus's tree, send patch 11 as a stand-alone PR.
(From patch 11, it looks like the seccomp read/write function changes
could be split out? I'll do that now...)
-Kees
--
Kees Cook
goto end_coredump;
>
> - /* For cell spufs */
> + /* For cell spufs and x86 xstate */
> if (elf_coredump_extra_notes_write(cprm))
> goto end_coredump;
>
> diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h
> index b54b313bcf07..e30a9b47dc87 100644
> --- a/include/uapi/linux/elf.h
> +++ b/include/uapi/linux/elf.h
> @@ -411,6 +411,7 @@ typedef struct elf64_shdr {
> #define NT_X86_XSTATE0x202 /* x86 extended state using
> xsave */
> /* Old binutils treats 0x203 as a CET state */
> #define NT_X86_SHSTK 0x204 /* x86 SHSTK state */
> +#define NT_X86_XSAVE_LAYOUT 0x205 /* XSAVE layout description */
> #define NT_S390_HIGH_GPRS0x300 /* s390 upper register halves */
> #define NT_S390_TIMER0x301 /* s390 timer register */
> #define NT_S390_TODCMP 0x302 /* s390 TOD clock comparator
> register */
> --
> 2.34.1
>
Otherwise looks good. I'd like to see feedback from Intel folks too.
Thanks for working on this!
-Kees
--
Kees Cook
pseries.c
@@ -1018,7 +1018,8 @@ static struct crypto_alg nx842_pseries_alg = {
.cra_driver_name= "842-nx",
.cra_priority = 300,
.cra_flags = CRYPTO_ALG_TYPE_COMPRESS,
- .cra_ctxsize= sizeof(struct nx842_crypto_ctx),
+ .cra_ctxsize= struct_size_t(struct nx842_crypto_ctx,
header.group,
+ NX842_CRYPTO_GROUP_MAX),
.cra_module = THIS_MODULE,
.cra_init = nx842_pseries_crypto_init,
.cra_exit = nx842_crypto_exit,
--
Kees Cook
lace macro "ARCH_HAVE_EXTRA_ELF_NOTES" with kconfig
https://git.kernel.org/kees/c/a9c3475dd67b
Take care,
--
Kees Cook
ktraces
> arm64: Add support for suppressing warning backtraces
> loongarch: Add support for suppressing warning backtraces
> parisc: Add support for suppressing warning backtraces
> s390: Add support for suppressing warning backtraces
> sh: Add support for suppressi
nzo Frascino
> Cc: Anna-Maria Behnsen
> See-also: 8b3843ae3634 ("vdso/datapage: Quick fix - use asm/page-def.h for
> ARM64")
> Signed-off-by: Arnd Bergmann
Thanks for tracking this!
Reviewed-by: Kees Cook
--
Kees Cook
return 0; }
> #else
> diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h
> index 9417309b7230..3325488cb39b 100644
> --- a/include/uapi/linux/elf.h
> +++ b/include/uapi/linux/elf.h
> @@ -411,6 +411,7 @@ typedef struct elf64_shdr {
> #define NT_X86_XSTATE0x202 /* x86 extended state using
> xsave */
> /* Old binutils treats 0x203 as a CET state */
> #define NT_X86_SHSTK 0x204 /* x86 SHSTK state */
> +#define NT_X86_XSAVE_LAYOUT 0x205 /* XSAVE layout description */
> #define NT_S390_HIGH_GPRS0x300 /* s390 upper register halves */
> #define NT_S390_TIMER0x301 /* s390 timer register */
> #define NT_S390_TODCMP 0x302 /* s390 TOD clock comparator
> register */
> --
> 2.43.0
>
Otherwise looks reasonable, though I see Dave has feedback to address
too. :)
Thanks for working on this!
-Kees
--
Kees Cook
On Tue, Mar 12, 2024 at 10:02:59AM -0700, Guenter Roeck wrote:
> Document API functions for suppressing warning backtraces.
>
> Signed-off-by: Guenter Roeck
Reviewed-by: Kees Cook
--
Kees Cook
t; the affected architectures / platforms fixed.
>
> Signed-off-by: Guenter Roeck
Reviewed-by: Kees Cook
--
Kees Cook
rning, _warnings, node) {
> - if (!strcmp(function, warning->function))
> + if (!strcmp(function, warning->function)) {
> + warning->counter++;
> return true;
> + }
> }
> return false;
> }
> --
> 2.39.2
>
Reviewed-by: Kees Cook
--
Kees Cook
> Solve the problem by providing a means to identify and suppress specific
> warning backtraces while executing test code.
>
> Cc: Dan Carpenter
> Cc: Daniel Diaz
> Cc: Naresh Kamboju
> Cc: Kees Cook
> Signed-off-by: Guenter Roeck
Yup, this looks fine to me.
Reviewed-by: Kees Cook
--
Kees Cook
rg/kees/c/3fe1eb4dd2e4
Take care,
--
Kees Cook
On Sat, Mar 02, 2024 at 12:47:08AM +, Edgecombe, Rick P wrote:
> On Wed, 2024-02-28 at 09:21 -0800, Kees Cook wrote:
> > I totally understand. If the "uninitialized" warnings were actually
> > reliable, I would agree. I look at it this way:
> >
> > -
as a whole. Yes, individual cases maybe bad
("what uid should this be? root?!") but from a general memory safety
perspective the value doesn't become potentially influenced by order of
operations, leftover stack memory, etc.
I'd agree, lifting everything into a static initializer does seem
cleanest of all the choices.
-Kees
--
Kees Cook
one cleanup that is possible from explicitly zero-initializing the
whole structure would be dropping all the individual "= 0" assignments.
:)
--
Kees Cook
| 2 +-
> scripts/min-tool-version.sh | 2 +-
> scripts/recordmcount.pl | 2 +-
> security/Kconfig | 2 --
> 14 files changed, 15 insertions(+), 57 deletions(-)
> ---
> base-commit: 979741ebd48f75ed6d101c7290e3325340d361ff
> change-id: 20240124-bump-min-llvm-ver-to-13-0-1-39f84dd36b19
>
> Best regards,
> --
> Nathan Chancellor
>
Yes, please. :) This looks reasonable -- I appreciate the review of
default Clang versions across distros!
Reviewed-by: Kees Cook
--
Kees Cook
"
Cc: Mahesh Salgaonkar
Cc: Vasant Hegde
Cc: dingsenjie
Cc: linuxppc-dev@lists.ozlabs.org
Cc: Aneesh Kumar K.V
Cc: Naveen N. Rao
Signed-off-by: Kees Cook
---
arch/powerpc/platforms/powernv/opal-prd.c | 2 +-
arch/powerpc/xmon/xmon.c | 2 +-
2 files changed, 2 insertions(+),
Nathan Chancellor
>
Excellent! Thanks for doing this. I spot checked a handful I was
familiar with and everything looks good to me.
Reviewed-by: Kees Cook
--
Kees Cook
");
>> +}
>> }
>> -#elif defined(CONFIG_ARCH_HAS_STRICT_KERNEL_RWX)
>> -static inline void mark_readonly(void)
>> -{
>> -pr_warn("Kernel memory protection not selected by kernel config.\n");
>> -}
>> -#else
>> -static inline void mark_readonly(void)
>> -{
>> -pr_warn("This architecture does not have kernel memory protection.\n");
>> -}
>> -#endif
>>
>> void __weak free_initmem(void)
>> {
>> --
>> 2.41.0
--
Kees Cook
ed-strings
> [1]
> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html
> [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-harden...@vger.kernel.org
> Signed-off-by: Justin Stitt
Agreed; this conversion looks correct to me too.
Reviewed-by: Kees Cook
--
Kees Cook
gt; [1]
> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html
> [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-harden...@vger.kernel.org
> Signed-off-by: Justin Stitt
Yeah, this conversion looks correct to me too.
Reviewed-by: Kees Co
he net
> kunit tests via kconfig.
>
> gcc-12.2.0 can compile it after this simple s//g "fix":
>
> diff --git a/net/core/gso_test.c b/net/core/gso_test.c
> --- a/net/core/gso_test.c
> +++ b/net/core/gso_test.c
> @@ -4,7 +4,7 @@
> #include
>
> s
s.debian.org/testing/linux-manual-4.8/strscpy.9.en.html
> [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-harden...@vger.kernel.org
> Signed-off-by: Justin Stitt
Thanks, this looks right to me.
Reviewed-by: Kees Cook
--
Kees Cook
ero-initialized:
> | char buf[8] = { 0 };
>
> [...]
Applied to for-next/hardening, thanks! (I've updated the Subject here
and with the older "refactor" subjects...)
Take care,
--
Kees Cook
$ make headers
> $ make -j -C tools/testing/selftests install
> $ grep -c "^powerpc"
> tools/testing/selftests/kselftest_install/kselftest-list.txt
> 182
>
> Fixes: d4e59a536f50 ("selftests: Use runner.sh for emit targets")
> Signed-off-by: Michael Ellerman
Reviewed-by: Kees Cook
--
Kees Cook
[1]
> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html
> [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-harden...@vger.kernel.org
> Signed-off-by: Justin Stitt
Looks like a straight replacement. Thanks!
Reviewed-by: Kees Cook
--
Kees Cook
th `size_add()`.
>
> Fixes: 3f1071ec39f7 ("net: spider_net: Use struct_size() helper")
> Signed-off-by: Gustavo A. R. Silva
Reviewed-by: Kees Cook
--
Kees Cook
id pitfalls like this one, and they expect others to do
> their
> homework for them.
Well I'm not sure that's entirely fair to Justin's efforts (I know he's
been studying these changes and everyone makes mistakes), but that's why
I'm helping review his findings -- some code behaviors are more obvious
than others. :)
--
Kees Cook
. Imagine a name
input of "fan#2-data". "buf" wants to get "2". copy_len is 1, and
strscpy would eat it. :)
-Kees
>
> err = kstrtou32(buf, 10, index);
> if (err)
>
> ---
> base-commit: 3669558bdf354cd352be955ef2764cde6a9bf5ec
> change-id: 20230914-strncpy-drivers-hwmon-ibmpowernv-c-80a03f16d93a
>
> Best regards,
> --
> Justin Stitt
>
--
Kees Cook
On Fri, Sep 01, 2023 at 04:58:37PM +0900, Masahiro Yamada wrote:
> On Fri, Sep 1, 2023 at 4:13 AM Kees Cook wrote:
> >
> > Currently the Kconfig fragments in kernel/configs and arch/*/configs
> > that aren't used internally aren't discoverable through "make help",
&
Cc: x...@kernel.org
Cc: linux-arm-ker...@lists.infradead.org
Cc: linuxppc-dev@lists.ozlabs.org
Cc: linux-ri...@lists.infradead.org
Cc: linux-s...@vger.kernel.org
Cc: linux-kbu...@vger.kernel.org
Cc: linux-harden...@vger.kernel.org
Signed-off-by: Kees Cook
Co-developed-by: Masahiro Yamada
---
v3:
you! Do you want to send a
formal patch? Please consider it:
Reviewed-by: Kees Cook
--
Kees Cook
is
especially useful for powerpc where most of the arch fragments aren't
intended to be consumed individually.
Cc: Masahiro Yamada
Cc: x...@kernel.org
Cc: linuxppc-dev@lists.ozlabs.org
Cc: linux-kbu...@vger.kernel.org
Suggested-by: Michael Ellerman
Signed-off-by: Kees Cook
---
a
x86-specific options for a Xen virtualization guest
Cc: Masahiro Yamada
Cc: x...@kernel.org
Cc: linux-arm-ker...@lists.infradead.org
Cc: linuxppc-dev@lists.ozlabs.org
Cc: linux-ri...@lists.infradead.org
Cc: linux-s...@vger.kernel.org
Signed-off-by: Kees Cook
---
Makefile
24223606.never.762-k...@kernel.org
Thanks!
-Kees
Kees Cook (2):
kbuild: Show Kconfig fragments in "help"
kbuild: Split internal config targets from .config into .fragment
Makefile | 1 -
arch/arm/configs/dram_0x.config | 1 +
ar
On Fri, Aug 25, 2023 at 04:11:58PM +1000, Michael Ellerman wrote:
> Kees Cook writes:
> > Doing a "make help" would show only hard-coded Kconfig targets and
> > depended on the archhelp target to include ".config" targets. There was
> > nothing show
On Fri, Aug 25, 2023 at 07:44:06AM +0200, Nicolas Schier wrote:
> On Thu, Aug 24, 2023 at 03:36:10PM -0700, Kees Cook wrote:
> > Doing a "make help" would show only hard-coded Kconfig targets and
> > depended on the archhelp target to include ".config" targets. T
On Fri, Aug 25, 2023 at 04:56:54AM +, Christophe Leroy wrote:
> Le 25/08/2023 à 00:36, Kees Cook a écrit :
> > +# Base hardware support for 86xx
>
> s/86xx/85xx
> [...]
Thanks for the typo fixes! I'll get these all fixed up. :)
--
Kees Cook
On Thu, Aug 24, 2023 at 05:04:02PM -0700, Randy Dunlap wrote:
> Hi Kees,
>
> On 8/24/23 15:36, Kees Cook wrote:
> > Doing a "make help" would show only hard-coded Kconfig targets and
> > depended on the archhelp target to include ".config" targets. Th
arm-ker...@lists.infradead.org
Cc: linuxppc-dev@lists.ozlabs.org
Cc: linux-ri...@lists.infradead.org
Cc: linux-s...@vger.kernel.org
Signed-off-by: Kees Cook
---
Makefile | 1 -
arch/arm/configs/dram_0x.config| 1 +
arch/arm/configs/dram_0xc000.conf
n...@vger.kernel.org
> Signed-off-by: Justin Stitt
Reviewed-by: Kees Cook
--
Kees Cook
memory
> to objects allocated from flash_block_cache, so flash_block_cache must
> be created using kmem_cache_create_usercopy() to mark it safe for user
> access.
>
> Fixes: 6d07d1cd300f ("usercopy: Restrict non-usercopy caches to size 0")
> Signed-off-by: Nathan Lynch
Reviewed-by: Kees Cook
--
Kees Cook
> careful with order of operations. We then have to add index back.
I think for readability, it's better to avoid the function composition.
The index subtraction undoes the earlier addition -- I say just leave it
separate.
i.e. I like option 1 of 3 the best.
-Kees
--
Kees Cook
ffort to remove strlcpy() completely [2], replace
> strlcpy() here with strscpy().
> No return values were used, so direct replacement is safe.
>
> [...]
Applied, thanks!
[1/1] soc: fsl: qe: Replace all non-returning strlcpy with strscpy
(no commit info)
Best regards,
--
Kees Cook
On Mon, Jul 10, 2023 at 04:46:50PM +, Leo Li wrote:
>
>
> > -Original Message-
> > From: Azeem Shaikh
> > Sent: Sunday, July 9, 2023 9:36 PM
> > To: Kees Cook
> > Cc: Qiang Zhao ; linux-harden...@vger.kernel.org;
> > linuxppc-dev@lists.ozl
" feel very similar, and looking at
existing configs, "ARCH_SUPPORTS_..." is already used for doing this
kind of bare "bool" management. e.g. see ARCH_SUPPORTS_INT128
It looks like you need to split "depends" and "select" so the options
can be chosen separately from the "selectable" configs.
How about naming this ARCH_SELECTS_, since that's what it's
there for?
-Kees
--
Kees Cook
ining them.
But ultimately, yeah, everything could gain __counted_by and friends in
the future.
--
Kees Cook
gned-off-by: Azeem Shaikh
Reviewed-by: Kees Cook
--
Kees Cook
nel.org/kees/c/015f6618194e
--
Kees Cook
gned-off-by: Azeem Shaikh
Reviewed-by: Kees Cook
--
Kees Cook
linux...@lists.infradead.org
> Cc: xen-de...@lists.xenproject.org
> Cc: linux-a...@vger.kernel.org
> Cc: linux...@kvack.org
> Tested-by: Pengfei Xu
> Suggested-by: David Hildenbrand
> Signed-off-by: Rick Edgecombe
I'm not an arch maintainer, but it looks like a correct tree-wide
refactor.
Reviewed-by: Kees Cook
--
Kees Cook
rtas_ext_event_log_v6) || ...
>
> Don't all such sites need to be audited/adjusted for changes like this?
Yeah, I'd expect a binary comparison[1] before/after to catch things like
this. E.g. the following C files mention those structs:
arch/powerpc/platforms/pseries/io_event_irq.c
arch/powerpc/platforms/pseries/ras.c
arch/powerpc/kernel/rtasd.c
arch/powerpc/kernel/rtas.c
-Kees
[1] https://outflux.net/blog/archives/2022/06/24/finding-binary-differences/
--
Kees Cook
ttps://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=for-next/execve=cd57e443831d8eeb083c7165bce195d886e216d4
--
Kees Cook
On Thu, Nov 17, 2022 at 03:20:01PM -0800, Linus Torvalds wrote:
> On Thu, Nov 17, 2022 at 2:58 PM Kees Cook wrote:
> >
> > Oh, er, why does get_arg_page() even need FOLL_FORCE? This is writing the
> > new stack contents to the nascent brpm->vma, which was newly allocated
stack contents to the nascent brpm->vma, which was newly allocated
with VM_STACK_FLAGS, which an arch can override, but they all appear to include
VM_WRITE | VM_MAYWRITE.
--
Kees Cook
ick J. Wong # for xfs
> Reviewed-by: SeongJae Park # for damon
> Reviewed-by: Jason Gunthorpe # for infiniband
> Reviewed-by: Russell King (Oracle) # for arm
> Acked-by: Ulf Hansson # for mmc
> Signed-off-by: Jason A. Donenfeld
Reviewed-by: Kees Cook
--
Kees Cook
I = get_random_u32_above(0);
>
> @@
> identifier I;
> @@
> - do {
> ... when != I
> - I = get_random_u32();
> ... when != I
> - } while (I == 0);
> + I = get_random_u32_above(0);
>
> @@
> expression E;
> @@
> - E + 1 + get_random_u32_below(U32_MAX - E)
> + get_random_u32_above(E)
>
> Reviewed-by: Greg Kroah-Hartman
> Signed-off-by: Jason A. Donenfeld
Reviewed-by: Kees Cook
--
Kees Cook
et/bluetooth/mgmt.c | 5 ++--
> net/core/pktgen.c | 25 ---
> net/ipv4/tcp_input.c | 2 +-
> net/ipv6/addrconf.c | 6 ++---
> net/netfilter/nf_nat_helper.c
On November 16, 2022 4:43:54 PM PST, "Jason A. Donenfeld"
wrote:
>On Wed, Nov 16, 2022 at 04:31:18PM -0800, Kees Cook wrote:
>> On Thu, Nov 17, 2022 at 01:03:14AM +0100, Jason A. Donenfeld wrote:
>> > On Thu, Nov 17, 2022 at 12:55:47AM +0100, Jason A. Donenfeld w
k "inclusive" is best. The other words still don't provide
unambiguous language. It's the language used in formal math, e.g.
sigma-notation, etc. It's an adjective for "get random" (verb, noun).
--
Kees Cook
0-99
inclusive, plus 1, so 1-100 inclusive. "Between 1 and 101" is not obvious
to me to mean: 1-100 inclusive.
These seem so much nicer:
get_random_u32_inclusive(1, 1024)
get_random_u32_inclusive(1, 100)
--
Kees Cook
ext merge window to catch any new stuff, and then send those
updates and the removal before -rc1 closes?
--
Kees Cook
[resending because I failed to CC]
On October 7, 2022 7:21:28 PM PDT, "Jason A. Donenfeld" wrote:
>On Fri, Oct 07, 2022 at 03:47:44PM -0700, Kees Cook wrote:
>> On Fri, Oct 07, 2022 at 12:01:03PM -0600, Jason A. Donenfeld wrote:
>> > Rather than incurring a division o
SIZE
>*/
> - r = prandom_u32();
> - align = 1 << ((r % 11) + 1);
> + align = 1 << (prandom_u32_max(11) + 1);
>
> pcpu[i] = __alloc_percpu(size, align);
> if (!pcpu[i])
> @@ -393,14 +387,11 @@ static struct test_driver {
>
> static void shuffle_array(int *arr, int n)
> {
> - unsigned int rnd;
> int i, j;
>
> for (i = n - 1; i > 0; i--) {
> - rnd = prandom_u32();
> -
> /* Cut the range. */
> - j = rnd % i;
> + j = prandom_u32_max(i);
>
> /* Swap indexes. */
> swap(arr[i], arr[j]);
Yup, agrees with Cocci on these.
--
Kees Cook
t;> around
> > >>>>>> get_random_u32() for several releases now, and compiles down to the
> > >>>>>> exact same code. Replace the deprecated wrapper with a direct call to
> > >>>>>> the real function. The same also appl
On Wed, Oct 05, 2022 at 09:55:43PM -0700, Kees Cook wrote:
> If any of the subsystems ask you to break this up (I hope not), I've got
> this[1], which does a reasonable job of splitting a commit up into
> separate commits for each matching subsystem.
[1] https://github.com/kees/kernel-t
.
I usually stick to just mailing lists and subsystem maintainers.
If any of the subsystems ask you to break this up (I hope not), I've got
this[1], which does a reasonable job of splitting a commit up into
separate commits for each matching subsystem.
Showing that a treewide change can be reproduce
gt; the real function.
>
> Signed-off-by: Jason A. Donenfeld
Global search/replace matches. :)
Reviewed-by: Kees Cook
--
Kees Cook
gt; the real function.
Global search/replace matches. :)
Reviewed-by: Kees Cook
--
Kees Cook
On Wed, Oct 05, 2022 at 11:48:44PM +0200, Jason A. Donenfeld wrote:
> With no callers left of prandom_u32() and prandom_bytes(), remove these
> deprecated wrappers.
>
> Signed-off-by: Jason A. Donenfeld
Reviewed-by: Kees Cook
--
Kees Cook
}
>
> - r = prandom_u32() & SFB_MAX_PROB;
> + r = get_random_u16() & SFB_MAX_PROB;
>
> if (unlikely(r < p_min)) {
> if (unlikely(p_min > SFB_MAX_PROB / 2)) {
include/uapi/linux/pkt_sched.h:#define SFB_MAX_PROB 0x
Reviewed-by: Kees Cook
--
Kees Cook
j = rnd % i;
> + j = prandom_u32_max(i);
>
> /* Swap indexes. */
> swap(arr[i], arr[j]);
And some by hand. :)
Reviewed-by: Kees Cook
--
Kees Cook
the breakage! This should be fixed by:
https://lore.kernel.org/lkml/20220929081642.1932200-1-keesc...@chromium.org
--
Kees Cook
ode;
- __u32 event_data;
+ union {
+ __u32 event_data;
+ __DECLARE_FLEX_ARRAY(__u8, event_data_flex);
+ };
} __attribute__((aligned(sizeof(__u64;
--
Kees Cook
le error with PPC_8xx=y")
> Signed-off-by: Gustavo A. R. Silva
Reviewed-by: Kees Cook
--
Kees Cook
/KSPP/linux/issues/198
> Reported-by: kernel test robot
> Link: https://lore.kernel.org/lkml/202209061224.kxorrgvg-...@intel.com/
> Signed-off-by: Gustavo A. R. Silva
Thanks!
Reviewed-by: Kees Cook
--
Kees Cook
T_ENTROPY_PLUGIN when plugin disabled for a
file
https://git.kernel.org/kees/c/2d08c71d2c79
--
Kees Cook
el.
>
> Signed-off-by: Xiu Jianfeng
Reviewed-by: Kees Cook
-Kees
--
Kees Cook
if (req->nbytes < 3 || req->data[2] >= ARRAY_SIZE(adb_handler))
so it's tied to the actual variable (if its size ever changes).
With that:
Reviewed-by: Kees Cook
-Kees
> break;
> mutex_lock(_handler_mutex);
> req->reply[0] = adb_handler[req->data[2]].original_address;
> --
> 2.25.1
>
--
Kees Cook
or-next/hardening, thanks!
[1/1] stack: Declare {randomize_,}kstack_offset to fix Sparse warnings
https://git.kernel.org/kees/c/375561bd6195
--
Kees Cook
;
> Fixes: f9b3cd245784 ("Kconfig.debug: make DEBUG_INFO selectable from a
> choice")
> Cc: sta...@vger.kernel.org
> Cc: Kees Cook
> Signed-off-by: Christophe Leroy
Reviewed-by: Kees Cook
--
Kees Cook
like the much better API here. Also with
> the amount of arguments and by reference passing it might be worth
> to pass them as a structure while you're at it.
Yeah, I agree. It really seems like seq_buf would be nicer.
--
Kees Cook
percpu, etc) memory contents tends to be easier than arbitrary
+ * location memory exposures.
+ */
#define choose_random_kstack_offset(rand) do { \
if (static_branch_maybe(CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT, \
_kstack_offset)) {\
--
Kees Cook
it's hard to develop against -next. :)
Should we give it a try for this coming merge window?
--
Kees Cook
to block the exposure of canaries and PAC bits, though,
so I'm not opposed, but I'd like to get a better sense of how "heavy"
this might be.
Thanks!
-Kees
--
Kees Cook
o
ro_after_init. Honestly, I actually this this patch should be modified
to _add_ a new test for EXEC_RO_AFTER_INIT, and leave the existing
.rodata one alone...
-Kees
--
Kees Cook
t; + return 0;
> +}
> +
> +DEFINE_SIMPLE_ATTRIBUTE(check_wx_fops, NULL, check_wx_debugfs_set, "%llu\n");
> +
> +static int ptdump_check_wx_init(void)
> +{
> + return debugfs_create_file("check_wx_pages", 0200, NULL,
> +NULL, _wx_fops) ? 0 : -ENOMEM;
> +}
> +device_initcall(ptdump_check_wx_init);
> #endif
>
> static int ptdump_init(void)
> --
> 2.25.1
>
--
Kees Cook
werpc/linux.git/log/?h=topic/func-desc-lkdtm
Thanks! I've got some core changes coming for lkdtm, but I'm waiting
until after the merge window to rebase them and get them into -next.
--
Kees Cook
On Wed, Mar 02, 2022 at 12:18:45PM -0800, Linus Torvalds wrote:
> On Wed, Mar 2, 2022 at 12:07 PM Kees Cook wrote:
> >
> > I've long wanted to change kfree() to explicitly set pointers to NULL on
> > free. https://github.com/KSPP/linux/issues/87
>
> We've had this dis
them into something like kfree_no_null()
and redefine kfree() itself:
#define kfree_no_null(x) do { void *__ptr = (x); __kfree(__ptr); } while (0)
#define kfree(x) do { __kfree(x); x = NULL; } while (0)
--
Kees Cook
atch
$ split-on-maintainer treewide.patch
$ ls 0*.patch
If you have a build log before the patch that spits out warnings, the
--build-log argument can extract those warnings on a per-file basis, too
(though this can be fragile).
--
Kees Cook
y
shadows variables. :)
Another way to try to catch misused shadow variables is
-Wunused-but-set-varible, but it, too, has tons of false positives.
I tried to capture some of the rationale and research here:
https://github.com/KSPP/linux/issues/152
--
Kees Cook
On Thu, Feb 24, 2022 at 08:58:20AM +, David Laight wrote:
> From: Kees Cook
> > Sent: 24 February 2022 06:04
> >
> > Under CONFIG_HARDENED_USERCOPY=y, when exact stack frame boundary checking
> > is not available (i.e. everything except x86 with FRAME_POINTER
Cc: Andrew Morton
Cc: linux...@kvack.org
Reported-by: Muhammad Usama Anjum
Signed-off-by: Kees Cook
---
v1: https://lore.kernel.org/all/20220216201449.2087956-1-keesc...@chromium.org/
v2: adjust for only some archs having current_stack_pointer
---
arch/arm/Kconfig | 1 +
arch/arm64/Kconfig |
if this is actually
leaking kernel pointers (or data) that's pretty bad. :|
If you really want to leave it build-time selectable, maybe add a new
config that gets "select"ed by CONFIG_ZERO_CALL_USED_REGS?
(And you may want to consider wiping all "unused" registers at syscall
entry as well.)
-Kees
> 1: lwz r2,GPR2(r1)
> lwz r1,GPR1(r1)
> rfi
> --
> 2.34.1
>
--
Kees Cook
On Wed, Feb 16, 2022 at 11:22:33PM +1100, Michael Ellerman wrote:
> Kees Cook writes:
> > On Tue, Feb 15, 2022 at 01:40:55PM +0100, Christophe Leroy wrote:
> >> PPC64/IA64/PARISC have function descriptors. LKDTM doesn't work
> >> on those three architectures becau
+++-
> include/asm-generic/sections.h | 15 -
> include/linux/kallsyms.h | 2 +-
> kernel/extable.c | 24 +++-
> tools/testing/selftests/lkdtm/tests.txt | 1 +
> 25 files changed, 155 insertions(+), 144 deletions(-)
>
> --
> 2.34.1
>
--
Kees Cook
se it won't set
> PPC64_ELF_ABI_v2 macro for PPC64le and won't check the correct code.
>
> Signed-off-by: Christophe Leroy
Reviewed-by: Kees Cook
--
Kees Cook
--- a/tools/testing/selftests/lkdtm/tests.txt
+++ b/tools/testing/selftests/lkdtm/tests.txt
@@ -44,6 +44,7 @@ ACCESS_NULL
WRITE_RO
WRITE_RO_AFTER_INIT
WRITE_KERN
+WRITE_OPD
REFCOUNT_INC_OVERFLOW
REFCOUNT_ADD_OVERFLOW
REFCOUNT_INC_NOT_ZERO_OVERFLOW
(Though for the future I've been considering making the selftests an
opt-out list so the "normal" stuff doesn't need to keep getting added
there.)
Thanks!
Acked-by: Kees Cook
-Kees
--
Kees Cook
n from adding _text) but also, that does help keep it clear. :)
Acked-by: Kees Cook
-Kees
> ---
> drivers/misc/lkdtm/perms.c | 37 -
> 1 file changed, 28 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/misc/lkdtm/perms.c b/drivers/
1 - 100 of 738 matches
Mail list logo
