f(*lc), GFP_KERNEL);
> ... as such, any future NUL-padding is superfluous.
>
> [...]
Applied to for-next/hardening, thanks!
[1/1] dm log userspace: replace deprecated strncpy with strscpy
https://git.kernel.org/kees/c/f8cff5441800
Take care,
--
Kees Cook
e deprecated strncpy with strscpy_pad
https://git.kernel.org/kees/c/0f3f34ea3798
Take care,
--
Kees Cook
[1/1] dm crypt: replace open-coded kmemdup_nul
https://git.kernel.org/kees/c/17348b0a6a6d
Take care,
--
Kees Cook
th strscpy
https://git.kernel.org/kees/c/5d9bc443188f
Take care,
--
Kees Cook
On Fri, 15 Sep 2023 13:03:53 -0700, Kees Cook wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
>
On Fri, 15 Sep 2023 13:04:01 -0700, Kees Cook wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
>
On Fri, 15 Sep 2023 13:03:36 -0700, Kees Cook wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
>
On Fri, 15 Sep 2023 13:03:45 -0700, Kees Cook wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
>
On Fri, 15 Sep 2023 13:04:08 -0700, Kees Cook wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
>
g/linux-manual-4.8/strscpy.9.en.html
> [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-harden...@vger.kernel.org
> Cc: Kees Cook
> Signed-off-by: Justin Stitt
Looks good to me. Thanks for the sizeof() replacement. :)
Reviewed-by: Kees Cook
-Kees
> ---
> Note: b
he param->data area.
So I think this is actually fixing a bug too, but I can't quite tell.
Regardless, the change looks correct:
Reviewed-by: Kees Cook
>
> Considering the above, a suitable replacement is `strscpy_pad` due to
> the fact that it guarantees NUL-termination whilst maintai
rg/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
> [1]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-harden...@vger.kernel.org
> Cc: Kees Cook
> Signed-off-by: Justin Stitt
This looks correct to me. Thanks!
Reviewed-by: Kees Cook
--
Kees Cook
ted-strings
> [1]
> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html
> [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-harden...@vger.kernel.org
> Signed-off-by: Justin Stitt
Agreed about the %NUL termination and padding assessment.
Re
functions).
As found with Coccinelle[1], add __counted_by for struct stripe_c.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Alasdair Kergon
Cc: Mike Snitzer
Cc: dm-devel@redhat.com
Signed-off-by: Kees Cook
---
drivers/md/dm-stripe.c | 2 +-
1 file
functions).
As found with Coccinelle[1], add __counted_by for struct dm_bio_prison.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Alasdair Kergon
Cc: Mike Snitzer
Cc: dm-devel@redhat.com
Signed-off-by: Kees Cook
---
drivers/md/dm-bio-prison-v1.c | 2
functions).
As found with Coccinelle[1], add __counted_by for struct dm_stat.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Alasdair Kergon
Cc: Mike Snitzer
Cc: dm-devel@redhat.com
Signed-off-by: Kees Cook
---
drivers/md/dm-stats.c | 2 +-
1 file
functions).
As found with Coccinelle[1], add __counted_by for struct crypt_config.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Alasdair Kergon
Cc: Mike Snitzer
Cc: dm-devel@redhat.com
Signed-off-by: Kees Cook
---
drivers/md/dm-crypt.c | 2 +-
1
functions).
As found with Coccinelle[1], add __counted_by for struct raid_set.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Alasdair Kergon
Cc: Mike Snitzer
Cc: dm-devel@redhat.com
Signed-off-by: Kees Cook
---
drivers/md/dm-raid.c | 2 +-
1 file
On Thu, 17 Aug 2023 16:59:56 -0700, Kees Cook wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
>
/trunk/coccinelle/examples/counted_by.cocci
Cc: Alasdair Kergon
Cc: Mike Snitzer
Cc: dm-devel@redhat.com
Cc: Paul Moore
Cc: James Morris
Cc: "Serge E. Hallyn"
Cc: linux-security-mod...@vger.kernel.org
Signed-off-by: Kees Cook
---
include/linux/dm-verity-loadpin.h | 2 +-
securi
g/kees/c/47f04616f2c9
Best regards,
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
On Thu, Sep 08, 2022 at 11:25:36AM -0400, Mike Snitzer wrote:
> On Wed, Sep 07 2022 at 6:34P -0400,
> Kees Cook wrote:
>
> > On Wed, 7 Sep 2022 13:30:58 -0700, Matthias Kaehlcke wrote:
> > > Verity targets can be configured to ignore corrupted data blocks.
> > &g
, restarting the system or triggering a
> panic.
>
>
> [...]
Applied to for-next/hardening, thanks!
[1/1] dm: verity-loadpin: Only trust verity targets with enforcement
https://git.kernel.org/kees/c/2e1875c05267
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
ht
directly instead of using the defunct wrapper.
>
>
Applied to for-next/hardening, thanks!
[1/1] dm: verity-loadpin: Drop use of dm_table_get_num_targets()
https://git.kernel.org/kees/c/27603a606fda
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
LoadPin
https://git.kernel.org/kees/c/b6c1c5745ccc
[2/3] LoadPin: Enable loading from trusted dm-verity devices
https://git.kernel.org/kees/c/3f805f8cc23b
[3/3] dm: verity-loadpin: Use CONFIG_SECURITY_LOADPIN_VERITY for conditional
compilation
https://git.kernel.org/kees/c/231a
sted root digest.
> >
> > [1]
> > https://chromium.googlesource.com/chromiumos/platform2/+/HEAD/dlcservice/docs/developer.md
> > [2]
> > https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/verity.html
>
> Hi Kees,
>
> Please pick this series up, thanks.
Thanks for the Acks! I'll get this into -next shortly.
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
changes (when they are not erroneously being used within other
structures) is valid for all compilers. Flexible arrays are C99; it's
been 23 years. :)
But, yes, where we DO break stuff we need to workaround it, etc.
--
Kees Cook
must also be assuming it's a header. So probably better to just
drop the driver_data field? I don't see anything using it (that I can
find) besides as a sanity-check that the field exists and is at the end
of the struct.
--
Kees Cook
from the dm folks, I can carry this with other loadpin changes in
my tree. Though I'm fine with this going via the dm tree, too:
Acked-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
On Mon, May 16, 2022 at 11:17:44AM -0700, Matthias Kaehlcke wrote:
> On Fri, May 13, 2022 at 03:36:26PM -0700, Kees Cook wrote:
> >
> >
> > On May 4, 2022 12:54:18 PM PDT, Matthias Kaehlcke wrote:
> > >Extend LoadPin to allow loading of kernel files from trus
h, may be overkill --
I would expect a 1:1 mapping as you suggest.
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
>+ loadpin_dir = securityfs_create_dir("loadpin", NULL);
>+ if (IS_ERR(loadpin_dir)) {
>+ pr_err("LoadPin: could not create securityfs dir: %d\n",
>+ PTR_ERR(loadpin_dir));
>+ return PTR_ERR(loadpin_dir);
>+
00644
>index ..12a86911d05a
>--- /dev/null
>+++ b/include/linux/dm-verity-loadpin.h
>@@ -0,0 +1,27 @@
>+/* SPDX-License-Identifier: GPL-2.0 */
>+
>+#ifndef __LINUX_DM_VERITY_LOADPIN_H
>+#define __LINUX_DM_VERITY_LOADPIN_H
>+
>+#include
>+
>+struct mappe
++-
>> 3 files changed, 218 insertions(+), 1 deletion(-)
>> create mode 100644 include/uapi/linux/loadpin.h
>
>I would certainly need some Reviewed-by:s from security and/or loadpin
>experts if I were to pick this patch up.
Alternatively, since it's mostly touching loadpin, I can carry it in my tree,
as long as you've Acked the dm bits. :)
>Did you see the issues the kernel test robot emailed about?
>
>You'd do well to fix those issues up when submitting another revision
>of this patchset.
Agreed.
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
y about dm devices).
- have LoadPin grow a securityfs node, maybe something like
/sys/kernel/security/loadpin/dm-verify and do the ioctl there (seems
reasonable given that it's specifically about LoadPin, but is perhaps
more overhead to built the securityfs).
--
Kees Cook
--
dm-devel mailing lis
On Mon, Apr 18, 2022 at 03:43:27PM -0700, Matthias Kaehlcke wrote:
> Hi Kees,
>
> On Mon, Apr 18, 2022 at 03:14:14PM -0700, Kees Cook wrote:
> > [oops, resending to actual CC list]
> >
> > On Mon, Apr 18, 2022 at 02:15:56PM -0700, Matthias Kaehlcke wrote:
> &
thashes come from? I assume some chain of trust exists. Is the list
maybe already stored on the rootfs?
It'd be nice if there was some way to pass the trust chain to LoadPin
more directly.
-Kees
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
Cc: dm-devel@redhat.com
Signed-off-by: Kees Cook
---
drivers/md/dm-integrity.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c
index 6319deccbe09..163c94ca4e5c 100644
--- a/drivers/md/dm-integrity.c
+++ b/drivers/md
In preparation for FORTIFY_SOURCE performing compile-time and run-time
field bounds checking for memset(), avoid intentionally writing across
neighboring fields.
Add struct_group() to mark region of struct journal_sector that should be
initialized to zero.
Signed-off-by: Kees Cook
---
drivers
On Fri, Oct 15, 2021 at 03:26:25PM +0200, Christoph Hellwig wrote:
> Use the proper helper to read the block device size.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/li
ut
> eventually.
>
> Signed-off-by: Christoph Hellwig
You can adjust this changelog to remove the note about SECTOR_SHIFT
now. :)
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
On Fri, Oct 15, 2021 at 03:26:37PM +0200, Christoph Hellwig wrote:
> Use the proper helper to read the block device size.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/li
On Fri, Oct 15, 2021 at 03:26:36PM +0200, Christoph Hellwig wrote:
> Use the proper helper to read the block device size.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/li
On Fri, Oct 15, 2021 at 03:26:35PM +0200, Christoph Hellwig wrote:
> Use the proper helper to read the block device size and remove two
> cargo culted checks that can't be false.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing l
On Fri, Oct 15, 2021 at 03:26:34PM +0200, Christoph Hellwig wrote:
> Use the proper helper to read the block device size.
>
> Signed-off-by: Christoph Hellwig
Thanks for the bdev_by_bytes() helper; this is more readable now. :)
Acked-by: Kees Cook
--
Kees Cook
--
dm-devel mailin
On Fri, Oct 15, 2021 at 03:26:33PM +0200, Christoph Hellwig wrote:
> Use the proper helper to read the block device size.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/li
On Fri, Oct 15, 2021 at 03:26:32PM +0200, Christoph Hellwig wrote:
> Use the proper helper to read the block device size.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/li
On Fri, Oct 15, 2021 at 03:26:31PM +0200, Christoph Hellwig wrote:
> Use the proper helper to read the block device size.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/li
On Fri, Oct 15, 2021 at 03:26:30PM +0200, Christoph Hellwig wrote:
> Use the proper helper to read the block device size.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/li
On Fri, Oct 15, 2021 at 03:26:26PM +0200, Christoph Hellwig wrote:
> Use the proper helper to read the block device size.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/li
On Fri, Oct 15, 2021 at 03:26:22PM +0200, Christoph Hellwig wrote:
> Use the proper helper to read the block device size.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/li
On Fri, Oct 15, 2021 at 03:26:21PM +0200, Christoph Hellwig wrote:
> Use the proper helper to read the block device size.
>
> Signed-off-by: Christoph Hellwig
> Reviewed-by: Chaitanya Kulkarni
Is this basically an open-coded non-sb version of sb_bdev_nr_blocks()?
Reviewed-b
gt;bd_inode.
>
> Matthew already pointed out the return type for bdev_nr_bytes() but also your
> commit message has a typo: "Add a helpe" -> "Add a helper".
Right. With these fixed, I'm a fan. :)
Reviewed-by: Kees Cook
-Kees
--
Kees Cook
--
dm-devel mailing lis
On Fri, Oct 15, 2021 at 03:26:20PM +0200, Christoph Hellwig wrote:
> Use the proper helper to read the block device size.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/li
On Fri, Oct 15, 2021 at 03:26:14PM +0200, Christoph Hellwig wrote:
> Ensure these are always available for inlines in the various block layer
> headers.
>
> Signed-off-by: Christoph Hellwig
Awesome, yes. Thanks!
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing l
; >
> > No strong opinion here but I do agree with you that bdev_size() is a bad
> > choice for sure. It is bound to cause bugs down the line when people
> > forget what unit it is in.
>
> I don't really mind bdev_size since it's analogous to i_size, but
> bdev_nr_bytes seems good to me.
I much prefer bdev_nr_bytes(), as "size" has no units.
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
el.c | 5 ++---
> fs/udf/super.c |9 +++--
> include/linux/genhd.h |6 ++
> 56 files changed, 100 insertions(+), 117 deletions(-)
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
On Wed, Oct 13, 2021 at 07:10:42AM +0200, Christoph Hellwig wrote:
> Use the sb_bdev_nr_blocks helper instead of open coding it.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman
On Wed, Oct 13, 2021 at 07:10:41AM +0200, Christoph Hellwig wrote:
> Use the sb_bdev_nr_blocks helper instead of open coding it.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman
BUG_ON(blocksize != sb->s_blocksize);
> - vol->nr_blocks = i_size_read(sb->s_bdev->bd_inode) >>
> - sb->s_blocksize_bits;
> + vol->nr_blocks = sb_bdev_nr_blocks(sb);
> ntfs_debug("Changed dev
On Wed, Oct 13, 2021 at 07:10:39AM +0200, Christoph Hellwig wrote:
> Use the sb_bdev_nr_blocks helper instead of open coding it.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman
/* check blocks count against device size */
> - blocks_count = sb->s_bdev->bd_inode->i_size >> sb->s_blocksize_bits;
> + blocks_count = sb_bdev_nr_blocks(sb);
Wait, my bad. Yes, this is fine. It's going through two helpers. :)
Reviewed-by: Kees
; ext4_blocks_count(es) > blocks_count) {
> ext4_msg(sb, KERN_WARNING, "bad geometry: block count %llu "
> "exceeds size of device (%llu blocks)",
> --
> 2.30.2
>
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
_changed(struct gendisk *disk, bool invalidate);
> void blk_drop_partitions(struct gendisk *disk);
>
> --
> 2.30.2
>
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
On Wed, Oct 13, 2021 at 07:10:28AM +0200, Christoph Hellwig wrote:
> Use the proper helper to read the block device size.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/li
On Wed, Oct 13, 2021 at 07:10:27AM +0200, Christoph Hellwig wrote:
> Use the proper helper to read the block device size.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/li
On Wed, Oct 13, 2021 at 07:10:26AM +0200, Christoph Hellwig wrote:
> Use the proper helper to read the block device size.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/li
; }
>
> - devsize = mapping->host->i_size >> PAGE_SHIFT;
> + devsize = bdev_nr_sectors(sb->s_bdev) >> (PAGE_SHIFT - SECTOR_SHIFT);
I find this less readable than "bytes >> PAGE_SHIFT". I'd suggest this
use a new bdev_nr_bytes() help
On Wed, Oct 13, 2021 at 07:10:14AM +0200, Christoph Hellwig wrote:
> Use the equivalent block layer helper instead.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
the series needing:
bdev_nr_sectors(...bdev) << SECTOR_SHIFT
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
On Wed, Oct 13, 2021 at 07:10:23AM +0200, Christoph Hellwig wrote:
> Use the proper helper to read the block device size.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/li
On Wed, Oct 13, 2021 at 07:10:16AM +0200, Christoph Hellwig wrote:
> Use the proper helper to read the block device size.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/li
On Wed, Oct 13, 2021 at 07:10:22AM +0200, Christoph Hellwig wrote:
> No need to convert from bdev to inode and back.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/dm-devel
On Wed, Oct 13, 2021 at 07:10:15AM +0200, Christoph Hellwig wrote:
> Use the proper helper to read the block device size.
>
> Signed-off-by: Christoph Hellwig
Reviewed-by: Kees Cook
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://listman.redhat.com/mailman/li
Cc: dm-devel@redhat.com
Signed-off-by: Kees Cook
---
drivers/md/dm-integrity.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/drivers/md/dm-integrity.c b/drivers/md/dm-integrity.c
index 40f8116c8e44..59deea0dd305 100644
--- a/drivers/md/dm-integrity.c
+++ b/drivers/md
h;
continue;
goto ;
return [expression];
[3] https://cwe.mitre.org/data/definitions/484.html
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel
On Mon, Nov 23, 2020 at 05:32:51PM -0800, Nick Desaulniers wrote:
> On Sun, Nov 22, 2020 at 8:17 AM Kees Cook wrote:
> >
> > On Fri, Nov 20, 2020 at 11:51:42AM -0800, Jakub Kicinski wrote:
> > > If none of the 140 patches here fix a real bug, and there is no chan
are still bugs being found from it -- we need to finish this and shut
the door on it for good.)
--
Kees Cook
--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel
On Fri, Nov 20, 2020 at 11:51:42AM -0800, Jakub Kicinski wrote:
> On Fri, 20 Nov 2020 11:30:40 -0800 Kees Cook wrote:
> > On Fri, Nov 20, 2020 at 10:53:44AM -0800, Jakub Kicinski wrote:
> > > On Fri, 20 Nov 2020 12:21:39 -0600 Gustavo A. R. Silva wrote:
> > > > This
On Fri, Nov 20, 2020 at 11:51:42AM -0800, Jakub Kicinski wrote:
> On Fri, 20 Nov 2020 11:30:40 -0800 Kees Cook wrote:
> > On Fri, Nov 20, 2020 at 10:53:44AM -0800, Jakub Kicinski wrote:
> > > On Fri, 20 Nov 2020 12:21:39 -0600 Gustavo A. R. Silva wrote:
> > > > This
ngs are supposed to warn about issues that could
> be bugs. Falling through to default: break; can hardly be a bug?!
It's certainly a place where the intent is not always clear. I think
this makes all the cases unambiguous, and doesn't impact the machine
code, since the compiler will happily optimize
:%d / %d\n",
> @@ -364,7 +367,7 @@ static int exercise_rs(struct rs_control *rs, struct
> wspace *ws,
>
> /* Tests for correct behaviour beyond error correction capacity */
> static void test_bc(struct rs_control *rs, int len, int errs,
> - int eras, int tria
nd the ones that doesn't
> change any block device when the dm is create as read-only. For example,
> mirror and cache targets are not allowed. The rationale behind this is
> that if the user makes a mistake, choosing the wrong device to be the
> mirror or the cache can corrupt data.
ot process (as the root device or otherwise).
> >
> > Signed-off-by: Will Drewry
> > Signed-off-by: Kees Cook
> > [rework to use dm_ioctl calls]
> > Signed-off-by: Enric Balletbo i Serra
> > [refactored for upstream]
> > Signed-off-by: Helen Koike
>
this series:
https://www.redhat.com/archives/dm-devel/2016-February/msg00199.html
And it matches the "concise" format in dmsetup:
https://sourceware.org/git/?p=lvm2.git;a=commit;h=827be01758ec5adb7b9d5ea75b658092adc65534
What do you feel are next steps?
Thanks!
-Kees
--
Kees Cook
Pixel Security
--
dm-devel mailing list
dm-devel@redhat.com
https://www.redhat.com/mailman/listinfo/dm-devel
On Mon, Sep 3, 2018 at 8:13 PM, Herbert Xu wrote:
> On Tue, Aug 07, 2018 at 02:18:39PM -0700, Kees Cook wrote:
>> In the quest to remove all stack VLA usage from the kernel[1], this uses
>> the new HASH_MAX_DIGESTSIZE from the crypto layer to allocate the upper
>> bounds on
On Mon, Sep 3, 2018 at 10:19 PM, Herbert Xu wrote:
> On Tue, Aug 07, 2018 at 02:18:34PM -0700, Kees Cook wrote:
>> v8 cover letter:
>>
>> I continue to hope this can land in v4.19, but I realize that's unlikely.
>> It would be nice, though, if some of the "trivial&
-by: Kees Cook
---
include/crypto/cbc.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/crypto/cbc.h b/include/crypto/cbc.h
index f5b8bfc22e6d..3bf28beefa33 100644
--- a/include/crypto/cbc.h
+++ b/include/crypto/cbc.h
@@ -113,7 +113,7 @@ static inline int
cra_blocksize is 144 (SHA3_224_BLOCK_SIZE, 18 8-byte words). For the
new blocksize limit, I went with 160 (20 8-byte words).
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
crypto/algapi.c | 7 ++-
include
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
crypto/xcbc.c | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/crypto/xcbc.c b/crypto/xcbc.c
index 25c75af50d3f..c055f57fab11 100644
--- a/crypto/xcbc.c
+++ b/crypto/xcbc.c
@@ -57,15 +57,17 @@ struct
crypto_skcipher_set_reqsize: 88
crypto_skcipher_set_reqsize: 472
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
include/crypto/internal/skcipher.h | 1 +
include/crypto/skcipher.h | 4
this helper was the only user.
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
crypto/shash.c | 27 ---
include/linux/compiler-gcc.h | 1 -
2 files changed, 16 insertions(+), 12
...@mail.gmail.com
Signed-off-by: Kees Cook
---
crypto/ahash.c| 4 ++--
crypto/algif_hash.c | 2 +-
crypto/shash.c| 6 +++---
include/crypto/hash.h | 6 +-
4 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/crypto/ahash.c b/crypto/ahash.c
index a64c143165b1..78aaf2158c43
In the quest to remove all stack VLA usage from the kernel[1], this uses
the new HASH_MAX_DIGESTSIZE from the crypto layer to allocate the upper
bounds on stack usage.
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
ahash instead of guessing.
- improve names and comments for alg maxes
Ard Biesheuvel (1):
crypto: ccm: Remove VLA usage
Kees Cook (8):
crypto: xcbc: Remove VLA usage
crypto: cbc: Remove VLA usage
crypto: hash: Remove VLA usage
dm: Remove VLA usage from hashes
crypto alg: Introduce generi
In the quest to remove all stack VLA usage from the kernel[1], this uses
the new upper bound for the stack buffer. Also adds a sanity check.
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
drivers/crypto/qat
On Tue, Aug 7, 2018 at 2:47 AM, Herbert Xu wrote:
> On Thu, Aug 02, 2018 at 03:51:45PM -0700, Kees Cook wrote:
>> In the quest to remove all stack VLA usage from the kernel[1], this
>> uses the upper bounds on blocksize. Since this is always a cipher
>> blocksize, use th
this helper was the only user.
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
crypto/shash.c | 27 ---
include/linux/compiler-gcc.h | 1 -
2 files changed, 16 insertions(+), 12
=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Ard Biesheuvel
Signed-off-by: Kees Cook
---
crypto/ccm.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/crypto/ccm.c b/crypto/ccm.c
index 0a083342ec8c..b242fd0d3262 100644
--- a/crypto/ccm.c
+++ b/crypto/ccm.c
@@ -50,7
-by: Kees Cook
---
include/crypto/cbc.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/include/crypto/cbc.h b/include/crypto/cbc.h
index f5b8bfc22e6d..47db0aac2ab9 100644
--- a/include/crypto/cbc.h
+++ b/include/crypto/cbc.h
@@ -113,7 +113,9 @@ static inline int
1 - 100 of 236 matches
Mail list logo