The boot message buffer could potentially overflow the stack and the
heap. Additionally make sure format strings could not leak into printk()
calls.
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/staging/dgap/dgap_driver.c | 17 ++---
1 file changed, 10 insertions(+), 7
This fixes up the usage of snprintf, strncpy, and format strings in the
call to kthread_run to avoid ever accidentally allowing a format string
into the thread name.
Signed-off-by: Kees Cook keesc...@chromium.org
---
.../staging/lustre/lnet/klnds/o2iblnd/o2iblnd_cb.c |2 +-
.../staging
Make sure that format strings cannot leak into printk() calls from the
msgbuf string.
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/staging/dgnc/dgnc_driver.c |4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/staging/dgnc/dgnc_driver.c
b/drivers
Makes sure format string cannot leak into device_create() call.
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/staging/xillybus/xillybus_core.c |2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/xillybus/xillybus_core.c
b/drivers/staging/xillybus
On Tue, Sep 10, 2013 at 10:00 PM, Joe Perches j...@perches.com wrote:
On Tue, 2013-09-10 at 21:41 -0700, Kees Cook wrote:
Make sure that format strings cannot leak into printk() calls from the
msgbuf string.
printf(string);
vs
printf(%s, string);
How does this help
On Wed, Sep 11, 2013 at 12:09 PM, Joe Perches j...@perches.com wrote:
On Wed, 2013-09-11 at 11:19 -0700, Kees Cook wrote:
On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter dan.carpen...@oracle.com
wrote:
On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
In the former case, format
On Wed, Sep 11, 2013 at 12:22 PM, Dan Carpenter
dan.carpen...@oracle.com wrote:
On Wed, Sep 11, 2013 at 11:19:11AM -0700, Kees Cook wrote:
On Wed, Sep 11, 2013 at 2:31 AM, Dan Carpenter dan.carpen...@oracle.com
wrote:
On Tue, Sep 10, 2013 at 10:19:17PM -0700, Kees Cook wrote:
In the former
this feature and convert the existing uses of %n
to use the return length from vsnprintf or its derivatives.
Signed-off-by: Joe Perches j...@perches.com
Acked-by: KOSAKI Motohiro kosaki.motoh...@jp.fujitsu.com (proc bits)
cc: Kees Cook keesc...@chromium.org
cc: Frederic Weisbecker fweis
This makes sure a format string cannot leak into the work queue name nor
the printk buffer.
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/staging/rtl8192ee/base.c |2 +-
drivers/staging/rtl8192ee/btcoexist/halbtcoutsrc.h |2 +-
2 files changed, 2 insertions
This make sure a format string cannot leak into the work queue name nor
the printk buffer.
Signed-off-by: Kees Cook keesc...@chromium.org
---
This is the third time this set of macros has entered the kernel:
drivers/net/wireless/rtlwifi/btcoexist/halbtcoutsrc.h
drivers/staging/rtl8192ee
This makes sure the cfg-name can never accidentally be processed as a
format string in the worker thread name.
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/staging/rtl8821ae/base.c |3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/staging/rtl8821ae
for strlcpy instead?
-Kees
--
Kees Cook
Chrome OS Security
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
On Sat, Aug 16, 2014 at 4:14 PM, Rickard Strandqvist
rickard_strandqv...@spectrumdigital.se wrote:
2014-08-12 16:58 GMT+02:00 Kees Cook keesc...@chromium.org:
On Sat, Aug 9, 2014 at 4:46 PM, Rickard Strandqvist
rickard_strandqv...@spectrumdigital.se wrote:
Added a guaranteed null-terminate
Calling kthread_run with a single name parameter causes it to be handled
as a format string. Since the uisthread interface lacks format parameters,
use %s to avoid any potential accidents from callers passing in dynamic
string content.
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers
This makes sure the kthread name can't be parsed as a format string.
Signed-off-by: Kees Cook keesc...@chromium.org
---
drivers/staging/unisys/visornic/visornic_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/staging/unisys/visornic/visornic_main.c
b/drivers
Since "name" is always used directly, force "%s" for the kthread
format string to avoid any potential format string leaks.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/staging/unisys/visorhba/visorhba_main.c | 2 +-
1 file changed, 1 insertion(+),
Since "name" is always used directly, force "%s" for the kthread
format string to avoid any potential format string leaks.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/staging/unisys/visorhba/visorhba_main.c | 2 +-
1 file changed, 1 insertion(+),
tic const struct hv_vmbus_device_id i
> MODULE_DEVICE_TABLE(pci, pci_stub_id_table);
> MODULE_DEVICE_TABLE(vmbus, id_table);
>
> -static struct hv_driver hvfb_drv = {
> +static struct hv_driver hvfb_drv __ro_after_init = {
> .name = KBUILD_MODNAME,
> .id_table = id_table,
> .probe = hvfb_probe,
Reviewed-by: Kees Cook <keesc...@chromium.org>
-Kees
--
Kees Cook
Nexus Security
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
On Mon, Aug 15, 2016 at 8:41 AM, Stephen Hemminger
<step...@networkplumber.org> wrote:
> On Fri, 12 Aug 2016 20:05:27 -0700
> Kees Cook <keesc...@chromium.org> wrote:
>
>> On Fri, Aug 12, 2016 at 4:35 PM, Stephen Hemminger
>> <step...@networkplumber.org> wro
when called only during
>> init.
>> This protects the data structure from accidental corruption.
>>
>> Suggested-by: Kees Cook <keesc...@chromium.org>
>> Signed-off-by: Jess Frazelle <m...@jessfraz.com>
>> ---
>> drivers/pci/host/pci-hyperv.
On Tue, Jan 3, 2017 at 3:55 PM, Bruce Korb <bruce.k...@gmail.com> wrote:
> On Tue, Jan 3, 2017 at 3:47 PM, Kees Cook <keesc...@chromium.org> wrote:
>>> how is the code to be verified so that
>>> any use of things like offsetof and any
>>> address/indexing
On Wed, Jan 4, 2017 at 8:55 AM, Stephen Hemminger
<step...@networkplumber.org> wrote:
> On Tue, 3 Jan 2017 22:35:26 -0800
> Kees Cook <keesc...@chromium.org> wrote:
>
>> For randstruct and constify, the automatic selection is done on
>> structures with on
On Tue, Dec 20, 2016 at 9:29 AM, Joe Perches <j...@perches.com> wrote:
> On Fri, 2016-12-16 at 17:00 -0800, Kees Cook wrote:
>> Prepare to mark sensitive kernel structures for randomization by making
> sure they're using designated initializers.
>
> About the design
On Tue, Jan 3, 2017 at 10:27 PM, Julia Lawall <julia.law...@lip6.fr> wrote:
>
>
> On Tue, 3 Jan 2017, Kees Cook wrote:
>
>> On Tue, Dec 20, 2016 at 9:29 AM, Joe Perches <j...@perches.com> wrote:
>> > On Fri, 2016-12-16 at 17:00 -0800, Kees Cook wrote:
ler. { } is
the same thing, but doesn't use ordered initialization. If this style
is truly unacceptable to you, then { .somefield = NULL } can work, or
as you point out, if it's being initialized later, the static
initializer can be dropped entirely.
-Kees
--
Kees Cook
Nexus Security
__
Prepare to mark sensitive kernel structures for randomization by making
sure they're using designated initializers. These were identified during
allyesconfig builds of x86, arm, and arm64, with most initializer fixes
extracted from grsecurity.
Signed-off-by: Kees Cook <keesc...@chromium.
it seemed best to put them all in
a single patch rather than chopping them up per maintainer.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
arch/arm/mach-omap2/board-n8x0.c | 2 +-
arch/mips/dec/prom/init.c | 6 +++---
arch/mip
On Thu, Apr 6, 2017 at 1:48 AM, Jani Nikula <jani.nik...@linux.intel.com> wrote:
> On Thu, 06 Apr 2017, Kees Cook <keesc...@chromium.org> wrote:
>> While examining output from trial builds with -Wformat-security enabled,
>> many strings were found that should be defin
xfoundation.org>
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/staging/comedi/drivers/das16.c | 10 --
1 file changed, 4 insertions(+), 6 deletions(-)
diff --git a/drivers/staging/comedi/drivers/das16.c
b/drivers/staging/come
p.com>
Cc: Ganesh Krishna <ganesh.kris...@microchip.com>
Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Cc: Jens Axboe <ax...@fb.com>
Cc: net...@vger.kernel.org
Cc: linux-wirel...@vger.kernel.org
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.
nesh.kris...@microchip.com>
Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Cc: linux-wirel...@vger.kernel.org
Cc: de...@driverdev.osuosl.org
Cc: Thomas Gleixner <t...@linutronix.de>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
This requires commit 686fef928bba (&
gt;
Cc: Alan Cox <a...@linux.intel.com>
Cc: Daeseok Youn <daeseok.y...@gmail.com>
Cc: Arnd Bergmann <a...@arndb.de>
Cc: linux-me...@vger.kernel.org
Cc: de...@driverdev.osuosl.org
Cc: Thomas Gleixner <t...@linutronix.de>
Signed-off-by: Kees Cook <keesc...@chromium.org
t;
Cc: Sebastian Haas <seh...@deebas.com>
Cc: de...@driverdev.osuosl.org
Cc: Thomas Gleixner <t...@linutronix.de>
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
This requires commit 686fef928bba ("timer: Prepare to change timer
callback argument type") in v4.14-rc3, but sh
Yamanappagouda Patil <goudapat...@gmail.com>
Cc: Georgiana Rodica Chelu <georgiana.chel...@gmail.com>
Cc: Colin Ian King <colin.k...@canonical.com>
Cc: Baoyou Xie <baoyou@linaro.org>
Cc: de...@driverdev.osuosl.org
Cc: Thomas Gleixner <t...@linutronix.de>
Signed
<a...@arndb.de>
Cc: Fabrizio Perria <fabrizio.per...@gmail.com>
Cc: Baoyou Xie <baoyou@linaro.org>
Cc: Tuomo Rinne <tuomo.ri...@gmail.com>
Cc: Colin Ian King <colin.k...@canonical.com>
Cc: de...@driverdev.osuosl.org
Cc: Thomas Gleixner <t...@linutronix.de>
ex.ru>
Cc: Vijai Kumar K <vijaikumar.kanagara...@gmail.com>
Cc: Wei Yongjun <weiyongj...@huawei.com>
Cc: "Raphaël Beamonte" <raphael.beamo...@gmail.com>
Cc: Jannik Becher <becher.jan...@gmail.com>
Cc: Joseph Wright <rjosephwri...@gmail.com>
Cc: de...@drive
On Tue, Oct 17, 2017 at 1:23 AM, Sakari Ailus <sakari.ai...@iki.fi> wrote:
> On Mon, Oct 16, 2017 at 04:24:56PM -0700, Kees Cook wrote:
>> In preparation for unconditionally passing the struct timer_list pointer to
>> all timer callbacks, switch to using the new timer_s
Colin Ian King <colin.k...@canonical.com>
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/staging/rtl8192u/ieee80211/ieee80211.h | 6 +--
.../staging/rtl8192u/ieee80211/ieee80211_crypt.c | 4 +-
.../staging/rtl8192u/ieee80211
-transaction.
Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Cc: Bhumika Goyal <bhumi...@gmail.com>
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/staging/fwserial/fwserial.c | 16
1 file changed, 4 insertions(+), 12 deleti
artley Sweeten <hswee...@visionengravers.com>
Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/staging/comedi/drivers/comedi_test.c | 18 ++
drivers/staging/comedi/dr
roah-Hartman <gre...@linuxfoundation.org>
Cc: driverdev-devel@linuxdriverproject.org
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/staging/dgnc/dgnc_driver.c | 8 +++-
1 file changed, 3 insertions(+), 5 deletions(-)
diff --git a/drivers/st
uot;David S. Miller" <da...@davemloft.net>
Cc: Johannes Berg <johannes.b...@intel.com>
Cc: Georgiana Rodica Chelu <georgiana.chel...@gmail.com>
Cc: Colin Ian King <colin.k...@canonical.com>
Cc: Baoyou Xie <baoyou@linaro.org>
Cc: de...@driverdev.osuosl.org
Sign
t;
Cc: Sebastian Haas <seh...@deebas.com>
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/staging/rtl8188eu/core/rtw_led.c | 7 +++
drivers/staging/rtl8188eu/core/rtw_mlme.c| 15 +--
drivers/staging/rtl8188eu/core/rtw_
gt;
Cc: Alan Cox <a...@linux.intel.com>
Cc: Daeseok Youn <daeseok.y...@gmail.com>
Cc: Arnd Bergmann <a...@arndb.de>
Cc: linux-me...@vger.kernel.org
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/staging/media/atom
ex.ru>
Cc: Vijai Kumar K <vijaikumar.kanagara...@gmail.com>
Cc: Wei Yongjun <weiyongj...@huawei.com>
Cc: "Raphaël Beamonte" <raphael.beamo...@gmail.com>
Cc: Jannik Becher <becher.jan...@gmail.com>
Cc: Joseph Wright <rjosephwri...@gmail.com>
Cc: de...@driverdev.
nesh.kris...@microchip.com>
Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Cc: linux-wirel...@vger.kernel.org
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/staging/wilc1000/host_interface.c | 39 +--
Finger <larry.fin...@lwfinger.net>
Cc: Kalle Valo <kv...@codeaurora.org>
Cc: Ping-Ke Shih <pks...@realtek.com>
Cc: shaofu <sha...@realtek.com>
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/staging/rtlwifi/base.c
On Fri, Sep 1, 2017 at 2:38 AM, Ian Abbott <abbo...@mev.co.uk> wrote:
> On 01/09/17 10:29, Ian Abbott wrote:
>>
>> On 01/09/17 00:29, Kees Cook wrote:
>>>
>>> With timer initialization made unconditional, there is no reason to
>>> make del_tim
p.com>
Cc: Ganesh Krishna <ganesh.kris...@microchip.com>
Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Cc: Jens Axboe <ax...@fb.com>
Cc: net...@vger.kernel.org
Cc: linux-wirel...@vger.kernel.org
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.
xfoundation.org>
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/staging/comedi/drivers/das16.c | 9 +++--
1 file changed, 3 insertions(+), 6 deletions(-)
diff --git a/drivers/staging/comedi/drivers/das16.c
b/drivers/staging/come
p.com>
Cc: Ganesh Krishna <ganesh.kris...@microchip.com>
Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Cc: Jens Axboe <ax...@fb.com>
Cc: net...@vger.kernel.org
Cc: linux-wirel...@vger.kernel.org
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.
gmail.com>
Cc: Adrien Descamps <adrien.desca...@gmail.com>
Cc: Thibaut SAUTEREAU <thibaut.sauter...@telecom-sudparis.eu>
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/staging/wlan-ng/hfa384x_usb.c | 29 +---
In preparation for unconditionally passing the struct timer_list pointer to
all timer callbacks, switch to using the new timer_setup() and from_timer()
to pass the timer pointer explicitly.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/staging/media/atomisp/i2c/lm3554
..@tobin.cc>
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/staging/ks7010/ks_wlan_net.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/drivers/staging/ks7010/ks_wlan_net.c
b/drivers/staging/ks7010/ks_wlan_net.c
index b82b5
.@nexus-software.ie>
Cc: Johan Hovold <jo...@kernel.org>
Cc: Alex Elder <el...@kernel.org>
Cc: greybus-...@lists.linaro.org
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/staging/greybus/loopback.c | 14 --
drivers/sta
tefan Wahren <stefan.wah...@i2se.com>
Cc: Michael Zoran <mzo...@crowfest.net>
Cc: Keerthi Reddy <keerthigd4...@gmail.com>
Cc: linux-rpi-ker...@lists.infradead.org
Cc: linux-arm-ker...@lists.infradead.org
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.or
linyu.y...@alcatel-sbell.com.cn>
Cc: Johannes Berg <johannes.b...@intel.com>
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/staging/rtl8723bs/core/rtw_mlme.c | 10 +--
drivers/staging/rtl8723bs/core/rtw_mlme_ext.c | 1
On Tue, Oct 24, 2017 at 2:40 AM, Bryan O'Donoghue
<pure.lo...@nexus-software.ie> wrote:
> On 24/10/17 10:35, Bryan O'Donoghue wrote:
>>
>> On 24/10/17 09:25, Kees Cook wrote:
>>>
>>> In preparation for unconditionally passing the struct timer_list pointer
Noticed during Clang builds. This drops the redundant parentheses.
Cc: Samuel Ortiz <sam...@sortiz.org>
Cc: Greg Kroah-Hartman <gre...@linuxfoundation.org>
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/staging/irda/net/irlmp.
rtlpriv->works.rtl_wq,
>>works.watchdog_wq, 0);
> --
> 2.9.0
>
Acked-by: Kees Cook <keesc...@chromium.org>
Thanks for catching this! (sfr reported this too.)
-Kees
--
Kees Cook
Pixel Security
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
On Mon, Oct 30, 2017 at 5:05 PM, Kees Cook <keesc...@chromium.org> wrote:
> On Mon, Oct 30, 2017 at 5:01 PM, <pure.lo...@nexus-software.ie> wrote:
>> There's a separate change to loopback.c an old patch ARAIR that will
>> subtract use of the timer from loopback
On Fri, Nov 3, 2017 at 2:49 PM, Bryan O'Donoghue
<bryan.odonog...@linaro.org> wrote:
>
>
> On 03/11/17 20:21, Kees Cook wrote:
>>
>> On Mon, Oct 30, 2017 at 5:05 PM, Kees Cook <keesc...@chromium.org> wrote:
>>>
>>> On Mon, Oct 30, 201
On Tue, Oct 24, 2017 at 6:30 AM, Bryan O'Donoghue
<pure.lo...@nexus-software.ie> wrote:
> On 24/10/17 14:14, Kees Cook wrote:
>>
>> On Tue, Oct 24, 2017 at 5:52 AM, Bryan O'Donoghue
>> <pure.lo...@nexus-software.ie> wrote:
>>>
>>> On 24/10/17 13
.@nexus-software.ie>
Cc: Johan Hovold <jo...@kernel.org>
Cc: Alex Elder <el...@kernel.org>
Cc: greybus-...@lists.linaro.org
Cc: de...@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
v2: Added back "get" in timer code, thanks to Bryan
On Tue, Oct 24, 2017 at 5:52 AM, Bryan O'Donoghue
<pure.lo...@nexus-software.ie> wrote:
> On 24/10/17 13:47, Kees Cook wrote:
>>
>> On Tue, Oct 24, 2017 at 2:40 AM, Bryan O'Donoghue
>> <pure.lo...@nexus-software.ie> wrote:
>>>
>>> On 24/10/17 10:
.
>
> That's correct.
>
>> I'll probably need at least a day to look at that, so it'll be the
>> weekend before I can really allocate time.
>
> Cool. I'm quite sure I just rebased your loopback conversion patch on my
> core timeout handling and used that to test the core i
On Mon, Oct 30, 2017 at 5:01 PM, <pure.lo...@nexus-software.ie> wrote:
> On 30 October 2017 9:37:37 p.m. GMT+00:00, Kees Cook <keesc...@chromium.org>
> wrote:
>>On Mon, Oct 30, 2017 at 4:48 AM, Johan Hovold <jo...@kernel.org> wrote:
>>> On Mon, Oct 30, 201
..@driverdev.osuosl.org
Signed-off-by: Kees Cook <keesc...@chromium.org>
Tested-by: Stefan Wahren <stefan.wah...@i2se.com>
---
.../vc04_services/interface/vchiq_arm/vchiq_arm.c | 17 +++--
.../vc04_services/interface/vchiq_arm/vchiq_arm.h | 1 +
2 files chang
On Fri, Jun 15, 2018 at 9:47 AM, Kees Cook wrote:
> On Fri, Jun 15, 2018 at 9:33 AM, Greg Kroah-Hartman
> wrote:
>> On Sat, Jun 16, 2018 at 12:25:23AM +0800, Zhouyang Jia wrote:
>>> When usb_alloc_urb fails, the lack of error-handling code may
>>> cause unexpect
;
kfree(priv->rx_urb);
I think you need some kind of helper to do this, and you can call into
it from your error paths...
-Kees
> {sigh}
>
> No, you are still leaking memory on all of these changes that you just
> made :(
>
> greg k-h
--
Kees Cook
Pixel Security
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
x_urb = NULL;
> -
> DMESGE("Endpoint Alloc Failure");
> - return -ENOMEM;
> + goto out_release_mem;
> }
>
> netdev_dbg(dev, "End of initendpoints\n");
>
On Tue, Jul 24, 2018 at 10:31 AM, Joe Perches wrote:
> On Tue, 2018-07-24 at 09:49 -0700, Kees Cook wrote:
>> All users of AHASH_REQUEST_ON_STACK have been removed from the kernel, so
>> drop it entirely so no VLAs get reintroduced by future users.
>
> checkpatch has a test
On Tue, Jul 24, 2018 at 9:57 AM, Ard Biesheuvel
wrote:
> On 24 July 2018 at 18:49, Kees Cook wrote:
>> From: Ard Biesheuvel
>>
>> In the quest to remove all stack VLA usage from the kernel[1], this
>> drops AHASH_REQUEST_ON_STACK by preallocated the ahash request are
On Wed, Jul 25, 2018 at 4:32 AM, Rafael J. Wysocki wrote:
> On Tue, Jul 24, 2018 at 6:49 PM, Kees Cook wrote:
>> In the quest to remove all stack VLA usage from the kernel[1], this
>> removes the discouraged use of AHASH_REQUEST_ON_STACK by switching to
>> shash di
@mail.gmail.com
Ard Biesheuvel (1):
crypto: ccm: Remove VLA usage
Kees Cook (17):
crypto: xcbc: Remove VLA usage
crypto: cbc: Remove VLA usage
crypto: hash: Remove VLA usage
dm: Remove VLA usage from hashes
crypto alg: Introduce generic max blocksize and alignmask
crypto: qat: Remove VLA u
crypto_skcipher_set_reqsize: 88
crypto_skcipher_set_reqsize: 472
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
include/crypto/internal/skcipher.h | 1 +
include/crypto/skcipher.h | 4
In the quest to remove all stack VLA usage from the kernel[1], this uses
the new upper bound for the stack buffer. Also adds a sanity check.
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
drivers/crypto/qat
and reduces stack usage. The stack allocation will be made
a fixed size in a later patch to the crypto subsystem.
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
Reviewed-by: Eric Biggers
---
drivers/md/dm-crypt.c | 31
-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
crypto/xcbc.c | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/crypto/xcbc.c b/crypto/xcbc.c
index 25c75af50d3f..c055f57fab11 100644
--- a/crypto/xcbc.c
+++ b/crypto/xcbc.c
@@ -57,15 +57,17 @@ struct
...@mail.gmail.com
Signed-off-by: Kees Cook
---
crypto/ahash.c| 4 ++--
crypto/algif_hash.c | 2 +-
crypto/shash.c| 6 +++---
include/crypto/hash.h | 6 +-
4 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/crypto/ahash.c b/crypto/ahash.c
index a64c143165b1..78aaf2158c43
=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Ard Biesheuvel
Signed-off-by: Kees Cook
---
crypto/ccm.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/crypto/ccm.c b/crypto/ccm.c
index 0a083342ec8c..b242fd0d3262 100644
--- a/crypto/ccm.c
+++ b/crypto/ccm.c
@@ -50,7 +50,10
All users of AHASH_REQUEST_ON_STACK have been removed from the kernel, so
drop it entirely so no VLAs get reintroduced by future users.
Signed-off-by: Kees Cook
---
include/crypto/hash.h | 5 -
1 file changed, 5 deletions(-)
diff --git a/include/crypto/hash.h b/include/crypto/hash.h
index
cra_blocksize is 144 (SHA3_224_BLOCK_SIZE, 18 8-byte words). For the
new blocksize limit, I went with 160 (20 8-byte words).
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
crypto/algapi.c | 7 ++-
include
+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
Acked-by: Arnd Bergmann
---
drivers/net/ppp/ppp_mppe.c | 56 --
1 file changed, 30 insertions(+), 26 deletions(-)
diff --git a/drivers/net/ppp/ppp_mppe.c b/drivers/net/ppp
/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
Acked-by: Pavel Machek
---
arch/x86/power/hibernate_64.c | 36 ---
1 file changed, 21 insertions(+), 15 deletions(-)
diff --git a/arch/x86/power/hibernate_64.c b/arch
this helper was the only user.
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
crypto/shash.c | 27 ---
include/linux/compiler-gcc.h | 1 -
2 files changed, 16 insertions(+), 12
: the frame size of 1152 bytes is larger than
1024 bytes [-Wframe-larger-than=]
This passes the initial SKCIPHER_REQUEST_ON_STACK allocation to the leaf
functions for reuse. Two requests allocated on the stack is not needed
when only one is used at a time.
Signed-off-by: Kees Cook
Acked-by: Arnd Bergmann
. By removing a layer of indirection this both improves
performance and reduces stack usage. The stack allocation will be made
a fixed size in a later patch to the crypto subsystem.
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
and reduces stack usage. The stack allocation will be made
a fixed size in a later patch to the crypto subsystem.
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
drivers/block/drbd/drbd_int.h | 13 +++
drivers/block
-by: Kees Cook
---
include/crypto/cbc.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/include/crypto/cbc.h b/include/crypto/cbc.h
index f5b8bfc22e6d..47db0aac2ab9 100644
--- a/include/crypto/cbc.h
+++ b/include/crypto/cbc.h
@@ -113,7 +113,9 @@ static inline int
. By removing a layer of indirection this both improves
performance and reduces stack usage. The stack allocation will be made
a fixed size in a later patch to the crypto subsystem.
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
and reduces stack usage. The stack allocation will be made
a fixed size in a later patch to the crypto subsystem.
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
---
net/wireless/lib80211_crypt_tkip.c | 58
In the quest to remove all stack VLA usage from the kernel[1], this uses
the new HASH_MAX_DIGESTSIZE from the crypto layer to allocate the upper
bounds on stack usage.
[1]
https://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com
Signed-off-by: Kees Cook
As already done treewide, switch from open-coded multiplication to using
2-factor allocator helpers.
Signed-off-by: Kees Cook
---
drivers/staging/gasket/gasket_core.c | 6 +++---
drivers/staging/gasket/gasket_interrupt.c | 15 +--
drivers/staging/gasket/gasket_page_table.c
-by: Kees Cook <keesc...@chromium.org>
Reviewed-by: Rasmus Villemoes <li...@rasmusvillemoes.dk>
---
drivers/staging/lustre/lustre/llite/xattr.c | 19 +--
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/drivers/staging/lustre/lustre/llite/xattr.c
b/drivers/st
The kernel would like to remove all VLA usage. This switches to a
simple kasprintf() instead.
Signed-off-by: Kees Cook <keesc...@chromium.org>
---
drivers/staging/lustre/lustre/llite/xattr.c | 19 +--
1 file changed, 13 insertions(+), 6 deletions(-)
diff --git a/drivers/s
ay need changing, there is already a
>> pre-processor constant VCHIQ_MAX_SERVICES
>
> Maybe just use ARRAY_SIZE(local_max_services) and not have the #define?
I think you mean ARRAY_SIZE(service_data) ? In that case, yeah, it
seems like a raw "64" for the array size can b
On Wed, Mar 7, 2018 at 5:10 AM, Rasmus Villemoes
<rasmus.villem...@prevas.dk> wrote:
> On 2018-03-07 06:46, Kees Cook wrote:
>> The kernel would like to remove all VLA usage. This switches to a
>> simple kasprintf() instead.
>>
>> Signed-off-by: Kees Cook <keesc
Kletnieks
Reviewed-by: Kees Cook
(And this seems to be the only case of this -- I don't see this code
trivially copy/pasted in other 80211 stacks.)
-Kees
> ---
> diff --git a/drivers/staging/rtl8192u/ieee80211/ieee80211_module.c
> b/drivers/staging/rtl8192u/ieee80211/ieee80211
struct ieee80211_device *ieee = NULL;
struct net_device *dev;
int i, err;
@@ -180,6 +180,7 @@ struct net_device *alloc_ieee80211(int sizeof_priv)
return dev;
failed:
+ ieee80211_networks_free(ieee);
if (dev)
free_netdev(dev);
Valdis, can you respin the patch?
-Kees
--
Kees Cook
Pixel Security
___
devel mailing list
de...@linuxdriverproject.org
http://driverdev.linuxdriverproject.org/mailman/listinfo/driverdev-devel
1 - 100 of 150 matches
Mail list logo