again boot the Lichee Pi 4A with
>FORTIFY_SOURCE enabled.
>
Thanks for the report! Are you able to catch what the error log shows? There
must be some 0-sized array that snuck by.
Can you share your .config and compiler version?
-Kees
--
Kees Cook
ble = v;
printf("%zu\n", __builtin_dynamic_object_size(p->growable->array, 1));
return 0;
}
GCC shows 64 64, but Clang shows 64 0.
--
Kees Cook
spinlock_t
Documentation/admin-guide/ramoops.rst | 2 +-
fs/pstore/platform.c | 8
include/linux/pstore.h| 2 +-
3 files changed, 6 insertions(+), 6 deletions(-)
--
Kees Cook
On Thu, Aug 29, 2024 at 10:03:56AM -0700, Suren Baghdasaryan wrote:
> On Fri, Aug 9, 2024 at 12:33 AM Kees Cook wrote:
> >
> > Use separate per-call-site kmem_cache or kmem_buckets. These are
> > allocated on demand to avoid wasting memory for unused caches.
> >
On Thu, Aug 29, 2024 at 09:00:37AM -0700, Suren Baghdasaryan wrote:
> On Fri, Aug 9, 2024 at 12:33 AM Kees Cook wrote:
> [...]
> > -#define kmem_cache_alloc(...)
> > alloc_hooks(kmem_cache_alloc_noprof(__VA_ARGS__))
> > +#define kmem_cache_alloc(...)
On Thu, Aug 29, 2024 at 08:39:29AM -0700, Suren Baghdasaryan wrote:
> On Fri, Aug 9, 2024 at 12:33 AM Kees Cook wrote:
> >
> > In order to process builtin alloc_tags much earlier during boot (before
> > register_codetag() is processed), provide codetag_early_walk() that
&
On Thu, Aug 29, 2024 at 08:02:13AM -0700, Suren Baghdasaryan wrote:
> On Fri, Aug 9, 2024 at 12:33 AM Kees Cook wrote:
> >
> > The module_load callback should still run for builtin codetags that
> > define it, even in a non-modular kernel. (i.e. for the cmod->mod == NULL
&
a max 7 byte savings, I'm concerned we can get bit much worse in
the above situation. It *should* be unlikely, but I've especially seen a
lot of manually calculated games especially for structs that have
effectively multiple trailing flexible arrays (wifi likes to do this,
for example).
So while I don't have very concrete evidence, my sensation is that we're
in a more defensive position leaving it over-estimated.
--
Kees Cook
0211_wext_siwscan()").
>
> Fixes: 807f8a8c3004 ("cfg80211/nl80211: add support for scheduled scans")
> Fixes: 5ba63533bbf6 ("cfg80211: fix alignment problem in scan request")
> Signed-off-by: Dmitry Antipov
Thanks for finding these!
Reviewed-by: Kees Cook
--
Kees Cook
ositives, related to unexpected
behaviors in GCC's value range tracking, though that has mostly been an
issue for getting -Warray-bounds to build cleanly.
As for fixing them, I think one will need to just look at each instance
one at a time to figure out the best solution.
-Kees
--
Kees Cook
: 5ba63533bbf6 ("cfg80211: fix alignment problem in scan request")
> Signed-off-by: Dmitry Antipov
This looks correct -- the offset is based on the allocation base, not
the array within the struct, so no array-out-of-bounds warning will
happen.
Reviewed-by: Kees Cook
--
Kees Cook
/git.kernel.org/kees/c/c2708ba91c3c
[2/2] lib/string_choices: Add some comments to make more clear for string
choices helpers.
https://git.kernel.org/kees/c/c121d5cc3a99
Take care,
--
Kees Cook
plied this to my
tree (where other similar changes are appearing). This should reduce
conflicts here...
Applied to for-next/hardening, thanks!
[1/3] lib/string_choices: Add str_true_false()/str_false_true() helper
https://git.kernel.org/kees/c/6ff4cd1160af
Take care,
--
Kees Cook
* 2a: 80 3c 08 00 cmpb $0x0,(%rax,%rcx,1) <-- trapping instruction
> 2e: 74 08 je 0x38
> 30: 48 89 ef mov%rbp,%rdi
> 33: e8 c8 63 62 00 call 0x626400
> 38: 4c 8b 5d 00 mov0x0(%rbp),%r11
> 3c: 48 8b 3c 24 mov(%rsp),%rdi
What's the movabs? I don't have anything like that in my vmlinux binary
output. Is this KASAN perhaps?
Regardless, I don't see how prog could be NULL. :( It shouldn't be
possible without some kind of major refcounting bug.
-Kees
--
Kees Cook
On Tue, Aug 27, 2024 at 11:32:14PM +0200, Vlastimil Babka wrote:
> +Cc Linus
>
> On 8/23/24 01:13, Kees Cook wrote:
> > Introduce type-aware kmalloc-family helpers to replace the common
> > idioms for single, array, and flexible object allocations:
> >
> >
spinlock_t with raw_spinlock_t to avoid sleeping in atomic
> context.
>
>
> [...]
Applied to for-next/pstore, thanks!
[1/1] pstore: replace spinlock_t by raw_spinlock_t
https://git.kernel.org/kees/c/1bf8012fc699
Take care,
--
Kees Cook
eep.
Reading Documentation/locking/locktypes.rst seems to suggest pstore does
want the raw version. I'm surprised there aren't many more cases where
this is a problem. :P
--
Kees Cook
the "hostif_msg" header.
> > The perfect solution would be for the "report" structure to use the
> > whole "hostif_msg" structure but this is not possible due to nested
> > flexible arrays. Anyway, the end result is equivalent since this
> > patch
> > does attemp to change the behaviour of the code.
> >
> > Now as well, we have more clarity after the cast from the raw bytes
> > to
> > the new structures.
> >
> > > >
> > > > Also, use "container_of()" whenever we need to retrieve a pointer
> > > > to
> > > > the flexible structure, through which we can access the flexible
> > > > array
> > > > if needed.
> >
> > I would like to know if it is enough :)
>
> The apporoach is fine. But I don't like clubbing other changes like
> struct_size(). That make code difficult to follow.
Erick, can you respin this patch without the struct_size() change? I
think it looks like it could land otherwise.
-Kees
>
> Thanks,
> Srinivas
>
>
>
> >
> > Regards,
> > Erick
> > >
> > > Thanks,
> > > Srinivas
>
--
Kees Cook
On Thu, Jul 25, 2024 at 11:22:40AM +0100, Lee Jones wrote:
> On Tue, 16 Jul 2024, Gustavo A. R. Silva wrote:
>
> >
> >
> > On 16/07/24 15:24, Kees Cook wrote:
> > > With the new __counted_by annotation, the "num_leds" variable needs to
> &g
On Thu, Jul 11, 2024 at 02:01:53PM -0700, Dave Hansen wrote:
> On 7/8/24 13:22, Kees Cook wrote:
> ...
> > diff --git a/arch/x86/include/asm/syscall.h b/arch/x86/include/asm/syscall.h
> > index 2fc7bc3863ff..7c488ff0c764 100644
> > --- a/arch/x86/include/asm/syscall.h
&g
On Mon, 05 Aug 2024 14:43:44 -0700, Kees Cook wrote:
> GCC already checks for arguments that are marked with the "nonstring"[1]
> attribute when used on standard C String API functions (e.g. strcpy). Gain
> this compile-time checking also for the kernel's primary string cop
On Tue, Aug 06, 2024 at 12:29:30PM +0200, Przemek Kitszel wrote:
> On 8/5/24 23:43, Kees Cook wrote:
> > GCC already checks for arguments that are marked with the "nonstring"[1]
> > attribute when used on standard C String API functions (e.g. strcpy). Gain
> > this
On Wed, 10 Jul 2024 16:09:11 -0700, Kees Cook wrote:
> This replaces the 1-element "fake" flexible array in struct
> hfi_session_release_buffer_pkt with a modern flexible array and adds
> the __counted_by annotation that was identified during the analysis.
>
On Wed, 10 Jul 2024 16:15:55 -0700, Kees Cook wrote:
> Replace the deprecated[1] use of a 1-element array in
> struct vmmdev_hgcm_pagelist with a modern flexible array. As this is
> UAPI, we cannot trivially change the size of the struct, so use a union
> to retain the old first el
(saving roughly 1,500 lines):
7040 files changed, 14128 insertions(+), 15557 deletions(-)
Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=116016 [1]
Link: https://github.com/llvm/llvm-project/issues/99774 [2]
Link:
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/kmalloc_o
On Sat, Aug 17, 2024 at 09:30:58AM +0800, Xiu Jianfeng wrote:
> Hi Kees,
>
> On 2024/8/9 15:33, Kees Cook wrote:
> > Use separate per-call-site kmem_cache or kmem_buckets. These are
> > allocated on demand to avoid wasting memory for unused caches.
> >
> > A few
rr, 1);
> +
> + add->seg = pci_domain_nr(pci_dev->bus);
> + add->bus = pci_dev->bus->number;
> + add->devfn = pci_dev->devfn;
>
> #ifdef CONFIG_ACPI
> acpi_handle handle;
Looks correct to me!
Reviewed-by: Kees Cook
--
Kees Cook
eah, the future annotations will be variable attributes, so it should
be much nicer to apply.
--
Kees Cook
iffering behavior from the compiler that
Justin is still working on (the "wraps" attribute alluded to above[3]).
-Kees
[1]
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=dev/v6.8-rc2/signed-overflow-sanitizer
[2]
https://lore.kernel.org/linux-hardening/20240424191225.work.780-k...@kernel.org/
[3] https://github.com/llvm/llvm-project/pull/86618
--
Kees Cook
g and changed pr_warn()
to pr_warn_ratelimited(), but otherwise, looked good.
Applied to for-next/execve, thanks!
[1/1] binfmt_elf: mseal address zero
https://git.kernel.org/kees/c/44f65d900698
Take care,
--
Kees Cook
adability and lack of
wrapping pre-decrement.
Applied to for-next/hardening, thanks!
[1/1] lib/string_helpers: rework overflow-dependent code
https://git.kernel.org/kees/c/5d6b91b74ccd
Take care,
--
Kees Cook
As done with str_up_down(), add checks for str_down_up() opportunities.
5 cases currently exist in the tree.
Suggested-by: Andy Shevchenko
Signed-off-by: Kees Cook
---
Cc: Andy Shevchenko
Cc: Michal Wajdeczko
Cc: Julia Lawall
Cc: Nicolas Palix
Cc: linux-hardening@vger.kernel.org
Cc: co
The string choice functions which are not clearly true/false synonyms
also have inverted wrappers. Add this for str_down_up() as well.
Suggested-by: Andy Shevchenko
Signed-off-by: Kees Cook
---
Cc: Andy Shevchenko
Cc: Michal Wajdeczko
Cc: linux-hardening@vger.kernel.org
---
include/linux
On Fri, Aug 09, 2024 at 10:59:52AM +0200, Vlastimil Babka wrote:
> On 8/8/24 01:54, Kees Cook wrote:
> > Introduce type-aware kmalloc-family helpers to replace the common
> > idioms for single, array, and flexible object allocations:
> >
> > ptr = kmalloc(size
kmem_buckets on demand to
further reduce memory usage overhead.
Signed-off-by: Kees Cook
---
Cc: Suren Baghdasaryan
Cc: Kent Overstreet
Cc: Vlastimil Babka
Cc: Christoph Lameter
Cc: Pekka Enberg
Cc: David Rientjes
Cc: Joonsoo Kim
Cc: Andrew Morton
Cc: Roman Gushchin
Cc: Hyeonggon Yoo <42.
For slab allocations, record whether the call site is using a fixed
size (i.e. compile time constant) or a dynamic size. Report the results
in /proc/allocinfo.
Improvements needed:
- examine realloc routines for needed coverage
Signed-off-by: Kees Cook
---
Cc: Suren Baghdasaryan
Cc: Kent
Modular use of kmem_buckets_create() means that kmem_buckets will need
to be removed as well. Introduce kmem_buckets_destroy(), matching
kmem_cache_destroy().
Signed-off-by: Kees Cook
---
Cc: Vlastimil Babka
Cc: Christoph Lameter
Cc: Pekka Enberg
Cc: David Rientjes
Cc: Joonsoo Kim
Cc
: Kees Cook
---
Cc: Suren Baghdasaryan
Cc: Kent Overstreet
Cc: Vlastimil Babka
Cc: Christoph Lameter
Cc: Pekka Enberg
Cc: David Rientjes
Cc: Joonsoo Kim
Cc: Andrew Morton
Cc: Roman Gushchin
Cc: Hyeonggon Yoo <42.hye...@gmail.com>
Cc: linux...@kvack.org
---
include/linux/codetag.
tinue with
it. I've noted in the later patches what additional improvements I'd
like to make. The first 3 patches are relatively small infrastructure
changes.
Thanks!
-Kees
Kees Cook (5):
slab: Introduce kmem_buckets_destroy()
codetag: Run module_load hooks for builtin codetags
The module_load callback should still run for builtin codetags that
define it, even in a non-modular kernel. (i.e. for the cmod->mod == NULL
case).
Signed-off-by: Kees Cook
---
Cc: Suren Baghdasaryan
Cc: Kent Overstreet
Cc: Vlastimil Babka
Cc: Christoph Lameter
Cc: Pekka Enberg
Cc: Da
is, and I had asked him to
send this one now since I think it additionally helps with readability.
--
Kees Cook
member is not at the end of another structure
> [-Wflex-array-member-not-at-end]
>
> Signed-off-by: Gustavo A. R. Silva
Looks correct to me. As a separate change, I wonder if the strcpy()
should be replaced with strscpy_pad(), but I think it's all okay as-is,
since channel->name seems to be set from another fixed-size array that
is the same size.
Reviewed-by: Kees Cook
--
Kees Cook
p_down(bool v)
> > +{
> > + return v ? "up" : "down";
> > +}
>
> Can you please add a respective macro for str_down_up() as it's done for
> (some)
> others?
e.g.
#define str_down_up(v) str_up_down(!(v))
--
Kees Cook
-assign-size.cocci
[3]
Signed-off-by: Kees Cook
---
Cc: Vlastimil Babka
Cc: Christoph Lameter
Cc: Pekka Enberg
Cc: David Rientjes
Cc: Joonsoo Kim
Cc: Andrew Morton
Cc: Roman Gushchin
Cc: Hyeonggon Yoo <42.hye...@gmail.com>
Cc: Gustavo A. R. Silva
Cc: Bill Wendling
Cc: Justin St
nitialized
if space is reserved for it.
Fixes: 04d82a6d0881 ("binfmt_flat: allow not offsetting data start")
Co-developed-by: Stefan O'Rear
Signed-off-by: Stefan O'Rear
Signed-off-by: Kees Cook
---
v2: update based on v1 feedback
v1:
https://lore.kernel.org/linux-m
dbb1ae9
[2/2] coccinelle: Add rules to find str_up_down() replacements
https://git.kernel.org/kees/c/d518b5f7f2d5
Take care,
--
Kees Cook
= BUG_TRAP_TYPE_WARN) {
> + regs->ip += LEN_UD2;
> + handled = true;
> + }
> + } else {
> + handle_ubsan_failure(regs, imm);
> }
> if (regs->flags & X86_EFLAGS_IF)
> raw_local_irq_disable();
> diff --git a/arch/x86/kernel/ubsan.c b/arch/x86/kernel/ubsan.c
> new file mode 100644
> index ..63f819928820
> --- /dev/null
> +++ b/arch/x86/kernel/ubsan.c
> @@ -0,0 +1,19 @@
> +// SPDX-License-Identifier: GPL-2.0
> +/*
> + * Clang Undefined Behavior Sanitizer trap mode support.
> + */
> +#include
> +#include
> +#include
> +#include
> +#include
> +#include
> +
> +/*
> + * Checks for the information embedded in the UD1 trap instruction
> + * for the UB Sanitizer in order to pass along debugging output.
> + */
> +void handle_ubsan_failure(struct pt_regs *regs, u32 type)
> +{
> + pr_crit("%s at %pS\n", report_ubsan_failure(regs, type), (void
> *)regs->ip);
> +}
> --
> 2.25.1
>
--
Kees Cook
28dc04bc4e3
[3/3] fortify: use if_changed_dep to record header dependency in *.cmd files
https://git.kernel.org/kees/c/634a52a98f04
Take care,
--
Kees Cook
"nonstring" nor __builtin_has_attribute().
Link:
https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html#index-nonstring-variable-attribute
[1]
Signed-off-by: Kees Cook
---
Cc: Andy Shevchenko
Cc: Justin Stitt
Cc: Luc Van Oostenryck
Cc: Nick Desaulniers
Cc: Miguel Ojeda
Cc
altlen);
> };
AFAICT, all the allocations of struct chachapoly_ctx set "saltlen" before
using "salt".
Reviewed-by: Kees Cook
>
> struct poly_req {
> @@ -611,8 +611,8 @@ static int chachapoly_create(struct crypto_template
> *tmpl, struct rtattr **tb,
>
xattr.h
> @@ -130,8 +130,8 @@ struct ext4_xattr_ibody_find {
> };
>
> struct ext4_xattr_inode_array {
> - unsigned int count; /* # of used items in the array */
> - struct inode *inodes[];
> + unsigned int count;
> + struct inode *inodes[] __counted_by(count);
> };
>
> extern const struct xattr_handler ext4_xattr_user_handler;
Thanks for the reworking!
--
Kees Cook
16042
Without text randomization, under randomize_va_space=2, the brk
offset (and address) are randomized. And under randomize_va_space=1,
the brk offset (and the resulting address) are NOT randomized.
Perhaps the docs for randomize_va_space need some clarification... :)
-Kees
--
Kees Cook
e region from RW to RX, so W^X is maintained spatially but
not temporally.)
So without execute-only memory, some deployments prefer to not weaken
the CFI implementation to allow for hash checking bypasses. Once X-O
exists, FineIBT is a slam-dunk over KCFI. :)
-Kees
--
Kees Cook
io_bind()
usb_assign_descriptors()
usb_copy_descriptors()
Is this thing in a loop?
--
Kees Cook
ent
https://git.kernel.org/kees/c/f3e65520c0b7
Take care,
--
Kees Cook
strscpy_pad appropriate if the @src parameter itself is a fixed
>length char[16] which isn't null terminated when the label itself is 16
>chars long?
Nope; it needed memtostr_pad(). I sent the fix back at the end of May, but it
only just recently landed:
https://git.kernel.org/pub/scm/l
Move the exec KUnit tests into a separate directory to avoid polluting
the local directory namespace. Additionally update MAINTAINERS for the
new files and mark myself as Maintainer.
Reviewed-by: David Gow
Reviewed-by: SeongJae Park
Signed-off-by: Kees Cook
---
v1: https://lore.kernel.org
On Fri, Jul 19, 2024 at 08:50:41PM -0700, David Rientjes wrote:
> On Fri, 19 Jul 2024, Kees Cook wrote:
>
> > diff --git a/include/linux/slab.h b/include/linux/slab.h
> > index 7247e217e21b..3817554f2d51 100644
> > --- a/include/linux/slab.h
> > +++ b/include/linu
On Sat, Jul 20, 2024 at 10:52:06AM +0800, Jinjie Ruan wrote:
>
>
> On 2024/7/20 0:01, Kees Cook wrote:
> > On Fri, Jul 19, 2024 at 11:14:27AM +0800, Jinjie Ruan wrote:
> >> Add support of kernel stack offset randomization while handling syscall,
> >> t
assign-size.cocci
[1]
Signed-off-by: Kees Cook
---
Cc: Vlastimil Babka
Cc: Christoph Lameter
Cc: Pekka Enberg
Cc: David Rientjes
Cc: Joonsoo Kim
Cc: Andrew Morton
Cc: Roman Gushchin
Cc: Hyeonggon Yoo <42.hye...@gmail.com>
Cc: Gustavo A. R. Silva
Cc: Bill Wendling
Cc: Justin Stitt
Cc: Jan
ow that this commit
has landed:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=872bb37f6829d4f7f3ed5afe2786add3d4384b4b
>
> Signed-off-by: Jinjie Ruan
> Suggested-by: Huacai Chen
Thanks for adding this and getting it tested!
Reviewed-by: Kees Cook
--
Kees Cook
On Wed, Jul 17, 2024 at 11:16:56AM -0700, Linus Torvalds wrote:
> On Wed, 17 Jul 2024 at 10:23, Kees Cook wrote:
> >
> > For this to be available for general distros, I still want to have a
> > bootparam to control this, otherwise this mitigation will never see much
>
_overflow-memset.log.d: No such file or directory
> > ..
>
>
>
> This issue seems to occur with GCC <=7
>
>
> $ echo 'void b(void) __attribute__((__error__(""))); void a(void) {
> b(); }' | gcc -Wp,-MMD,test.d -c -o /dev/null -x c -
>
>
> did not create *.d with GCC <= 7.
>
> I do not see the issue with GCC >= 8 or Clang.
Any idea why this happens here and not for other sources in the tree?
> One quick solution is to skip the test for GCC <= 7.
I'd be fine with that -- it is designed to catch regressions/misbehaviours
in newly release compilers so I don't mind dropping checks against older
versions.
--
Kees Cook
rnel developers aren't
> going to know what it is. Could this option be named and documented in a way
> that would be more understandable to people who aren't kernel developers?
> What
> is the effect on how /proc/pid/mem behaves?
"Do not bypass RO memory permissions via /proc/$pid/mem writes" ?
--
Kees Cook
Move the exec KUnit tests into a separate directory to avoid polluting
the local directory namespace. Additionally update MAINTAINERS for the
new files and mark myself as Maintainer.
Signed-off-by: Kees Cook
---
I'll toss this into -next and send it to Linus before -rc1 closes.
---
Cc: Alex
n will never see much
testing as most kernel deployments don't build their own kernels. A
simple __ro_after_init variable can be used.
In the future if folks want a more flexible version, we could make this
a one-way per-process flag, like no_new_privs.
--
Kees Cook
78611c11 ("dmaengine: ti: omap-dma: Annotate struct omap_desc with
__counted_by")
Signed-off-by: Kees Cook
---
Cc: Peter Ujfalusi
Cc: Vinod Koul
Cc: dmaeng...@vger.kernel.org
---
drivers/dma/ti/omap-dma.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/dr
m_nodes" after allocation.
Fixes: dd4904f3b924 ("interconnect: qcom: Annotate struct icc_onecell_data with
__counted_by")
Signed-off-by: Kees Cook
---
Cc: Georgi Djakov
Cc: linux...@vger.kernel.org
---
drivers/interconnect/icc-clk.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-
nsidered valid during the initialization for loop.
Fix this by setting lli_size immediately after allocation (similar to
how this is handled in stm32_mdma_alloc_desc() for the node/count
relationship).
Fixes: f561ec8b2b33 ("dmaengine: Add STM32 DMA3 support")
Signed-off-by: Kees Co
ered valid (num_leds would need to be "1" to access
index "0").
Fix this by setting the allocation size after allocation, and then update
the final count based on how many were actually added to the array.
Fixes: 52cd75108a42 ("leds: gpio: Annotate struct gpio_leds_priv with
__
t;
> This is very similar to 92ecbb3ac6f3 ("wifi: mac80211: fix UBSAN noise
> in ieee80211_prep_hw_scan()"), so just fix it in the same way by setting
> 'request->n_channels' early to help '__counted_by()' work as expected.
> And the same 'kmalloc()' math adj
ecurity sensitive and
which isn't, and since WARNs may panic, all WARNs could be a DoS, and
therefore may be a CVE for some deployment somewhere.
--
Kees Cook
g the best direction in the general case.
> In this case I would just make all of pt_regs a union with one giant
> array (much like some archs already have IIRC).
Yup, that works too. (Though pt_regs is relatively unique in this "the
whole thing is expected to be an array" characteristic.)
-Kees
--
Kees Cook
deletion(-)
--
Kees Cook
us rejected all prior
knobs for this and panic_on_warn (or better yet, kernel.warn_limit
syscall) is used for this purpose.
Userspace actions must never be able to reach a WARN or BUG state:
https://docs.kernel.org/process/deprecated.html#bug-and-bug-on
--
Kees Cook
apply this series...)
-Kees
--
Kees Cook
KASAN_SANITIZE=y explicitly to the fortify tests.
>
>Fixes: 9c2d1328f88a ("kbuild: provide reasonable defaults for tool coverage")
>Reported-by: Arnd Bergmann
>Closes:
>https://lore.kernel.org/all/0e8dee26-41cc-41ae-9493-10cd1a8e3...@app.fastmail.com/
>Signed-off-b
b.com/KSPP/linux/issues/90 [1]
Signed-off-by: Kees Cook
---
v2: add tcp_get_default_congestion_control() conversion
v1: https://lore.kernel.org/lkml/20240711171652.work.887-k...@kernel.org/
Cc: Eric Dumazet
Cc: "David S. Miller"
Cc: David Ahern
Cc: Jakub Kicinski
Cc: Paolo Abeni
On Thu, Jul 11, 2024 at 10:38:01AM -0700, Eric Dumazet wrote:
> On Thu, Jul 11, 2024 at 10:16 AM Kees Cook wrote:
> >
> > Replace the deprecated[1] use of strncpy() in tcp_ca_get_name_by_key().
> > The only caller passes the results to nla_put_string(), so trailing
>
On Fri, Jul 12, 2024 at 11:00:08AM +0200, Peter Zijlstra wrote:
> On Thu, Jul 11, 2024 at 04:10:43PM -0700, Kees Cook wrote:
>
> > The long answer is long, and comes in two halves: the language half and
> > the fortify half.
> >
> > First, the C standard requi
uses it (some network driver protocol
layout shenanigans, bcachefs, etc). Virtually all kernel objects that
are a destination for memcpy() should be able to be represented in a
simple and unambiguous way. (And we've successfully done so, with some
fun tangents along the way, like needing to have compilers implement
-fstrict-flex-arrays=3, but that is a whole other topic.)
-Kees
--
Kees Cook
e of the binary
differences" debugging patch can be found here[1].
Thanks!
-Kees
[1]
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=dev/v6.10-rc2/1-element&id=45e6226bcbc5e982541754eca7ac29f403e82f5e
Kees Cook (2):
scsi: aacraid: Rearrange order of struct aac_
esn't care. (Regardless, it is unchanged by this patch.)
Link: https://github.com/KSPP/linux/issues/79 [1]
Link:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=dev/v6.10-rc2/1-element&id=45e6226bcbc5e982541754eca7ac29f403e82f5e
[2]
Signed-off-by: Kees Cook
---
C
rs _never check_ srbu contents -- neither
srbu.srb nor srbu.srb_reply is examined. (They depend on the mapped
xfer_buf instead.)
Therefore, the ordering of members in struct aac_srb_unit does not matter,
and the flexible array member can moved to the end.
(Additionally, the two memcpy()s that update
Replace the deprecated[1] use of a 1-element arrays in
struct ipr_hostrcb_fabric_desc and struct ipr_hostrcb64_fabric_desc
with modern flexible arrays.
No binary differences are present after this conversion.
Link: https://github.com/KSPP/linux/issues/79 [1]
Signed-off-by: Kees Cook
---
Cc
Replace the deprecated[1] use of a 1-element array in
struct aac_ciss_phys_luns_resp with a modern flexible array.
No binary differences are present after this conversion.
Link: https://github.com/KSPP/linux/issues/79 [1]
Signed-off-by: Kees Cook
---
Cc: Adaptec OEM Raid Solutions
Cc: "
dr_high = cpu_to_le32(
upper_32_bits(addr));
No binary differences are present after this conversion.
Link: https://github.com/KSPP/linux/issues/79 [1]
Signed-off-by: Kees Cook
---
Cc: Adaptec OEM Raid Solutions
Cc: "James E.J. Bottomley"
No binary differences are present after this conversion.
Link: https://github.com/KSPP/linux/issues/79 [1]
Signed-off-by: Kees Cook
---
Cc: Sathya Prakash
Cc: Sreekanth Reddy
Cc: Suganath Prabu Subramani
Cc: "Gustavo A. R. Silva"
Cc: mpt-fusionlinux@broadcom.com
Cc: linux-s...@vg
*/
mptsas.c:ii = IOCPage4Ptr->ActiveSEP++;
mptsas.c:IOCPage4Ptr->SEP[ii].SEPTargetID = id;
mptsas.c:IOCPage4Ptr->SEP[ii].SEPBus = channel;
No binary differences are present after this conversion.
Link: https://github.com/KSPP/linux/issues/79 [1]
Signed-off-by:
id)
mptspi.c: for (i=0; i < ioc->raid_data.pIocPg2->NumActiveVolumes; i++) {
mptspi.c: if (ioc->raid_data.pIocPg2->RaidVolume[i].VolumeID ==
id) {
No binary differences are present after this conversion.
Link: https://github.com/KSPP/linux/issues/79 [1]
Signed-off
fter this conversion.
Link: https://github.com/KSPP/linux/issues/79 [1]
Signed-off-by: Kees Cook
---
Cc: Sathya Prakash
Cc: Sreekanth Reddy
Cc: Suganath Prabu Subramani
Cc: "Gustavo A. R. Silva"
Cc: mpt-fusionlinux@broadcom.com
Cc: linux-s...@vger.kernel.org
Cc: linux-hardening@vge
phys_disk->Path[i].PhysDiskBus =
buffer->Path[i].PhysDiskBus;
No binary differences are present after this conversion.
Link: https://github.com/KSPP/linux/issues/79 [1]
Signed-off-by: Kees Cook
---
Cc: Sathya Prakash
Cc: Sreekanth Reddy
Cc: Suganath Prabu Subramani
Cc: "
hysDiskNum, &phys_disk) != 0)
mptsas.c: for (i = 0; i < buffer->NumPhysDisks; i++) {
mptsas.c: buffer->PhysDisk[i].PhysDiskNum, &phys_disk) != 0)
No binary differences are present after this conversion.
Link: https://github.com/KSPP/linux/issues/79 [1]
Signed-of
Hi,
Replace all remaining uses of deprecated 1-element "fake" flexible arrays
with modern C99 flexible arrays. Add __counted_by annotations at the
same time.
Thanks!
-Kees
Kees Cook (6):
scsi: message: fusion: struct _RAID_VOL0_SETTINGS: Replace 1-element
array with flexible ar
he same length,
so strscpy() won't fail (when ca->name is NUL-terminated). Include the
length explicitly instead of using the 2-argument strscpy().
Link: https://github.com/KSPP/linux/issues/90 [1]
Signed-off-by: Kees Cook
---
Cc: Eric Dumazet
Cc: "David S. Miller"
Cc: David
Replace the deprecated[1] use of strncpy() in bacct_add_tsk(). Since this
is UAPI, include trailing padding in the copy.
Link: https://github.com/KSPP/linux/issues/90 [1]
Signed-off-by: Kees Cook
---
Cc: Andrew Morton
Cc: "Eric W. Biederman"
Cc: Peng Liu
Cc: "Dr. Thomas Org
0x0f
> >
> > This is *NOT* a prefix, it is an escape, please see the SDM Vol 2
> > Chapter 'Instruction Format'. That ASOP thing above is a prefix.
> >
> > > +#define OPCODE_UD1 0xb9
> > > +#define OPCODE_UD2 0x0b
> >
> > These are second byte opcodes. The actual (single byte opcodes) of those
> > value exist and are something entirely different (0xB0+r is MOV, and
> > 0x0B is OR).
What would be your preferred names for all of these defines?
--
Kees Cook
On Thu, Jul 11, 2024 at 04:29:28PM +0200, David Sterba wrote:
> On Wed, Jul 10, 2024 at 03:57:34PM -0700, Kees Cook wrote:
> > Replace the deprecated[1] use of a 1-element array in
> > struct slink_front with a modern flexible array.
> >
> > No binary differences are pr
tps://github.com/KSPP/linux/issues/79 [1]
Signed-off-by: Kees Cook
---
Cc: Kashyap Desai
Cc: Sumit Saxena
Cc: Shivasharan S
Cc: Chandrakanth patil
Cc: "James E.J. Bottomley"
Cc: "Martin K. Petersen"
Cc: megaraidlinux@broadcom.com
Cc: linux-s...@vger.kernel.org
---
Replace the deprecated[1] use of a 1-element array in
struct MR_LD_VF_MAP with a modern flexible array.
No binary differences are present after this conversion.
Link: https://github.com/KSPP/linux/issues/79 [1]
Signed-off-by: Kees Cook
---
Cc: Kashyap Desai
Cc: Sumit Saxena
Cc: Shivasharan S
1 - 100 of 1377 matches
Mail list logo