7;s unreasonable. Clang's current
CFI works for many other projects, it's supported, it's what Android
has been using on its kernels 3 years now. The twist, obviously, is that
other projects don't use asm the way the kernel does, so that's where
things get weird, and where we've already been getting help from LLVM
folks to improve the situation.
If the solution is a new Clang builtin, okay, but I'd just like to
understand why that's justified compared to the existing solution
(especially since the resulting machine code is likely to be nearly
identical in the current uses).
-Kees
--
Kees Cook
erned, entry_whatever isn't a function at
> all. What jump table entry?
Whoops, sorry, I misread the [] as (). I thought you were just showing
an arbitrary function declaration, but I see what you mean now.
I am digesting the rest of your email now... :)
--
Kees Cook
i()).
So, instead of a cast, a wrapper is used to bypass instrumentation in
the very few cases its needed.
(Note that such a wrapper is no-op without CFI enabled.)
--
Kees Cook
er symbol vs address stuff is discussed here:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=for-next/cfi&id=ff301ceb5299551c3650d0e07ba879b766da4cc0
But note that this shouldn't turn into a discussion of "maybe Clang could
do CFI differently"; this is what Clang has.
https://clang.llvm.org/docs/ControlFlowIntegrity.html
--
Kees Cook
ump to a physical address
c4a384170f17 arm64: use function_nocfi with __pa_symbol
5198a15901d2 psci: use function_nocfi for cpu_resume
8e284f3ebed2 bpf: disable CFI in dispatcher functions
--
Kees Cook
m/KSPP/linux/issues/109
> Reported-by: kernel test robot
> Signed-off-by: Gustavo A. R. Silva
Yup!
Reviewed-by: Kees Cook
--
Kees Cook
mp;sig.beacon_period and &this->bss_set[i].beacon_period, because the
> address of the new struct object _req_ is used as the destination,
> instead.
>
> This helps with the ongoing efforts to globally enable -Warray-bounds
> and get us closer to being able to tighten the FORTIFY_SOURCE routines
> on memcpy().
>
> Link: https://github.com/KSPP/linux/issues/109
> Reported-by: kernel test robot
> Signed-off-by: Gustavo A. R. Silva
Awesome! Thank you for this solution.
Reviewed-by: Kees Cook
--
Kees Cook
.
> Mostly when dealing with analogue samples.
>
> I guess the problematic code is stuff that checks:
> if (foo->size + constant > limit) goto error;
> instead of:
> if (foo->size > limit - constant) goto error;
Right. This and alloc(size * count) are the primary offenders. :)
--
Kees Cook
" will saturate" or to say "all math must
declare its overflow expectation".
-Kees
[1] https://github.com/KSPP/linux/issues/26
[2] https://github.com/KSPP/linux/issues/27
--
Kees Cook
this would be:
static int check_present(unsigned long addr, unsigned long len)
unsigned long fail;
fail = verify_page_range(current->mm, addr, len, check_present_pte);
if (fail) {
pr_err("missing PTE:%lx\n", addr);
return -EINVAL;
}
}
(Oh, and I think I messed up the page shifting macro name in the earlier
one...)
--
Kees Cook
On Tue, Apr 13, 2021 at 09:36:32AM +0200, Peter Zijlstra wrote:
> On Mon, Apr 12, 2021 at 01:05:09PM -0700, Kees Cook wrote:
> > On Mon, Apr 12, 2021 at 10:00:16AM +0200, Peter Zijlstra wrote:
> > > +struct vpr_data {
> > > + int (*fn)(pte_t pte, unsigned long addr, void
itch to returning bad addr through verify_page_range(),
or have a by-reference value, etc:
unsigned long failed;
failed = verify_page_range(current->mm< addr, len, check_present_pte);
if (failed) {
pr_err("missing PTE:%lx\n",
(addr - failed) >> PAGE_SHIFT);
--
Kees Cook
This doesn't seem needed: only DRM uses it, and that's for error
reporting. I'd rather plumb back errors in a way to not have to add
another place in the kernel where we do func+arg stored calling.
--
Kees Cook
there is a potential risk even if:
> >
> > > > all the callers use this
> > > > as
> > > >
> > > > die_loudly("foobarfoo\n");
>
> I don't see direct issues, only indirect ones, for example, if by some
> reason the memory of this message appears writable. So, whoever
> controls the format string of printf() controls a lot. That's why it's
> preferable to spell out exact intentions in the explicit format
> string.
Right.
> > > > > > + BUG();
> > > > > > +}
This, though, are you sure you want to use BUG()? Linus gets upset about
such things:
https://www.kernel.org/doc/html/latest/process/deprecated.html#bug-and-bug-on
--
Kees Cook
has suggested with regard to quoting, etc. I look forward to
v2.
-Kees
--
Kees Cook
Borntraeger
> Cc: linux-s...@vger.kernel.org
> Signed-off-by: Greg Kroah-Hartman
Reviewed-by: Kees Cook
--
Kees Cook
> kernel. With that we can remove the ia64-only version of the file.
>
> Cc: linux-i...@vger.kernel.org
> Signed-off-by: Greg Kroah-Hartman
Reviewed-by: Kees Cook
--
Kees Cook
e the m68k-only version of the install script.
>
> Cc: Geert Uytterhoeven
> Cc: linux-m...@lists.linux-m68k.org
> Signed-off-by: Greg Kroah-Hartman
Reviewed-by: Kees Cook
--
Kees Cook
the nios2-only version of the install script.
>
> Cc: Ley Foon Tan
> Signed-off-by: Greg Kroah-Hartman
Reviewed-by: Kees Cook
--
Kees Cook
ernel. With that we can remove the arm-only version of the file.
>
> Cc: Russell King
> Cc: Greg Kroah-Hartman
> Cc: linux-arm-ker...@lists.infradead.org
> Signed-off-by: Greg Kroah-Hartman
Reviewed-by: Kees Cook
--
Kees Cook
: Paul Walmsley
> Cc: Palmer Dabbelt
> Cc: Albert Ou
> Cc: linux-ri...@lists.infradead.org
> Signed-off-by: Greg Kroah-Hartman
Reviewed-by: Kees Cook
--
Kees Cook
the sparc-only version of the install script.
>
> Cc: "David S. Miller"
> Cc: sparcli...@vger.kernel.org
> Signed-off-by: Greg Kroah-Hartman
Reviewed-by: Kees Cook
--
Kees Cook
ernel.org
> Signed-off-by: Greg Kroah-Hartman
Reviewed-by: Kees Cook
--
Kees Cook
low
> arch-specific programs like this to be called in future changes, move
> the logic to an arch-specific test now.
>
> Signed-off-by: Greg Kroah-Hartman
Reviewed-by: Kees Cook
--
Kees Cook
; the future.
>
> Cc: Thomas Gleixner
> Cc: Ingo Molnar
> Cc: Borislav Petkov
> Cc: x...@kernel.org
> Signed-off-by: Greg Kroah-Hartman
Reviewed-by: Kees Cook
--
Kees Cook
.
>
> Cc: Catalin Marinas
> Cc: Will Deacon
> Cc: linux-arm-ker...@lists.infradead.org
> Signed-off-by: Greg Kroah-Hartman
With that fixed:
Reviewed-by: Kees Cook
--
Kees Cook
://www.cs.unh.edu/cnrg/people/gherrin/linux-net.html#tth_sEc11.2.2
[3] https://opensource.com/article/18/5/how-load-or-unload-linux-kernel-module
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/deployment_guide/sec-unloading_a_module
[4] https://git.busybox.net/busybox/tree/modutils/rmmod.c
--
Kees Cook
For LoadPin to be used at all in a classic distro environment, it needs
to allow for switching filesystems (from the initramfs to the "real"
root filesystem). If the "enforce" mode is not set, reset the pinned
filesystem tracking when the pinned filesystem gets unmounted.
Sign
hub.com/samitolvanen/linux.git cfi-v6
This is working quite well for me and it looks like there are
good reviews. I'm going to toss it in linux-next unless anyone has
objections. I'm very excited to start using this. :)
-Kees
--
Kees Cook
see this -- it's a big hammer, but that's the
point for cases where some new flaw appears and we can point to the
toolbox and say "you can mitigate it with this while you wait for new
kernel/CPU."
Any further thoughts from x86 maintainers? This seems like it addressed
all of tglx's review comments.
--
Kees Cook
The following commit has been merged into the x86/entry branch of tip:
Commit-ID: 51cba1ebc60df9c4ce034a9f5441169c0d0956c0
Gitweb:
https://git.kernel.org/tip/51cba1ebc60df9c4ce034a9f5441169c0d0956c0
Author:Kees Cook
AuthorDate:Thu, 01 Apr 2021 16:23:43 -07:00
Committer
The following commit has been merged into the x86/entry branch of tip:
Commit-ID: 39218ff4c625dbf2e68224024fe0acaa60bcd51a
Gitweb:
https://git.kernel.org/tip/39218ff4c625dbf2e68224024fe0acaa60bcd51a
Author:Kees Cook
AuthorDate:Thu, 01 Apr 2021 16:23:44 -07:00
Committer
The following commit has been merged into the x86/entry branch of tip:
Commit-ID: 0d66ccc1627013c95f1e7ef10b95b8451cd7834e
Gitweb:
https://git.kernel.org/tip/0d66ccc1627013c95f1e7ef10b95b8451cd7834e
Author:Kees Cook
AuthorDate:Thu, 01 Apr 2021 16:23:42 -07:00
Committer
The following commit has been merged into the x86/entry branch of tip:
Commit-ID: 70918779aec9bd01d16f4e6e800ffe423d196021
Gitweb:
https://git.kernel.org/tip/70918779aec9bd01d16f4e6e800ffe423d196021
Author:Kees Cook
AuthorDate:Thu, 01 Apr 2021 16:23:46 -07:00
Committer
The following commit has been merged into the x86/entry branch of tip:
Commit-ID: fe950f6020338c8ac668ef823bb692d36b7542a2
Gitweb:
https://git.kernel.org/tip/fe950f6020338c8ac668ef823bb692d36b7542a2
Author:Kees Cook
AuthorDate:Thu, 01 Apr 2021 16:23:45 -07:00
Committer
The following commit has been merged into the x86/entry branch of tip:
Commit-ID: 68ef8735d253f3d840082b78f996bf2d89ee6e5f
Gitweb:
https://git.kernel.org/tip/68ef8735d253f3d840082b78f996bf2d89ee6e5f
Author:Kees Cook
AuthorDate:Thu, 01 Apr 2021 16:23:47 -07:00
Committer
ing this again! I'm looking forward to using it.
Masahiro and Andrew, unless one of you would prefer to take this in your
tree, I figure I can snag it to send to Linus.
Anyone else have feedback?
Thanks!
-Kees
--
Kees Cook
7;
> > > > >> arm-linux-gnueabi-ld: warning: orphan section
> > > > >> `__cpuidle_method_of_table' from `arch/arm/mach-omap2/pm33xx-core.o'
> > > > >> being placed in section `__cpuidle_method_of_table'
> > >
> > > Looks like arch/arm/include/asm/cpuidle.h defines
> > > `CPUIDLE_METHOD_OF_DECLARE` to create a static struct in such a
> > > section. Only arch/arm/mach-omap2/pm33xx-core.c uses that macro.
> >
> > Nick, Kees,
> >
> > Should I resend my patch, or are you taking care of it?
> >
> > https://lore.kernel.org/lkml/20201230155506.1085689-1-a...@kernel.org/T/#u
>
> Your patch looks like it has multiple reviewed-by tags, so it should
> be ready to be submitted/merged? Waiting on anything else?
Yeah, that looks ready to go. Does that go via SoC tree or arm32 tree?
--
Kees Cook
scsi/aacraid/aacraid.h
> +++ b/drivers/scsi/aacraid/aacraid.h
> @@ -1929,7 +1929,7 @@ struct aac_raw_io2 {
> u8 bpComplete; /* reserved for F/W use */
> u8 sgeFirstIndex; /* reserved for F/W use */
> u8 unused[4];
> - struct sge_ieee1212 sge[1];
> + struct sge_ieee1212 sge[];
> };
>
> #define CT_FLUSH_CACHE 129
> --
> 2.27.0
>
Thanks!
Reviewed-by: Kees Cook
--
Kees Cook
.el = {
> .id = IW_MGMT_INFO_ELEMENT_DS_PARAMETER_SET,
> .len = 1,
> @@ -599,7 +599,7 @@ static int wl3501_mgmt_join(struct wl3501_card *this, u16
> stas)
> },
> };
>
> - memcpy(&a
tps://github.com/KSPP/linux/issues/109
> Reported-by: kernel test robot
> Build-tested-by: kernel test robot
> Link: https://lore.kernel.org/lkml/60641d9b.2enledogsdcsoav2%25...@intel.com/
> Signed-off-by: Gustavo A. R. Silva
Thanks, this makes the code much easier for the compiler to validate
at compile time. These cross-field memcpy()s are weird. I like the
solution here.
Reviewed-by: Kees Cook
--
Kees Cook
b folder to use new header.
> Though for time being include new header back to kernel.h to avoid twisted
> indirected includes for existing users.
>
> Signed-off-by: Andy Shevchenko
I like it! Do you have a multi-arch CI to do allmodconfig builds to
double-check this?
Acked-by: Kees Cook
-Kees
--
Kees Cook
Since debugfs_allow is only set at boot time during __init, make it
read-only after being set.
Cc: Peter Enderborg
Fixes: a24c6f7bc923 ("debugfs: Add access restriction option")
Signed-off-by: Kees Cook
---
fs/debugfs/inode.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
di
/kme/
> [5] https://bugzilla.redhat.com/show_bug.cgi?id=154796
>
> [...]
> Cc: Linux API
> Signed-off-by: David Hildenbrand
Yes please! As James Troup pointed out already, this was turned off in
Ubuntu in 2008. I don't remember a single complaint from anyone who
wasn't a rootkit author. ;)
Acked-by: Kees Cook
--
Kees Cook
On Fri, Apr 02, 2021 at 08:30:18PM -0300, Jason Gunthorpe wrote:
> On Fri, Apr 02, 2021 at 04:03:30PM -0700, Kees Cook wrote:
>
> > > relevant. It seems to me that the hw_counters 'struct attribute_group'
> > > should probably be its own kobj within both of these
tatic ssize_t show_pma_counter(struct kobject *kobj, struct attribute *attr,
char *buf)
{
+ struct ib_port *p = container_of(kobj, struct ib_port, kobj);
struct port_table_attribute *tab_attr =
- container_of(attr, struct port_table_attribute, attr);
+ container_of(attr, struct port_table_attribute, attr.attr);
int offset = tab_attr->index & 0x;
int width = (tab_attr->index >> 16) & 0xff;
int ret;
@@ -745,8 +754,8 @@ static struct kobj_type gid_attr_type = {
};
static struct attribute **
-alloc_group_attrs(ssize_t (*show)(struct ib_port *,
- struct port_attribute *, char *buf),
+alloc_group_attrs(ssize_t (*show)(struct kobject *,
+ struct attribute *, char *buf),
int len)
{
struct attribute **tab_attr;
--
Kees Cook
On Fri, Apr 02, 2021 at 08:32:21AM +0200, Christoph Hellwig wrote:
> On Thu, Apr 01, 2021 at 03:13:20PM -0700, Kees Cook wrote:
> > The sysfs interface to seq_file continues to be rather fragile
> > (seq_get_buf() should not be used outside of seq_file), as seen with
> > s
939.GC3633@xsang-OptiPlex-9020/
-Kees
--
Kees Cook
On Fri, Apr 02, 2021 at 08:42:07AM +0200, Sedat Dilek wrote:
> On Thu, Feb 25, 2021 at 10:25 PM Kees Cook wrote:
> >
> > On Thu, 11 Feb 2021 12:42:58 -0700, Nathan Chancellor wrote:
> > > fw_cfg_showrev() is called by an indirect call in kobj_attr_show(),
> > > wh
return true;
> > + if (*s1 == '\n' && !s1[1] && !*s2)
> > + return true;
> > + return false;
> > +}
> > +EXPORT_SYMBOL(sysfs_streqcase);
>
> This should be declared in
> include/linux/string.h
> in order for others to use this (as 0day bot notes).
>
> > +
> > /**
> > * match_string - matches given string in an array
> > * @array: array of strings
> > --
> > 2.25.1
> >
>
>
> --
> Thanks,
> ~Nick Desaulniers
--
Kees Cook
On Thu, Apr 01, 2021 at 10:58:33PM -0400, Josh Hunt wrote:
> Currently only root can write files under /proc/pressure. Relax this to
> allow tasks running as unprivileged users with CAP_SYS_RESOURCE to be
> able to write to these files.
>
> Signed-off-by: Josh Hunt
Reviewe
etova
Signed-off-by: Elena Reshetova
Link: https://lore.kernel.org/r/20190415060918.3766-1-elena.reshet...@intel.com
Reviewed-by: Thomas Gleixner
Link: https://lore.kernel.org/lkml/87im5769op@nanos.tec.linutronix.de/
Signed-off-by: Kees Cook
---
.../admin-guide/kernel-parameters.txt | 11
For validating the stack offset behavior, report the offset from a given
process's first seen stack address. Add script to calculate the results
to the LKDTM kselftests.
Signed-off-by: Kees Cook
---
drivers/misc/lkdtm/bugs.c | 17 +
drivers/misc/lkdtm/c
positorio-aberto.up.pt/bitstream/10216/125357/2/374717.pdf
[3] https://lore.kernel.org/lkml/202003281520.A9BFF461@keescook/
Kees Cook (6):
jump_label: Provide CONFIG-driven build state defaults
init_on_alloc: Optimize static branches
stack: Optionally randomize kernel stack offset each sys
https://reviews.llvm.org/rG4fbf84c1732fca596ad1d6e96015e19760eb8a9b
Signed-off-by: Kees Cook
---
arch/arm64/Kconfig | 1 +
arch/arm64/kernel/Makefile | 5 +
arch/arm64/kernel/syscall.c | 16
3 files changed, 22 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/
https://lore.kernel.org/lkml/20200324220641.gt2...@worktop.programming.kicks-ass.net/
Signed-off-by: Kees Cook
---
include/linux/jump_label.h | 19 +++
1 file changed, 19 insertions(+)
diff --git a/include/linux/jump_label.h b/include/linux/jump_label.h
index d92691262f51..05f5554d860f 100644
g
assembly code.
Reviewed-by: Alexander Potapenko
Link:
https://lore.kernel.org/lkml/CAG_fn=x0dvwqlahjto6jw7tgcmsm77gkhinrd0m_6y0szwo...@mail.gmail.com/
Acked-by: Vlastimil Babka
Link: https://lore.kernel.org/lkml/5d626b9b-5355-be94-e8e2-1be47f880...@suse.cz
Signed-off-by: Kees Cook
---
inc
it needs to happen at the actual entry point).
Reviewed-by: Thomas Gleixner
Link: https://lore.kernel.org/lkml/87lfa369tv@nanos.tec.linutronix.de/
Signed-off-by: Kees Cook
---
arch/x86/Kconfig| 1 +
arch/x86/entry/common.c | 3 +++
arch/x86/include/asm/entry
mode?
> It would have to know that the "m" was substituted exactly once.
> I think there are quite a few examples with 'strange' uses of memory
> asm arguments.
>
> However, in this case, isn't it enough to ensure the address is 'saved'?
> So:
> asm volatile("" : "=r"(ptr) );
> should be enough.
It isn't, it seems.
Here's a comparison:
https://godbolt.org/z/xYGn9GfGY
So, I'll resend with "o", and with raw_cpu_*().
Thanks!
--
Kees Cook
228-1-keesc...@chromium.org/
v1: https://lore.kernel.org/lkml/20210312205558.2947488-1-keesc...@chromium.org/
Thanks!
-Kees
Arnd Bergmann (1):
seq_file: Fix clang warning for NULL pointer arithmetic
Kees Cook (2):
lkdtm/heap: Add vmalloc linear overflow test
sysfs: Unconditionally use vm
this change can also be removed.
[1] https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html
Signed-off-by: Kees Cook
---
fs/sysfs/file.c | 29 +
1 file changed, 29 insertions(+)
diff --git a/fs/sysfs/file.c b/fs/sysfs/file.c
index 9aefa7779b29..351ff75
Similar to the existing slab overflow and stack exhaustion tests, add
VMALLOC_LINEAR_OVERFLOW (and rename the slab test SLAB_LINEAR_OVERFLOW).
Signed-off-by: Kees Cook
---
drivers/misc/lkdtm/core.c | 3 ++-
drivers/misc/lkdtm/heap.c | 21
instance in
kernfs was copied from single_start, so fix both at once.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Fixes: c2b19daf6760 ("sysfs, kernfs: prepare read path for kernfs")
Reviewed-by: Christoph Hellwig
Reviewed-by: Nathan Chancellor
Signed-off-by: Arnd Bergmann
Signed-off
but I guess git
trashed the Subject and ran hooks to generate a Change-Id UUID.
I assume it's from following the "Reply instructions" at the bottom of:
https://lore.kernel.org/lkml/20210330205750.428816-1-keesc...@chromium.org/
(It seems those need clarification about Subject handling.)
--
Kees Cook
Christopherson)
Sean Christopherson (1):
kbuild: lto: Merge module sections if and only if CONFIG_LTO_CLANG is
enabled
scripts/module.lds.S | 2 ++
1 file changed, 2 insertions(+)
--
Kees Cook
On Wed, Mar 31, 2021 at 08:07:18PM +, Sean Christopherson wrote:
> On Wed, Mar 31, 2021, Kees Cook wrote:
> > On Wed, Mar 24, 2021 at 10:45:36PM +, Sean Christopherson wrote:
> > > On Tue, Mar 23, 2021, Sami Tolvanen wrote:
> > > > On Tue, Mar 23, 2021
!
[1/1] overflow: Correct check_shl_overflow() comment
https://git.kernel.org/kees/c/4578be130a64
--
Kees Cook
37adb ("soundwire: qcom: add support to missing transport
> params")
> Signed-off-by: Srinivas Kandagatla
Thanks for fixing this!
Reviewed-by: Kees Cook
-Kees
> ---
> drivers/soundwire/qcom.c | 10 ++
> 1 file changed, 10 insertions(+)
>
> diff --git a/
", 0, NULL, &psi_memory_proc_ops);
> > - proc_create("pressure/cpu", 0, NULL, &psi_cpu_proc_ops);
> > + proc_create("pressure/io", 0666, NULL, &psi_io_proc_ops);
> > + proc_create("pressure/memory", 0666, NULL,
> > &psi_memory_proc_ops);
> > + proc_create("pressure/cpu", 0666, NULL, &psi_cpu_proc_ops);
> > }
> > return 0;
> > }
--
Kees Cook
On Thu, Apr 01, 2021 at 09:14:25AM +0200, Michal Hocko wrote:
> On Wed 31-03-21 19:21:45, Kees Cook wrote:
> > The sysfs interface to seq_file continues to be rather fragile
> > (seq_get_buf() should not be used outside of seq_file), as seen with
> > some recent exploits[
On Thu, Apr 01, 2021 at 09:10:05AM +0200, Greg Kroah-Hartman wrote:
> On Wed, Mar 31, 2021 at 11:52:20PM -0700, Kees Cook wrote:
> > On Thu, Apr 01, 2021 at 07:16:56AM +0200, Greg Kroah-Hartman wrote:
> > > On Wed, Mar 31, 2021 at 07:21:45PM -0700, Kees Cook wrote:
> > &g
On Thu, Apr 01, 2021 at 07:16:56AM +0200, Greg Kroah-Hartman wrote:
> On Wed, Mar 31, 2021 at 07:21:45PM -0700, Kees Cook wrote:
> > The sysfs interface to seq_file continues to be rather fragile
> > (seq_get_buf() should not be used outside of seq_file), as seen with
> > s
On Thu, Apr 01, 2021 at 12:38:31AM +0200, Thomas Gleixner wrote:
> On Wed, Mar 31 2021 at 14:54, Kees Cook wrote:
> > On Wed, Mar 31, 2021 at 09:53:26AM +0200, Thomas Gleixner wrote:
> >> On Tue, Mar 30 2021 at 13:57, Kees Cook wrote:
> >> > +/*
> >> >
backs using
seq_file directly), this change can also be removed.
[1] https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html
Signed-off-by: Kees Cook
---
v3:
- Limit to only sysfs (instead of all of seq_file).
v2: https://lore.kernel.org/lkml/20210315174851.68-1-keesc...@chromium.or
On Wed, Mar 31, 2021 at 09:53:26AM +0200, Thomas Gleixner wrote:
> On Tue, Mar 30 2021 at 13:57, Kees Cook wrote:
> > +/*
> > + * Do not use this anywhere else in the kernel. This is used here because
> > + * it provides an arch-agnostic way to grow the stack with correct
&g
| 3 +-
> net/tipc/name_table.c | 4 +-
> scripts/Makefile.modfinal | 2 +-
> scripts/module.lds.S | 20 +-
> 74 files changed, 759 insertions(+), 112 deletions(-)
> create mode 100644 include/linux/cfi.h
> create mode 100644 kernel/cfi.c
>
>
> base-commit: d19cc4bfbff1ae72c3505a00fb8ce0d3fa519e6c
> --
> 2.31.0.291.g576ba9dcdaf-goog
>
--
Kees Cook
etova
Signed-off-by: Elena Reshetova
Link: https://lore.kernel.org/r/20190415060918.3766-1-elena.reshet...@intel.com
Reviewed-by: Thomas Gleixner
Link: https://lore.kernel.org/lkml/87im5769op@nanos.tec.linutronix.de/
Signed-off-by: Kees Cook
---
.../admin-guide/kernel-parameters.txt | 11
k offset' | cut -d: -f3 | sort | uniq -c | sort -n
| wc -l)
echo "$(uname -m) bits of stack entropy: $(echo "obase=2; $offsets" | bc | wc
-L)"
Signed-off-by: Kees Cook
---
drivers/misc/lkdtm/bugs.c | 17 +
drivers/misc/lkdtm/core.c | 1 +
driver
https://reviews.llvm.org/rG4fbf84c1732fca596ad1d6e96015e19760eb8a9b
Signed-off-by: Kees Cook
---
arch/arm64/Kconfig | 1 +
arch/arm64/kernel/Makefile | 5 +
arch/arm64/kernel/syscall.c | 16
3 files changed, 22 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/
stream/10216/125357/2/374717.pdf
[3] https://lore.kernel.org/lkml/202003281520.A9BFF461@keescook/
Kees Cook (6):
jump_label: Provide CONFIG-driven build state defaults
init_on_alloc: Optimize static branches
stack: Optionally randomize kernel stack offset each syscall
x86/entry: Enable random_k
it needs to happen at the actual entry point).
Reviewed-by: Thomas Gleixner
Link: https://lore.kernel.org/lkml/87lfa369tv@nanos.tec.linutronix.de/
Signed-off-by: Kees Cook
---
arch/x86/Kconfig| 1 +
arch/x86/entry/common.c | 3 +++
arch/x86/include/asm/entry
g
assembly code.
Reviewed-by: Alexander Potapenko
Link:
https://lore.kernel.org/lkml/CAG_fn=x0dvwqlahjto6jw7tgcmsm77gkhinrd0m_6y0szwo...@mail.gmail.com/
Acked-by: Vlastimil Babka
Link: https://lore.kernel.org/lkml/5d626b9b-5355-be94-e8e2-1be47f880...@suse.cz
Signed-off-by: Kees Cook
---
inc
https://lore.kernel.org/lkml/20200324220641.gt2...@worktop.programming.kicks-ass.net/
Signed-off-by: Kees Cook
---
include/linux/jump_label.h | 19 +++
1 file changed, 19 insertions(+)
diff --git a/include/linux/jump_label.h b/include/linux/jump_label.h
index d92691262f51..05f5554d860f 100644
> sections were not merged.
>
> The stale symbol table breaks gdb's function disassambler, and presumably
> other things, e.g.
>
> [...]
Applied to for-linus/lto, thanks!
[1/1] kbuild: lto: Merge module sections if and only if CONFIG_LTO_CLANG is
enabled
https://gi
bfd can comment on whether this is
> > a bug or a feature, and if there's a flag we can pass to bfd that
> > would fix the issue. In the meanwhile, this patch looks like a
> > reasonable workaround to me.
> >
> > Reviewed-by: Sami Tolvanen
> > Tested-by: Sami Tolvanen
Thanks, I'll get this sent to Linus.
--
Kees Cook
I defer to James. :)
-Kees
--
Kees Cook
mal
> cacheable memory instead of default behaviour which
> is an overhead. Making it cacheable could improve
> performance.
>
> [...]
Applied to for-next/pstore, thanks!
[1/1] pstore: Add mem_type property DT parsing support
https://git.kernel.org/kees/c/9d843e8fafc7
--
Kees Cook
take it, and James would rather
not take VFS, perhaps akpm would carry it? That's where other similar
VFS security work has landed.
--
Kees Cook
On Tue, 30 Mar 2021 23:07:24 -0400, Cui GaoSheng wrote:
> Do a trivial typo fix.
> s/cachable/cacheable
Applied to for-next/seccomp, thanks!
[1/1] seccomp: Fix "cacheable" typo in comments
https://git.kernel.org/kees/c/a3fc712c5b37
--
Kees Cook
k offset' | cut -d: -f3 | sort | uniq -c | sort -n
| wc -l)
echo "$(uname -m) bits of stack entropy: $(echo "obase=2; $offsets" | bc | wc
-L)"
Signed-off-by: Kees Cook
---
drivers/misc/lkdtm/bugs.c | 17 +
drivers/misc/lkdtm/core.c | 1 +
driver
https://reviews.llvm.org/rG4fbf84c1732fca596ad1d6e96015e19760eb8a9b
Signed-off-by: Kees Cook
---
arch/arm64/Kconfig | 1 +
arch/arm64/kernel/Makefile | 5 +
arch/arm64/kernel/syscall.c | 16
3 files changed, 22 insertions(+)
diff --git a/arch/arm64/Kconfig b/arch/
etova
Signed-off-by: Elena Reshetova
Link: https://lore.kernel.org/r/20190415060918.3766-1-elena.reshet...@intel.com
Signed-off-by: Kees Cook
---
.../admin-guide/kernel-parameters.txt | 11
Makefile | 4 ++
arch/Kconfig
g
assembly code.
Reviewed-by: Alexander Potapenko
Link:
https://lore.kernel.org/lkml/CAG_fn=x0dvwqlahjto6jw7tgcmsm77gkhinrd0m_6y0szwo...@mail.gmail.com/
Acked-by: Vlastimil Babka
Link: https://lore.kernel.org/lkml/5d626b9b-5355-be94-e8e2-1be47f880...@suse.cz
Signed-off-by: Kees Cook
---
inc
it needs to happen at the actual entry point).
Signed-off-by: Kees Cook
---
arch/x86/Kconfig| 1 +
arch/x86/entry/common.c | 3 +++
arch/x86/include/asm/entry-common.h | 16
3 files changed, 20 insertions(+)
diff --git a/arch/x86/Kconfig b/arch
-Kees
[1] https://a13xp0p0v.github.io/2020/02/15/CVE-2019-18683.html
[2] https://repositorio-aberto.up.pt/bitstream/10216/125357/2/374717.pdf
[3] https://lore.kernel.org/lkml/202003281520.A9BFF461@keescook/
Kees Cook (6):
jump_label: Provide CONFIG-driven build state defaults
init_on
https://lore.kernel.org/lkml/20200324220641.gt2...@worktop.programming.kicks-ass.net/
Signed-off-by: Kees Cook
---
include/linux/jump_label.h | 19 +++
1 file changed, 19 insertions(+)
diff --git a/include/linux/jump_label.h b/include/linux/jump_label.h
index d92691262f51..05f5554d860f 100644
On Sun, Mar 28, 2021 at 04:18:56PM +0200, Thomas Gleixner wrote:
> On Fri, Mar 19 2021 at 14:28, Kees Cook wrote:
> > +
> > + /*
> > +* x86_64 stack alignment means 3 bits are ignored, so keep
> > +* the top 5 bits. x86_32 needs only 2 bits of alignment, so
>
On Sun, Mar 28, 2021 at 04:42:03PM +0200, Thomas Gleixner wrote:
> On Fri, Mar 19 2021 at 14:28, Kees Cook wrote:
> > +/*
> > + * Do not use this anywhere else in the kernel. This is used here because
> > + * it provides an arch-agnostic way to grow the stack with correct
&g
ned-off-by: Sami Tolvanen
Reviewed-by: Kees Cook
--
Kees Cook
equality in this check:
>
> WARN_ON_ONCE(timer->function != delayed_work_timer_fn);
>
> Use WARN_ON_FUNCTION_MISMATCH() instead to disable the warning
> when CFI and modules are both enabled.
>
> Signed-off-by: Sami Tolvanen
Reviewed-by: Kees Cook
--
Kees Cook
101 - 200 of 4661 matches
Mail list logo
