> Closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3323
> Fixes: df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3")
> Signed-off-by: Alex Deucher
> Cc: Kees Cook
Yup, this looks correct to me. These were trailing arrays that were not
bounds checked prio
M! :)
Reviewed-by: Kees Cook
--
Kees Cook
typedef struct _NonClockInfoArray{
> @@ -460,7 +460,7 @@ typedef struct _NonClockInfoArray{
> //sizeof(ATOM_PPLIB_NONCLOCK_INFO)
> UCHAR ucEntrySize;
>
> -ATOM_PPLIB_NONCLOCK_INFO nonClockInfo[1];
> +ATOM_PPLIB_NONCLOCK_INFO nonClockInfo[];
> }NonClockInfoArray;
>
> typedef struct _ATOM_PPLIB_Clock_Voltage_Dependency_Record
-Kees
--
Kees Cook
s,
>> Justin
>
>+Kees since I've worked with him on several of these flexible array issues.
>
>I just happened to look at kernel logs today for my ath1*k driver maintenance
>and see the subject issue is present on my device, running 6.9.0-rc1. The
>freedesktop issue tracker says the issue is closed, but any fix has not landed
>in the upstream kernel. Is there a -next patch somewhere?
>
>[ 12.105270] UBSAN: array-index-out-of-bounds in
>drivers/gpu/drm/radeon/radeon_atombios.c:2718:34
>[ 12.105272] index 48 is out of range for type 'UCHAR [1]'
>[
>
>If there isn't really an upstream fix, I can probably supply one.
I would expect this to have fixed it:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/gpu/drm/radeon/pptable.h?id=c63079c61177ba1b17fa05c6875699a36924fe39
If not, there must be something else happening?
-Kees
--
Kees Cook
l;
> struct dmcu *dmcu = pipe_ctx->stream->ctx->dc->res_pool->dmcu;
> + uint32_t otg_inst;
> +
> + if (!abm && !tg && !panel_cntl)
> + return;
> +
> + otg_inst = tg->inst;
Is the "if" supposed to be using "||"s instead of "&&"s? I noticed
Coverity complained "tg may be NULL" for the "tg->inst" dereference...
-Kees
--
Kees Cook
Nathan Chancellor
>
Excellent! Thanks for doing this. I spot checked a handful I was
familiar with and everything looks good to me.
Reviewed-by: Kees Cook
--
Kees Cook
On Thu, Oct 05, 2023 at 11:42:38AM +0200, Christian König wrote:
> Am 02.10.23 um 20:22 schrieb Kees Cook:
> > On Mon, Oct 02, 2023 at 08:11:41PM +0200, Christian König wrote:
> > > Am 02.10.23 um 20:08 schrieb Kees Cook:
> > > > On Mon, Oct 02, 2023 at 08:01:57P
blob/trunk/coccinelle/examples/counted_by.cocci
[1]
Signed-off-by: Kees Cook
---
drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c | 2 +-
drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_bo_list.c
b/drivers/gpu/d
On Mon, Oct 02, 2023 at 08:11:41PM +0200, Christian König wrote:
> Am 02.10.23 um 20:08 schrieb Kees Cook:
> > On Mon, Oct 02, 2023 at 08:01:57PM +0200, Christian König wrote:
> > > Am 02.10.23 um 18:53 schrieb Kees Cook:
> > > > On Mon, Oct 02, 2023 at 11:06:
On Mon, Oct 02, 2023 at 08:01:57PM +0200, Christian König wrote:
> Am 02.10.23 um 18:53 schrieb Kees Cook:
> > On Mon, Oct 02, 2023 at 11:06:19AM -0400, Alex Deucher wrote:
> > > On Mon, Oct 2, 2023 at 5:20 AM Christian König
> > > wrote:
> > > >
On Mon, Oct 02, 2023 at 11:06:19AM -0400, Alex Deucher wrote:
> On Mon, Oct 2, 2023 at 5:20 AM Christian König
> wrote:
> >
> > Am 29.09.23 um 21:33 schrieb Kees Cook:
> > > On Fri, 22 Sep 2023 10:32:05 -0700, Kees Cook wrote:
> > >> This is a batc
On Fri, 22 Sep 2023 10:32:05 -0700, Kees Cook wrote:
> This is a batch of patches touching drm for preparing for the coming
> implementation by GCC and Clang of the __counted_by attribute. Flexible
> array members annotated with __counted_by can have their accesses
> bounds-checked
On Mon, Sep 25, 2023 at 08:30:30AM +0200, Christian König wrote:
> Am 22.09.23 um 19:41 schrieb Alex Deucher:
> > On Fri, Sep 22, 2023 at 1:32 PM Kees Cook wrote:
> > > Prepare for the coming implementation by GCC and Clang of the __counted_by
> > > attribute. Flexi
On Mon, Sep 25, 2023 at 12:08:36PM +0200, Andrzej Hajda wrote:
>
>
> On 22.09.2023 19:32, Kees Cook wrote:
> > Prepare for the coming implementation by GCC and Clang of the __counted_by
> > attribute. Flexible array members annotated with __counted_by can have
> > th
functions).
As found with Coccinelle[1], add __counted_by for struct v3d_perfmon.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Emma Anholt
Cc: Melissa Wen
Cc: David Airlie
Cc: Daniel Vetter
Cc: dri-de...@lists.freedesktop.org
Signed-off-by: Kees
functions).
As found with Coccinelle[1], add __counted_by for struct vc4_perfmon.
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Cc: Emma Anholt
Cc: Maxime Ripard
Cc: David Airlie
Cc: Daniel Vetter
Cc: dri-de...@lists.freedesktop.org
Signed-off-by: Kees
Cc: Bjorn Andersson
Cc: linux-arm-...@vger.kernel.org
Cc: dri-de...@lists.freedesktop.org
Cc: freedr...@lists.freedesktop.org
Signed-off-by: Kees Cook
---
drivers/gpu/drm/msm/disp/dpu1/dpu_hw_interrupts.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/msm/disp
wking Zhang
Cc: amd-gfx@lists.freedesktop.org
Cc: dri-de...@lists.freedesktop.org
Signed-off-by: Kees Cook
---
drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu_discovery.c
b/drivers/gpu/drm/amd/amdgp
: nouv...@lists.freedesktop.org
Signed-off-by: Kees Cook
---
drivers/gpu/drm/nouveau/nvkm/engine/pm/priv.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/nouveau/nvkm/engine/pm/priv.h
b/drivers/gpu/drm/nouveau/nvkm/engine/pm/priv.h
index 6ae25d3e7f45
...@lists.freedesktop.org
Cc: virtualizat...@lists.linux-foundation.org
Signed-off-by: Kees Cook
---
drivers/gpu/drm/virtio/virtgpu_drv.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/virtio/virtgpu_drv.h
b/drivers/gpu/drm/virtio/virtgpu_drv.h
index 8513b671f871
Signed-off-by: Kees Cook
---
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c
b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c
index 5db403ee8261..2d1d857f99ae 100644
--- a/drivers/gpu/drm/vmwgfx
initialization
earlier. (These are noted in the individual patches.)
-Kees
[1]
https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
Kees Cook (9):
drm/amd/pm: Annotate struct smu10_voltage_dependency_table with
__counted_by
drm/amdgpu/discovery: Annotate struct
d Airlie
Cc: Daniel Vetter
Cc: Xiaojian Du
Cc: Huang Rui
Cc: Kevin Wang
Cc: amd-gfx@lists.freedesktop.org
Cc: dri-de...@lists.freedesktop.org
Signed-off-by: Kees Cook
---
drivers/gpu/drm/amd/pm/powerplay/hwmgr/smu10_hwmgr.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dr
Cc: John Harrison
Cc: Andi Shyti
Cc: Matthew Brost
Cc: intel-...@lists.freedesktop.org
Cc: dri-de...@lists.freedesktop.org
Signed-off-by: Kees Cook
---
drivers/gpu/drm/i915/selftests/i915_request.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915
ut.
>
> Link: https://github.com/KSPP/linux/issues/21
> Link: https://github.com/KSPP/linux/issues/193
> Link: https://github.com/KSPP/linux/issues/300
> Link: https://gcc.gnu.org/pipermail/gcc-patches/2022-October/602902.html [1]
> Signed-off-by: Gustavo A. R. Silva
Reviewed-by: Kees Cook
--
Kees Cook
o
> > > > > Signed-off-by: Hamza Mahfooz
> > > > > ---
> > > > > v2: fix grammatical error
> > > > > ---
> > > > > drivers/gpu/drm/amd/display/Makefile | 2 ++
> > > > > 1 file changed, 2 insertions(+)
> > > > >
> > > > > diff --git a/drivers/gpu/drm/amd/display/Makefile
> > > > b/drivers/gpu/drm/amd/display/Makefile
> > > > > index 0d610cb376bb..3c44162ebe21 100644
> > > > > --- a/drivers/gpu/drm/amd/display/Makefile
> > > > > +++ b/drivers/gpu/drm/amd/display/Makefile
> > > > > @@ -26,6 +26,8 @@
> > > > >
> > > > > AMDDALPATH = $(RELATIVE_AMD_DISPLAY_PATH)
> > > > >
> > > > > +subdir-ccflags-y += -Werror -Wunused -Wmisleading-indentation
> > > > > +
> > > >
> > > > Care to enable this for the rest of amdgpu as well? Or send out an
> > > > additional patch to do that? Either way:
> > > > Reviewed-by: Alex Deucher
> > > >
> > > > Alex
> > > >
> > > > > subdir-ccflags-y += -I$(FULL_AMD_DISPLAY_PATH)/dc/inc/
> > > > > subdir-ccflags-y += -I$(FULL_AMD_DISPLAY_PATH)/dc/inc/hw
> > > > > subdir-ccflags-y += -I$(FULL_AMD_DISPLAY_PATH)/dc/clk_mgr
> > > > > --
> > > > > 2.40.1
> > > > >
> > > >
> --
> Hamza
>
--
Kees Cook
ffort to remove strlcpy() completely [2], replace
> strlcpy() here with strscpy().
> No return values were used, so direct replacement is safe.
>
> [...]
Applied to for-next/hardening, thanks!
[1/1] drm/radeon: Replace all non-returning strlcpy with strscpy
https://git.kernel.org/ke
ffort to remove strlcpy() completely [2], replace
> strlcpy() here with strscpy().
> No return values were used, so direct replacement is safe.
>
> [...]
Applied to for-next/hardening, thanks!
[1/1] drm/amd/pm: Replace all non-returning strlcpy with strscpy
https://git.kernel.org/ke
gned-off-by: Azeem Shaikh
Reviewed-by: Kees Cook
--
Kees Cook
gned-off-by: Azeem Shaikh
Reviewed-by: Kees Cook
--
Kees Cook
ot
> Addresses-Coverity-ID: 1530548 ("Control flow issues")
> Fixes: ec787deb2ddf ("drm/amd: Use `amdgpu_ucode_*` helpers for GFX9")
> Signed-off-by: Mario Limonciello
Reviewed-by: Kees Cook
--
Kees Cook
On Thu, Jan 12, 2023 at 10:39:20PM +, Limonciello, Mario wrote:
> This particular one was fixed already in
> https://patchwork.freedesktop.org/patch/518050/ which got applied today.
Ah-ha; thanks!
--
Kees Cook
On Mon, Nov 07, 2022 at 03:08:06PM +0800, Ma Jun wrote:
> Fix the memory overrun issue caused by wrong array size.
>
> Signed-off-by: Ma Jun
Reviewed-by: Kees Cook
--
Kees Cook
gt; and pp_odn_edit_dpm_table() to 'enum PP_OD_DPM_TABLE_COMMAND', which
> cleans up the warning.
>
> Link: https://github.com/ClangBuiltLinux/linux/issues/1750
> Reported-by: Sami Tolvanen
> Signed-off-by: Nathan Chancellor
Reviewed-by: Kees Cook
--
Kees Cook
linux/issues/1750
> Reported-by: Sami Tolvanen
> Signed-off-by: Nathan Chancellor
Reviewed-by: Kees Cook
--
Kees Cook
On Tue, Nov 01, 2022 at 06:09:16PM -0400, Alex Deucher wrote:
> On Tue, Nov 1, 2022 at 5:54 PM Kees Cook wrote:
> > Does the ROM always only have a single byte there? This seems unlikely
> > given the member "ucFakeEDIDLength" (and the code below).
>
> I'm not su
let me understand why, despite it was applied, this patch
> later
> shifted "State" to "Not Applicable"?
The kernel has multiple patchwork instances, so you got an "N/A" from
linux-media, but it was applied to the drm tree. (Yes, confusing. :P)
--
Kees Cook
D_LENGTH,
fake_edid_record->ucFakeEDIDLength);
edid = kmemdup(fake_edid_record->ucFakeEDIDString, edid_size,
GFP_KERNEL);
if (edid) {
if (drm_edid_is_valid(edid)) {
adev->mode_info.bios_hardcoded_edid = edid;
...
--
Kees Cook
make progress towards globally
> enabling -fstrict-flex-arrays=3 [1].
>
> Link: https://github.com/KSPP/linux/issues/79
> Link: https://github.com/KSPP/linux/issues/239
> Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101836 [1]
>
> Signed-off-by: Paulo Miguel Almeida
Reviewed-by: Kees Cook
--
Kees Cook
u may want to split
the 1-element conversion from the struct_size() conversions.
-Kees
[1]
https://docs.kernel.org/process/deprecated.html#zero-length-and-one-element-arrays
[2] https://outflux.net/blog/archives/2022/06/24/finding-binary-differences/
--
Kees Cook
herefore, replace kmap() with kmap_local_page() in radeon_ttm_gtt_read().
>
> Cc: "Venkataramanan, Anirudh"
> Suggested-by: Ira Weiny
> Signed-off-by: Fabio M. De Francesco
Reviewed-by: Kees Cook
--
Kees Cook
Fixed 13+
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=99578 Fixed 12+, 11.3
And it looks like Sudip's proposed fix for this particular code is
additionally fixing unsigned vs signed as well. I think -Warray-bounds
did its job (though, with quite a confusing index range in the report).
-Kees
--
Kees Cook
fig (inlined from 'copy_process' at
> /kisskb/src/kernel/fork.c:2200:2)
This error appears to have vanished?
> > [3]
> > http://kisskb.ellerman.id.au/kisskb/branch/linus/head/b90cb1053190353cc30f0fef0ef1f378ccc063c5/
> > (all 135 configs)
Status Date/time Target
OK Sep 7, 13:54linus/s390-allyesconfig/s390x-gcc11
--
Kees Cook
ter); maybe use struct_group()?
> [-Werror=attribute-warning]: => 258:25
>
> s390x-gcc11/s390-allyesconfig (inlined from 'copy_process' at
> /kisskb/src/kernel/fork.c:2200:2)
This is:
memset(>irqtrace, 0, sizeof(p->irqtrace));
p->irqtrace is:
struct irqtrace_events irqtrace;
But that's a whole object destination... why would only s390 warn?
-Kees
--
Kees Cook
ng looks to be the correct size?
--
Kees Cook
On Wed, Mar 02, 2022 at 12:18:45PM -0800, Linus Torvalds wrote:
> On Wed, Mar 2, 2022 at 12:07 PM Kees Cook wrote:
> >
> > I've long wanted to change kfree() to explicitly set pointers to NULL on
> > free. https://github.com/KSPP/linux/issues/87
>
> We've had this dis
them into something like kfree_no_null()
and redefine kfree() itself:
#define kfree_no_null(x) do { void *__ptr = (x); __kfree(__ptr); } while (0)
#define kfree(x) do { __kfree(x); x = NULL; } while (0)
--
Kees Cook
y
shadows variables. :)
Another way to try to catch misused shadow variables is
-Wunused-but-set-varible, but it, too, has tons of false positives.
I tried to capture some of the rationale and research here:
https://github.com/KSPP/linux/issues/152
--
Kees Cook
atch
$ split-on-maintainer treewide.patch
$ ls 0*.patch
If you have a build log before the patch that spits out warnings, the
--build-log argument can extract those warnings on a per-file basis, too
(though this can be fragile).
--
Kees Cook
Cc: David Airlie
Cc: Daniel Vetter
Cc: Hawking Zhang
Cc: Feifei Xu
Cc: Likun Gao
Cc: Jiawei Gu
Cc: Evan Quan
Cc: amd-gfx@lists.freedesktop.org
Cc: dri-de...@lists.freedesktop.org
Reviewed-by: Lijo Lazar
Acked-by: Alex Deucher
Signed-off-by: Kees Cook
---
v3: rename amdgpu_memcpy_trail
On Thu, Aug 26, 2021 at 03:51:29PM -0400, Alex Deucher wrote:
> On Wed, Aug 25, 2021 at 12:20 PM Kees Cook wrote:
> >
> > In preparation for FORTIFY_SOURCE performing compile-time and run-time
> > field bounds checking for memcpy(), memmove(), and memset(), avoid
> > i
Cc: David Airlie
Cc: Daniel Vetter
Cc: Hawking Zhang
Cc: Feifei Xu
Cc: Likun Gao
Cc: Jiawei Gu
Cc: Evan Quan
Cc: amd-gfx@lists.freedesktop.org
Cc: dri-de...@lists.freedesktop.org
Reviewed-by: Lijo Lazar
Acked-by: Alex Deucher
Signed-off-by: Kees Cook
---
v2:
- rename and move helper to drive
On August 22, 2021 11:28:54 PM PDT, "Christian König"
wrote:
>
>
>Am 19.08.21 um 22:14 schrieb Kees Cook:
>> [...]
>> diff --git a/drivers/gpu/drm/amd/amdgpu/amdgpu.h
>> b/drivers/gpu/drm/amd/amdgpu/amdgpu.h
>> index 96e895d6be35..4605934a4fb7
On Thu, Aug 19, 2021 at 10:33:43AM +0530, Lazar, Lijo wrote:
> On 8/19/2021 5:29 AM, Kees Cook wrote:
> > On Wed, Aug 18, 2021 at 05:12:28PM +0530, Lazar, Lijo wrote:
> > >
> > > On 8/18/2021 11:34 AM, Kees Cook wrote:
> > > > In preparation for FORTIFY_SOUR
Cc: David Airlie
Cc: Daniel Vetter
Cc: Hawking Zhang
Cc: Feifei Xu
Cc: Likun Gao
Cc: Jiawei Gu
Cc: Evan Quan
Cc: amd-gfx@lists.freedesktop.org
Cc: dri-de...@lists.freedesktop.org
Signed-off-by: Kees Cook
Link:
https://lore.kernel.org/lkml/cadnq5_npb8uyvd+r4uhgf-w8-cqj3joodjvijr_y9w9wqj7...
On Wed, Aug 18, 2021 at 05:12:28PM +0530, Lazar, Lijo wrote:
>
> On 8/18/2021 11:34 AM, Kees Cook wrote:
> > In preparation for FORTIFY_SOURCE performing compile-time and run-time
> > field bounds checking for memcpy(), memmove(), and memset(), avoid
> > intentionally wr
un Gao
Cc: Jiawei Gu
Cc: Evan Quan
Cc: amd-gfx@lists.freedesktop.org
Cc: dri-de...@lists.freedesktop.org
Signed-off-by: Kees Cook
Acked-by: Alex Deucher
Link:
https://lore.kernel.org/lkml/cadnq5_npb8uyvd+r4uhgf-w8-cqj3joodjvijr_y9w9wqj7...@mail.gmail.com
---
drivers/gpu/drm/a
-off-by: Kees Cook
---
drivers/gpu/drm/amd/display/modules/hdcp/hdcp1_execution.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/amd/display/modules/hdcp/hdcp1_execution.c
b/drivers/gpu/drm/amd/display/modules/hdcp/hdcp1_execution.c
index 2cbd931363bd
ct drm_amdgpu_info_vbios {
> [...]
> + __u8 serial[16];
> + __u32 dev_id;
> + __u32 rev_id;
> + __u32 sub_dev_id;
> + __u32 sub_ved_id;
> +};
Is there a truncation issue (20 vs 16) and is this intended to be a
NUL-terminated string?
--
Kees Cook
___
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
ice.
> Will submit a fix soon.
You might want to add a BUILD_BUG_ON() to keep those in sync, especially
since it's about to be UAPI.
-Kees
>
> Best regards,
> Jiawei
>
>
> -Original Message-
> From: Kees Cook
> Sent: Saturday, May 8, 2021 12:28 PM
> To:
Hi,
This is an attempt at fixing a bug[1] uncovered by the relocation of
the slab freelist pointer offset, as well as some related clean-ups.
I don't have hardware to do runtime testing, but it builds. ;)
-Kees
[1] https://bugzilla.kernel.org/show_bug.cgi?id=211537
Kees Cook (2):
drm/radeon
ng power state (v2)")
Fixes: 79daedc94281 ("drm/radeon/kms: minor pm cleanups")
Signed-off-by: Kees Cook
---
drivers/gpu/drm/radeon/radeon_atombios.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/drivers/gpu/drm/radeon/radeon_atombios.c
b/dri
Avoid leaving a hanging pre-allocated clock_info if last mode is
invalid, and avoid heap corruption if no valid modes are found.
Fixes: 6991b8f2a319 ("drm/radeon/kms: fix segfault in pm rework")
Signed-off-by: Kees Cook
---
drivers/gpu/drm/radeon/radeon_atombios.c | 20 +
h;
continue;
goto ;
return [expression];
[3] https://cwe.mitre.org/data/definitions/484.html
--
Kees Cook
___
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
On Mon, Nov 23, 2020 at 05:32:51PM -0800, Nick Desaulniers wrote:
> On Sun, Nov 22, 2020 at 8:17 AM Kees Cook wrote:
> >
> > On Fri, Nov 20, 2020 at 11:51:42AM -0800, Jakub Kicinski wrote:
> > > If none of the 140 patches here fix a real bug, and there is no chan
are still bugs being found from it -- we need to finish this and shut
the door on it for good.)
--
Kees Cook
___
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
On Fri, Nov 20, 2020 at 11:51:42AM -0800, Jakub Kicinski wrote:
> On Fri, 20 Nov 2020 11:30:40 -0800 Kees Cook wrote:
> > On Fri, Nov 20, 2020 at 10:53:44AM -0800, Jakub Kicinski wrote:
> > > On Fri, 20 Nov 2020 12:21:39 -0600 Gustavo A. R. Silva wrote:
> > > > This
On Fri, Nov 20, 2020 at 11:51:42AM -0800, Jakub Kicinski wrote:
> On Fri, 20 Nov 2020 11:30:40 -0800 Kees Cook wrote:
> > On Fri, Nov 20, 2020 at 10:53:44AM -0800, Jakub Kicinski wrote:
> > > On Fri, 20 Nov 2020 12:21:39 -0600 Gustavo A. R. Silva wrote:
> > > > This
ngs are supposed to warn about issues that could
> be bugs. Falling through to default: break; can hardly be a bug?!
It's certainly a place where the intent is not always clear. I think
this makes all the cases unambiguous, and doesn't impact the machine
code, since the compiler will happily optimize
On Fri, Jul 24, 2020 at 09:45:18AM +0200, Paul Menzel wrote:
> Am 24.07.20 um 00:32 schrieb Kees Cook:
> > On Thu, Jul 23, 2020 at 09:10:15PM +, Mazin Rezk wrote:
> As Linux 5.8-rc7 is going to be released this Sunday, I wonder, if commit
> 3202fa62f ("slub: relocate freeli
e acrtc->stream")
? 3202fa62f certainly exposed it much more quickly, but there was a race
even without 3202fa62f where something could have realloced the memory
and written over it.
--
Kees Cook
___
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
they've mostly been around
additional slab debugging features. If it's causing a problem outside
of that, my instinct would be there might be a use-after-free happening,
but I'll go read the bug more closely now, and comment there (or here,
if needed).
Thanks!
like this when there is logic available to deal with it.
> Apart from that certainly a good idea to add __must_check to the functions.
Agreed!
-Kees
--
Kees Cook
___
amd-gfx mailing list
amd-gfx@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/amd-gfx
_defs.h:34:1:
> error: SSE register return with SSE disabled
I'm still tripping over this too. What compilers are people building
with where this is NOT happening for an allmodconfig?
I'm using:
gcc (Ubuntu 7.4.0-1ubuntu1~18.04.1) 7.4.0
But it happens on newer compilers too.
--
Kees Cook
On Thu, Aug 08, 2019 at 03:33:00PM -0700, Andrew Morton wrote:
> On Thu, 8 Aug 2019 14:12:19 -0700 Kees Cook wrote:
>
> > > The ones that are left are the mm ones: 4, 5, 6, 7 and 8.
> > >
> > > Andrew, could you take a look and give your Acked-by or pick them u
, 12, 13 and 14 have acks from their subsystem maintainers.
>
> 3 touches generic lib code, I'm not sure if there's a dedicated
> maintainer for that.
Andrew tends to pick up lib/ patches.
> The ones that are left are the mm ones: 4, 5, 6, 7 and 8.
>
> Andrew, could you take a look and give your Acked-by or pick them up directly?
Given the subsystem Acks, it seems like 3-10 and 12 could all just go
via Andrew? I hope he agrees. :)
--
Kees Cook
gt; > > Untag the address before subtracting.
> > >
> > > Reviewed-by: Khalid Aziz
> > > Reviewed-by: Vincenzo Frascino
> > > Reviewed-by: Kees Cook
> > > Reviewed-by: Catalin Marinas
> > > Signed-off-by: Andrey Konovalov
> > > -
ldren but cleared on execve(). A Kconfig
> option allows the overall disabling of the relaxed ABI.
>
> The PR_SET_TAGGED_ADDR_CTRL will be expanded in the future to handle
> MTE-specific settings like imprecise vs precise exceptions.
>
> Signed-off-by: Catalin Marinas
Reviewed-by: Kees Co
vma lookups, which can only by done with
> untagged pointers.
>
> This patch untags user pointers in radeon_gem_userptr_ioctl().
>
> Suggested-by: Felix Kuehling
> Acked-by: Felix Kuehling
> Signed-off-by: Andrey Konovalov
Reviewed-by: Kees Cook
-Kees
> ---
>
est, that calls the uname syscall with a
> tagged user pointer as an argument. Without the kernel accepting tagged
> user pointers the test fails with EFAULT.
>
> Signed-off-by: Andrey Konovalov
Acked-by: Kees Cook
-Kees
> ---
> tools/testing/selftests/arm64/.gitignore
d user pointers for vma lookups, which can
> only by done with untagged pointers.
>
> Untag user pointers in this function.
>
> Signed-off-by: Andrey Konovalov
Reviewed-by: Kees Cook
-Kees
> ---
> drivers/infiniband/hw/mlx4/mr.c | 7 ---
> 1 file changed, 4 insert
vma lookups, which can only by done with
> untagged pointers.
>
> This patch untags user pointers in radeon_gem_userptr_ioctl().
>
> Suggested-by: Felix Kuehling
> Acked-by: Felix Kuehling
> Signed-off-by: Andrey Konovalov
Reviewed-by: Kees Cook
-Kees
> ---
>
kernel.
That's actually already happening (via -mm tree last I looked). tl;dr:
it ends up using a cast hidden in a macro. It's in linux-next already
along with a checkpatch.pl addition to yell about doing what's being
done here. ;)
https://lore.kernel.org/lkml/20190430180111.10688-1-mcr...@redhat.com/#r
--
Kees Cook
On Mon, Jun 10, 2019 at 07:53:30PM +0100, Catalin Marinas wrote:
> On Mon, Jun 10, 2019 at 11:07:03AM -0700, Kees Cook wrote:
> > On Mon, Jun 10, 2019 at 06:53:27PM +0100, Catalin Marinas wrote:
> > > diff --git a/arch/arm64/kernel/process.c b/arch/arm64/kernel/process.c
> &
gt; ptrauth_thread_init_user(current);
> }
> +
> +/*
> + * Enable the relaxed ABI allowing tagged user addresses into the kernel.
> + */
> +int untagged_uaddr_set_mode(unsigned long arg)
> +{
> + if (is_compat_task())
> + return -ENOTSUPP;
> + if (arg)
> + return -EINVAL;
> +
> + set_thread_flag(TIF_UNTAGGED_UADDR);
> +
> + return 0;
> +}
I think this should be paired with a flag clearing in copy_thread(),
yes? (i.e. each binary needs to opt in)
--
Kees Cook
tee_shm_unregister()->check_mem_type() uses provided
> user pointers for vma lookups (via __check_mem_type()), which can only by
> done with untagged pointers.
>
> Untag user pointers in this function.
>
> Signed-off-by: Andrey Konovalov
"tee: shm: untag user pointers
e provided user pointers for vma lookups, which can
> only by done with untagged pointers.
>
> Untag user pointers in validate_range().
>
> Signed-off-by: Andrey Konovalov
"userfaultfd: untag user pointers"
Reviewed-by: Kees Cook
-Kees
> ---
> fs/userfaultfd.c | 2
ld expect, instead:
fs/namespace: untag user pointers in copy_mount_options
Reviewed-by: Kees Cook
-Kees
> ---
> fs/namespace.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/namespace.c b/fs/namespace.c
> index b26778bdc236..2e85712a19ed 1
s provided user pointers for vma lookups, which can
> only by done with untagged pointers. Instead of locating and changing
> all callers of this function, perform untagging in it.
>
> Signed-off-by: Andrey Konovalov
Reviewed-by: Kees Cook
-Kees
> ---
> mm/frame_vector.c | 2 +
for vma lookups.
>
> Reviewed-by: Catalin Marinas
> Signed-off-by: Andrey Konovalov
Reviewed-by: Kees Cook
-Kees
> ---
> mm/gup.c | 4
> 1 file changed, 4 insertions(+)
>
> diff --git a/mm/gup.c b/mm/gup.c
> index ddde097cf9e4..c37df3d455a2 100644
> --- a
s provided user pointers for vma lookups, which can
> only by done with untagged pointers.
>
> Untag user pointers in this function.
>
> Signed-off-by: Andrey Konovalov
Reviewed-by: Kees Cook
-Kees
> ---
> drivers/vfio/vfio_iommu_type1.c | 2 ++
> 1 file changed, 2 inser
s a simple test, that calls the uname syscall with a
> tagged user pointer as an argument. Without the kernel accepting tagged
> user pointers the test fails with EFAULT.
>
> Signed-off-by: Andrey Konovalov
I'm adding Shuah to CC in case she has some suggestions about the new
selftest.
Rev
user_get() uses provided user pointers for vma
> lookups, which can only by done with untagged pointers.
>
> Untag the pointers in this function.
>
> Acked-by: Mauro Carvalho Chehab
> Signed-off-by: Andrey Konovalov
Reviewed-by: Kees Cook
-Kees
> ---
> drivers/me
ing user pointers in access_ok and in __uaccess_mask_ptr,
> before performing access validity checks.
>
> Note, that this patch only temporarily untags the pointers to perform the
> checks, but then passes them as is into the kernel internals.
>
> Reviewed-by: Catalin Marinas
> Signed-off-by
tagged pointers to be passed to the following memory
> syscalls: get_mempolicy, madvise, mbind, mincore, mlock, mlock2, mprotect,
> mremap, msync, munlock.
>
> Signed-off-by: Andrey Konovalov
Reviewed-by: Kees Cook
-Kees
> ---
> mm/madvise.c | 2 ++
> mm/mempolicy.c | 3 +++
&g
_move() is used in the implementation of the move_pages syscall.
>
> Untag user pointers in this function.
>
> Reviewed-by: Catalin Marinas
> Signed-off-by: Andrey Konovalov
Reviewed-by: Kees Cook
-Kees
> ---
> mm/migrate.c | 1 +
> 1 file changed, 1 insertion(+)
>
> dif
ly untags the pointers to perform
> validity checks, but then uses them as is to perform user memory accesses.
>
> Reviewed-by: Catalin Marinas
> Signed-off-by: Andrey Konovalov
Acked-by: Kees Cook
-Kees
> ---
> lib/strncpy_from_user.c | 3 ++-
> lib/strnlen_user
On Tue, May 28, 2019 at 06:02:45PM +0100, Catalin Marinas wrote:
> On Thu, May 23, 2019 at 02:31:16PM -0700, Kees Cook wrote:
> > syzkaller already attempts to randomly inject non-canonical and
> > 0x addresses for user pointers in syscalls in an effort to
> > fi
On Thu, May 23, 2019 at 06:43:46PM +0100, Catalin Marinas wrote:
> On Thu, May 23, 2019 at 09:38:19AM -0700, Kees Cook wrote:
> > What on this front would you be comfortable with? Given it's a new
> > feature isn't it sufficient to have a CONFIG (and/or boot option)?
>
>
ations using TBI already but
> I'm not aware of any still using this feature other than hwasan)
Correct.
Alright, the tl;dr appears to be:
- you want more assurances that we can find __user stripping in the
kernel more easily. (But this seems like a parallel problem.)
- we might need to opt in to TBI with a prctl()
- all other concerns are for the future MTE series (though it sounds
like HWCAP_MTE and a prctl() solve those issues too).
Is this accurate? What do you see as the blockers for this series at
this point?
--
Kees Cook
1 - 100 of 111 matches
Mail list logo
