From: Francis Laniel
This patch adds fortify-string.h to contain fortified functions definitions.
Thus, the code is more separated and compile time is slightly faster for people
who do not set CONFIG_FORTIFY_SOURCE.
Signed-off-by: Francis Laniel
---
include/linux/fortify-string.h | 302 +++
From: Francis Laniel
Hi.
First, I hope your families, friends and yourself are fine.
In a recent mail about the merge of a new fortified string function, Linus
Torvalds suggested the creation of a dedicated header file for these functions:
https://marc.info/?l=linux-mm-commits&m=16081036611124
From: Francis Laniel
Hi.
First, I do hope you are fine and the same for your relatives.
In a recent mail about the merge of a new fortified string function, Linus
Torvalds suggested the creation of a dedicated header file for these functions:
https://marc.info/?l=linux-mm-commits&m=16081036611
From: Francis Laniel
This patch adds fortify-string.h to contain fortified functions definitions.
Thus, the code is more separated and compile time is slightly faster for people
who do not set CONFIG_FORTIFY_SOURCE.
Signed-off-by: Francis Laniel
---
include/linux/fortify-string.h | 302 +++
From: Francis Laniel
The two functions indicates if a string begins with a given prefix.
The only difference is that strstarts() returns a bool while str_has_prefix()
returns the length of the prefix if the string begins with it or 0 otherwise.
Signed-off-by: Francis Laniel
---
arch/mips/bcm63
From: Francis Laniel
The two functions indicates if a string begins with a given prefix.
The only difference is that strstarts() returns a bool while str_has_prefix()
returns the length of the prefix if the string begins with it or 0 otherwise.
Signed-off-by: Francis Laniel
---
drivers/firmwar
From: Francis Laniel
The two functions indicates if a string begins with a given prefix.
The only difference is that strstarts() returns a bool while str_has_prefix()
returns the length of the prefix if the string begins with it or 0 otherwise.
Signed-off-by: Francis Laniel
---
drivers/ide/ide
From: Francis Laniel
The two functions indicates if a string begins with a given prefix.
The only difference is that strstarts() returns a bool while str_has_prefix()
returns the length of the prefix if the string begins with it or 0 otherwise.
Signed-off-by: Francis Laniel
---
kernel/module.c
From: Francis Laniel
The two functions indicates if a string begins with a given prefix.
The only difference is that strstarts() returns a bool while str_has_prefix()
returns the length of the prefix if the string begins with it or 0 otherwise.
Signed-off-by: Francis Laniel
---
drivers/usb/mus
From: Francis Laniel
The two functions indicates if a string begins with a given prefix.
The only difference is that strstarts() returns a bool while str_has_prefix()
returns the length of the prefix if the string begins with it or 0 otherwise.
Signed-off-by: Francis Laniel
---
drivers/md/dm-c
From: Francis Laniel
When str_has_prefix() was introduced in commit 495d714ad140 ("Merge tag
'trace-v4.21' of
git://git.kernel.org/pub/scm/linux/kernel/git/rostedt/linux-trace"), this commit
stated that the new function should replace the existing one.
Signed-off-by: Francis Laniel
---
include
From: Francis Laniel
The two functions indicates if a string begins with a given prefix.
The only difference is that strstarts() returns a bool while str_has_prefix()
returns the length of the prefix if the string begins with it or 0 otherwise.
Signed-off-by: Francis Laniel
---
crypto/essiv.c
From: Francis Laniel
The two functions indicates if a string begins with a given prefix.
The only difference is that strstarts() returns a bool while str_has_prefix()
returns the length of the prefix if the string begins with it or 0 otherwise.
Signed-off-by: Francis Laniel
---
drivers/gpu/drm
From: Francis Laniel
The two functions indicates if a string begins with a given prefix.
The only difference is that strstarts() returns a bool while str_has_prefix()
returns the length of the prefix if the string begins with it or 0 otherwise.
Signed-off-by: Francis Laniel
---
drivers/gpu/drm
From: Francis Laniel
The two functions indicates if a string begins with a given prefix.
The only difference is that strstarts() returns a bool while str_has_prefix()
returns the length of the prefix if the string begins with it or 0 otherwise.
Signed-off-by: Francis Laniel
---
arch/mips/bcm47
From: Francis Laniel
The two functions indicates if a string begins with a given prefix.
The only difference is that strstarts() returns a bool while str_has_prefix()
returns the length of the prefix if the string begins with it or 0 otherwise.
Signed-off-by: Francis Laniel
---
arch/arm/kernel
From: Francis Laniel
Hi.
First, I hope you are fine and the same for your relatives.
In this patch set, I replaced all calls to strstarts() by calls to
str_has_prefix().
Indeed, the kernel has two functions to test if a string begins with an other:
1. strstarts() which returns a bool, so 1 if
From: Daniel Axtens
When the fortify feature was first introduced in commit 6974f0c4555e
("include/linux/string.h: add the option of fortified string.h functions"),
Daniel Micay observed:
* It should be possible to optionally use __builtin_object_size(x, 1) for
some functions (C strings) t
From: Francis Laniel
In lkdtm.h, files targeted in comments are named "lkdtm_file.c" while there are
named "file.c" in directory.
Acked-by: Kees Cook
Signed-off-by: Francis Laniel
---
drivers/misc/lkdtm/lkdtm.h | 14 +++---
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a
From: Francis Laniel
This new test ensures that fortified strscpy has the same behavior than vanilla
strscpy (e.g. returning -E2BIG when src content is truncated).
Finally, it generates a crash at runtime because there is a write overflow in
destination string.
Reviewed-by: Kees Cook
Signed-off
From: Francis Laniel
The fortified version of strscpy ensures the following before vanilla strscpy
is called:
1. There is no read overflow because we either size is smaller than src length
or we shrink size to src length by calling fortified strnlen.
2. There is no write overflow because we eithe
From: Daniel Axtens
Add code to test both:
- runtime detection of the overrun of a structure. This covers the
__builtin_object_size(x, 0) case. This test is called FORTIFY_OBJECT.
- runtime detection of the overrun of a char array within a structure.
This covers the __builtin_object_siz
From: Francis Laniel
Hi.
I hope your families, friends and yourselves are fine.
This patch implements a fortified version of strscpy() enabled by setting
CONFIG_FORTIFY_SOURCE=y.
The new version ensures the following before calling vanilla strscpy():
1. There is no read overflow because either
From: Francis Laniel
The fortified version of strscpy ensures the following before vanilla strscpy
is called:
1. There is no read overflow because we either size is smaller than src length
or we shrink size to src length by calling fortified strnlen.
2. There is no write overflow because we eithe
From: Daniel Axtens
When the fortify feature was first introduced in commit 6974f0c4555e
("include/linux/string.h: add the option of fortified string.h functions"),
Daniel Micay observed:
* It should be possible to optionally use __builtin_object_size(x, 1) for
some functions (C strings) t
From: Daniel Axtens
Add code to test both:
- runtime detection of the overrun of a structure. This covers the
__builtin_object_size(x, 0) case. This test is called FORTIFY_OBJECT.
- runtime detection of the overrun of a char array within a structure.
This covers the __builtin_object_siz
From: Francis Laniel
Hi.
I hope your families, friends and yourselves are fine.
This patch set answers to this issue:
https://github.com/KSPP/linux/issues/46
I based my modifications on top of two patches from Daniel Axtens which modify
calls to __builtin_object_size to ensure the true size o
From: Francis Laniel
This new test ensures that fortified strscpy has the same behavior than vanilla
strscpy (e.g. returning -E2BIG when src content is truncated).
Finally, it generates a crash at runtime because there is a write overflow in
destination string.
Signed-off-by: Francis Laniel
Rev
From: Francis Laniel
In lkdtm.h, files targeted in comments are named "lkdtm_file.c" while there are
named "file.c" in directory.
Signed-off-by: Francis Laniel
Acked-by: Kees Cook
---
drivers/misc/lkdtm/lkdtm.h | 14 +++---
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a
From: Francis Laniel
In lkdtm.h, files targeted in comments are named "lkdtm_file.c" while there are
named "file.c" in directory.
Signed-off-by: Francis Laniel
Acked-by: Kees Cook
---
drivers/misc/lkdtm/lkdtm.h | 14 +++---
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a
From: Daniel Axtens
Add code to test both:
- runtime detection of the overrun of a structure. This covers the
__builtin_object_size(x, 0) case. This test is called FORTIFY_OBJECT.
- runtime detection of the overrun of a char array within a structure.
This covers the __builtin_object_siz
From: Daniel Axtens
When the fortify feature was first introduced in commit 6974f0c4555e
("include/linux/string.h: add the option of fortified string.h functions"),
Daniel Micay observed:
* It should be possible to optionally use __builtin_object_size(x, 1) for
some functions (C strings) t
From: Francis Laniel
This new test ensures that fortified strscpy has the same behavior than vanilla
strscpy (e.g. returning -E2BIG when src content is truncated).
Finally, it generates a crash at runtime because there is a write overflow in
destination string.
Signed-off-by: Francis Laniel
Rev
From: Francis Laniel
The fortified version of strscpy ensures the following before vanilla strscpy
is called:
1. There is no read overflow because we either size is smaller than src length
or we shrink size to src length by calling fortified strnlen.
2. There is no write overflow because we eithe
From: Francis Laniel
Hi.
I hope your families, friends and yourselves are fine.
This patch set answers to this issue:
https://github.com/KSPP/linux/issues/46
I based my modifications on top of two patches from Daniel Axtens which modify
calls to __builtin_object_size to ensure the true size o
35 matches
Mail list logo
