> This is reproducible on my machine and always happens when running the test
> via 'modprobe -v overflow_kunit'. Without KASAN enabled (but KFENCE)
> overflow_allocation_test passes.
Hmm, this implies some kind of corruption is sneaking in and the kunit
resource freeing code is exploding. I don't immediately see the problem,
though.
--
Kees Cook
x/elf.h" proper header to add this ?
I'd rather not put arch-specific things in the main UAPI elf.h file
unless there is a good reason.
> I couldn't see any proper header inside "arch/x86/include/uapi/asm/".
Other architectures have arch/*/include/uapi/asm/elf.h, so it may be
time to add one for x86 too. For this to be UAPI, I would want to see
more explicit namespacing, e.g. struct x86_xfeat_component, etc.
-Kees
--
Kees Cook
On July 12, 2024 2:59:30 AM PDT, Jocelyn Falempe wrote:
>Gentle ping, I need reviews from powerpc, usermod linux, mtd, pstore and
>hyperv, to be able to push it in the drm-misc tree.
Oops, I thought I'd Acked already!
Acked-by: Kees Cook
And, yeah, as mpe said, you're
On Wed, Jul 03, 2024 at 10:22:11AM +0200, Petr Mladek wrote:
> On Wed 2024-07-03 09:57:26, Jocelyn Falempe wrote:
> >
> >
> > On 02/07/2024 22:29, Kees Cook wrote:
> > > On Tue, Jul 02, 2024 at 02:26:04PM +0200, Jocelyn Falempe wrote:
> > > > kmsg_dump
son, like "sysrq triggered crash"
> or "VFS: Unable to mount root fs on " on the drm panic screen.
>
> v2:
> * Use a struct kmsg_dump_detail to hold the reason and description
> pointer, for more flexibility if we want to add other parameters.
&g
n't
any "new" information here that should be captured somehow.
Thanks!
--
Kees Cook
c
@@ -8,7 +8,7 @@
#include
static void kmsg_dumper_stdout(struct kmsg_dumper *dumper,
- enum kmsg_dump_reason reason)
+ struct kmsg_dump_detail *detail)
{
static struct kmsg_dump_iter iter;
static DEFINE_SPINLOCK(lock);
--
Kees Cook
roach?
Yeah, based on this and what mpe said, I have no objection to just
allowing it in kmem_cache_create_usercopy(). I was mainly just curious
what the threat model was. :)
Reviewed-by: Kees Cook
--
Kees Cook
atic ssize_t dtl_file_read(struct file *filp, char __user
*buf, size_t len,
}
/* .. and now the head */
- rc = copy_to_user(buf, &dtl->buf[i], n_req * sizeof(struct dtl_entry));
+ rc = bounce_copy(buf, &dtl->buf[i], n_req * sizeof(struct dtl_entry));
if (rc)
return -EFAULT;
--
Kees Cook
On Sun, May 12, 2024 at 09:32:40PM +0200, Joel Granados wrote:
> On Sat, May 11, 2024 at 11:51:18AM +0200, Thomas Weißschuh wrote:
> > Hi Kees,
> >
> > On 2024-05-08 10:11:35+, Kees Cook wrote:
> > > On Wed, Apr 24, 2024 at 08:12:34PM -0700, Jakub Kicinski wrot
patches 1-10 go via their respective subsystems, and once all
of those are in Linus's tree, send patch 11 as a stand-alone PR.
(From patch 11, it looks like the seccomp read/write function changes
could be split out? I'll do that now...)
-Kees
--
Kees Cook
);
> @@ -2064,7 +2064,7 @@ static int elf_core_dump(struct coredump_params *cprm)
> if (!write_note_info(&info, cprm))
> goto end_coredump;
>
> - /* For cell spufs */
> + /* For cell spufs and x86 xstate */
> if (elf_coredump_extra_notes_write(cprm))
> goto end_coredump;
>
> diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h
> index b54b313bcf07..e30a9b47dc87 100644
> --- a/include/uapi/linux/elf.h
> +++ b/include/uapi/linux/elf.h
> @@ -411,6 +411,7 @@ typedef struct elf64_shdr {
> #define NT_X86_XSTATE0x202 /* x86 extended state using
> xsave */
> /* Old binutils treats 0x203 as a CET state */
> #define NT_X86_SHSTK 0x204 /* x86 SHSTK state */
> +#define NT_X86_XSAVE_LAYOUT 0x205 /* XSAVE layout description */
> #define NT_S390_HIGH_GPRS0x300 /* s390 upper register halves */
> #define NT_S390_TIMER0x301 /* s390 timer register */
> #define NT_S390_TODCMP 0x302 /* s390 TOD clock comparator
> register */
> --
> 2.34.1
>
Otherwise looks good. I'd like to see feedback from Intel folks too.
Thanks for working on this!
-Kees
--
Kees Cook
.cra_ctxsize= sizeof(struct nx842_crypto_ctx),
+ .cra_ctxsize= struct_size_t(struct nx842_crypto_ctx,
header.group,
+ NX842_CRYPTO_GROUP_MAX),
.cra_module = THIS_MODULE,
.cra_init = nx842_pseries_crypto_init,
.cra_exit = nx842_crypto_exit,
--
Kees Cook
acro "ARCH_HAVE_EXTRA_ELF_NOTES" with kconfig
https://git.kernel.org/kees/c/a9c3475dd67b
Take care,
--
Kees Cook
ces
> arm64: Add support for suppressing warning backtraces
> loongarch: Add support for suppressing warning backtraces
> parisc: Add support for suppressing warning backtraces
> s390: Add support for suppressing warning backtraces
> sh: Add support for suppressi
> Cc: Thomas Gleixner
> Cc: Vincenzo Frascino
> Cc: Anna-Maria Behnsen
> See-also: 8b3843ae3634 ("vdso/datapage: Quick fix - use asm/page-def.h for
> ARM64")
> Signed-off-by: Arnd Bergmann
Thanks for tracking this!
Reviewed-by: Kees Cook
--
Kees Cook
uct coredump_params
> *cprm) { return 0; }
> #else
> diff --git a/include/uapi/linux/elf.h b/include/uapi/linux/elf.h
> index 9417309b7230..3325488cb39b 100644
> --- a/include/uapi/linux/elf.h
> +++ b/include/uapi/linux/elf.h
> @@ -411,6 +411,7 @@ typedef struct elf64_shdr {
> #define NT_X86_XSTATE0x202 /* x86 extended state using
> xsave */
> /* Old binutils treats 0x203 as a CET state */
> #define NT_X86_SHSTK 0x204 /* x86 SHSTK state */
> +#define NT_X86_XSAVE_LAYOUT 0x205 /* XSAVE layout description */
> #define NT_S390_HIGH_GPRS0x300 /* s390 upper register halves */
> #define NT_S390_TIMER0x301 /* s390 timer register */
> #define NT_S390_TODCMP 0x302 /* s390 TOD clock comparator
> register */
> --
> 2.43.0
>
Otherwise looks reasonable, though I see Dave has feedback to address
too. :)
Thanks for working on this!
-Kees
--
Kees Cook
On Tue, Mar 12, 2024 at 10:02:59AM -0700, Guenter Roeck wrote:
> Document API functions for suppressing warning backtraces.
>
> Signed-off-by: Guenter Roeck
Reviewed-by: Kees Cook
--
Kees Cook
t; the affected architectures / platforms fixed.
>
> Signed-off-by: Guenter Roeck
Reviewed-by: Kees Cook
--
Kees Cook
;suppressed_warnings, node) {
> - if (!strcmp(function, warning->function))
> + if (!strcmp(function, warning->function)) {
> + warning->counter++;
> return true;
> + }
> }
> return false;
> }
> --
> 2.39.2
>
Reviewed-by: Kees Cook
--
Kees Cook
> Solve the problem by providing a means to identify and suppress specific
> warning backtraces while executing test code.
>
> Cc: Dan Carpenter
> Cc: Daniel Diaz
> Cc: Naresh Kamboju
> Cc: Kees Cook
> Signed-off-by: Guenter Roeck
Yup, this looks fine to me.
Reviewed-by: Kees Cook
--
Kees Cook
rg/kees/c/3fe1eb4dd2e4
Take care,
--
Kees Cook
On Sat, Mar 02, 2024 at 12:47:08AM +, Edgecombe, Rick P wrote:
> On Wed, 2024-02-28 at 09:21 -0800, Kees Cook wrote:
> > I totally understand. If the "uninitialized" warnings were actually
> > reliable, I would agree. I look at it this way:
> >
> > - in
important for
the safety of the system as a whole. Yes, individual cases maybe bad
("what uid should this be? root?!") but from a general memory safety
perspective the value doesn't become potentially influenced by order of
operations, leftover stack memory, etc.
I'd agree, lifting everything into a static initializer does seem
cleanest of all the choices.
-Kees
--
Kees Cook
fset = 0;
But one cleanup that is possible from explicitly zero-initializing the
whole structure would be dropping all the individual "= 0" assignments.
:)
--
Kees Cook
| 2 +-
> scripts/min-tool-version.sh | 2 +-
> scripts/recordmcount.pl | 2 +-
> security/Kconfig | 2 --
> 14 files changed, 15 insertions(+), 57 deletions(-)
> ---
> base-commit: 979741ebd48f75ed6d101c7290e3325340d361ff
> change-id: 20240124-bump-min-llvm-ver-to-13-0-1-39f84dd36b19
>
> Best regards,
> --
> Nathan Chancellor
>
Yes, please. :) This looks reasonable -- I appreciate the review of
default Clang versions across distros!
Reviewed-by: Kees Cook
--
Kees Cook
"
Cc: Mahesh Salgaonkar
Cc: Vasant Hegde
Cc: dingsenjie
Cc: linuxppc-dev@lists.ozlabs.org
Cc: Aneesh Kumar K.V
Cc: Naveen N. Rao
Signed-off-by: Kees Cook
---
arch/powerpc/platforms/powernv/opal-prd.c | 2 +-
arch/powerpc/xmon/xmon.c | 2 +-
2 files changed, 2 insertions(+),
--
> Nathan Chancellor
>
Excellent! Thanks for doing this. I spot checked a handful I was
familiar with and everything looks good to me.
Reviewed-by: Kees Cook
--
Kees Cook
on.\n");
>> +}
>> }
>> -#elif defined(CONFIG_ARCH_HAS_STRICT_KERNEL_RWX)
>> -static inline void mark_readonly(void)
>> -{
>> -pr_warn("Kernel memory protection not selected by kernel config.\n");
>> -}
>> -#else
>> -static inline void mark_readonly(void)
>> -{
>> -pr_warn("This architecture does not have kernel memory protection.\n");
>> -}
>> -#endif
>>
>> void __weak free_initmem(void)
>> {
>> --
>> 2.41.0
--
Kees Cook
l-terminated-strings
> [1]
> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html
> [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-harden...@vger.kernel.org
> Signed-off-by: Justin Stitt
Agreed; this conversion looks correct to me too.
Reviewed-by: Kees Cook
--
Kees Cook
rings
> [1]
> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html
> [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-harden...@vger.kernel.org
> Signed-off-by: Justin Stitt
Yeah, this conversion looks correct to me too.
Reviewed-by: Kee
he net
> kunit tests via kconfig.
>
> gcc-12.2.0 can compile it after this simple s//g "fix":
>
> diff --git a/net/core/gso_test.c b/net/core/gso_test.c
> --- a/net/core/gso_test.c
> +++ b/net/core/gso_test.c
> @@ -4,7 +4,7 @@
> #include
>
> s
s.debian.org/testing/linux-manual-4.8/strscpy.9.en.html
> [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-harden...@vger.kernel.org
> Signed-off-by: Justin Stitt
Thanks, this looks right to me.
Reviewed-by: Kees Cook
--
Kees Cook
gt; zero-initialized:
> | char buf[8] = { 0 };
>
> [...]
Applied to for-next/hardening, thanks! (I've updated the Subject here
and with the older "refactor" subjects...)
Take care,
--
Kees Cook
$ make headers
> $ make -j -C tools/testing/selftests install
> $ grep -c "^powerpc"
> tools/testing/selftests/kselftest_install/kselftest-list.txt
> 182
>
> Fixes: d4e59a536f50 ("selftests: Use runner.sh for emit targets")
> Signed-off-by: Michael Ellerman
Reviewed-by: Kees Cook
--
Kees Cook
[1]
> Link: https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html
> [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-harden...@vger.kernel.org
> Signed-off-by: Justin Stitt
Looks like a straight replacement. Thanks!
Reviewed-by: Kees Cook
--
Kees Cook
th `size_add()`.
>
> Fixes: 3f1071ec39f7 ("net: spider_net: Use struct_size() helper")
> Signed-off-by: Gustavo A. R. Silva
Reviewed-by: Kees Cook
--
Kees Cook
id pitfalls like this one, and they expect others to do
> their
> homework for them.
Well I'm not sure that's entirely fair to Justin's efforts (I know he's
been studying these changes and everyone makes mistakes), but that's why
I'm helping review his findings -- some code behaviors are more obvious
than others. :)
--
Kees Cook
. Imagine a name
input of "fan#2-data". "buf" wants to get "2". copy_len is 1, and
strscpy would eat it. :)
-Kees
>
> err = kstrtou32(buf, 10, index);
> if (err)
>
> ---
> base-commit: 3669558bdf354cd352be955ef2764cde6a9bf5ec
> change-id: 20230914-strncpy-drivers-hwmon-ibmpowernv-c-80a03f16d93a
>
> Best regards,
> --
> Justin Stitt
>
--
Kees Cook
On Fri, Sep 01, 2023 at 04:58:37PM +0900, Masahiro Yamada wrote:
> On Fri, Sep 1, 2023 at 4:13 AM Kees Cook wrote:
> >
> > Currently the Kconfig fragments in kernel/configs and arch/*/configs
> > that aren't used internally aren't discoverable through "make hel
kernel.org
Cc: x...@kernel.org
Cc: linux-arm-ker...@lists.infradead.org
Cc: linuxppc-dev@lists.ozlabs.org
Cc: linux-ri...@lists.infradead.org
Cc: linux-s...@vger.kernel.org
Cc: linux-kbu...@vger.kernel.org
Cc: linux-harden...@vger.kernel.org
Signed-off-by: Kees Cook
Co-developed-by: Masahiro Yamada
ou! Do you want to send a
formal patch? Please consider it:
Reviewed-by: Kees Cook
--
Kees Cook
This is
especially useful for powerpc where most of the arch fragments aren't
intended to be consumed individually.
Cc: Masahiro Yamada
Cc: x...@kernel.org
Cc: linuxppc-dev@lists.ozlabs.org
Cc: linux-kbu...@vger.kernel.org
Suggested-by: Michael Ellerman
Signed-off-by: Kees Co
x86-specific options for a Xen virtualization guest
Cc: Masahiro Yamada
Cc: x...@kernel.org
Cc: linux-arm-ker...@lists.infradead.org
Cc: linuxppc-dev@lists.ozlabs.org
Cc: linux-ri...@lists.infradead.org
Cc: linux-s...@vger.kernel.org
Signed-off-by: Kees Cook
---
Makefile
24223606.never.762-k...@kernel.org
Thanks!
-Kees
Kees Cook (2):
kbuild: Show Kconfig fragments in "help"
kbuild: Split internal config targets from .config into .fragment
Makefile | 1 -
arch/arm/configs/dram_0x.config | 1 +
ar
On Fri, Aug 25, 2023 at 04:11:58PM +1000, Michael Ellerman wrote:
> Kees Cook writes:
> > Doing a "make help" would show only hard-coded Kconfig targets and
> > depended on the archhelp target to include ".config" targets. There was
> > nothing showing g
On Fri, Aug 25, 2023 at 07:44:06AM +0200, Nicolas Schier wrote:
> On Thu, Aug 24, 2023 at 03:36:10PM -0700, Kees Cook wrote:
> > Doing a "make help" would show only hard-coded Kconfig targets and
> > depended on the archhelp target to include ".config" targets. T
On Fri, Aug 25, 2023 at 04:56:54AM +, Christophe Leroy wrote:
> Le 25/08/2023 à 00:36, Kees Cook a écrit :
> > +# Base hardware support for 86xx
>
> s/86xx/85xx
> [...]
Thanks for the typo fixes! I'll get these all fixed up. :)
--
Kees Cook
On Thu, Aug 24, 2023 at 05:04:02PM -0700, Randy Dunlap wrote:
> Hi Kees,
>
> On 8/24/23 15:36, Kees Cook wrote:
> > Doing a "make help" would show only hard-coded Kconfig targets and
> > depended on the archhelp target to include ".config" targets. Th
arm-ker...@lists.infradead.org
Cc: linuxppc-dev@lists.ozlabs.org
Cc: linux-ri...@lists.infradead.org
Cc: linux-s...@vger.kernel.org
Signed-off-by: Kees Cook
---
Makefile | 1 -
arch/arm/configs/dram_0x.config| 1 +
arch/arm/configs/dram_0xc000.conf
.@vger.kernel.org
> Signed-off-by: Justin Stitt
Reviewed-by: Kees Cook
--
Kees Cook
memory
> to objects allocated from flash_block_cache, so flash_block_cache must
> be created using kmem_cache_create_usercopy() to mark it safe for user
> access.
>
> Fixes: 6d07d1cd300f ("usercopy: Restrict non-usercopy caches to size 0")
> Signed-off-by: Nathan Lynch
Reviewed-by: Kees Cook
--
Kees Cook
careful with order of operations. We then have to add index back.
I think for readability, it's better to avoid the function composition.
The index subtraction undoes the earlier addition -- I say just leave it
separate.
i.e. I like option 1 of 3 the best.
-Kees
--
Kees Cook
ffort to remove strlcpy() completely [2], replace
> strlcpy() here with strscpy().
> No return values were used, so direct replacement is safe.
>
> [...]
Applied, thanks!
[1/1] soc: fsl: qe: Replace all non-returning strlcpy with strscpy
(no commit info)
Best regards,
--
Kees Cook
On Mon, Jul 10, 2023 at 04:46:50PM +, Leo Li wrote:
>
>
> > -Original Message-
> > From: Azeem Shaikh
> > Sent: Sunday, July 9, 2023 9:36 PM
> > To: Kees Cook
> > Cc: Qiang Zhao ; linux-harden...@vger.kernel.org;
> > linuxppc-dev@lists.ozl
ements.
Naming nit: "HAS" and "SUPPORTS" feel very similar, and looking at
existing configs, "ARCH_SUPPORTS_..." is already used for doing this
kind of bare "bool" management. e.g. see ARCH_SUPPORTS_INT128
It looks like you need to split "depends" and "select" so the options
can be chosen separately from the "selectable" configs.
How about naming this ARCH_SELECTS_, since that's what it's
there for?
-Kees
--
Kees Cook
ased too often, rather structs containing them.
But ultimately, yeah, everything could gain __counted_by and friends in
the future.
--
Kees Cook
gned-off-by: Azeem Shaikh
Reviewed-by: Kees Cook
--
Kees Cook
nel.org/kees/c/015f6618194e
--
Kees Cook
gned-off-by: Azeem Shaikh
Reviewed-by: Kees Cook
--
Kees Cook
Cc: linux...@lists.infradead.org
> Cc: xen-de...@lists.xenproject.org
> Cc: linux-a...@vger.kernel.org
> Cc: linux...@kvack.org
> Tested-by: Pengfei Xu
> Suggested-by: David Hildenbrand
> Signed-off-by: Rick Edgecombe
I'm not an arch maintainer, but it looks like a correct tree-wide
refactor.
Reviewed-by: Kees Cook
--
Kees Cook
rtas_ext_event_log_v6) || ...
>
> Don't all such sites need to be audited/adjusted for changes like this?
Yeah, I'd expect a binary comparison[1] before/after to catch things like
this. E.g. the following C files mention those structs:
arch/powerpc/platforms/pseries/io_event_irq.c
arch/powerpc/platforms/pseries/ras.c
arch/powerpc/kernel/rtasd.c
arch/powerpc/kernel/rtas.c
-Kees
[1] https://outflux.net/blog/archives/2022/06/24/finding-binary-differences/
--
Kees Cook
e change to -next:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=for-next/execve&id=cd57e443831d8eeb083c7165bce195d886e216d4
--
Kees Cook
On Thu, Nov 17, 2022 at 03:20:01PM -0800, Linus Torvalds wrote:
> On Thu, Nov 17, 2022 at 2:58 PM Kees Cook wrote:
> >
> > Oh, er, why does get_arg_page() even need FOLL_FORCE? This is writing the
> > new stack contents to the nascent brpm->vma, which was newly allocated
stack contents to the nascent brpm->vma, which was newly allocated
with VM_STACK_FLAGS, which an arch can override, but they all appear to include
VM_WRITE | VM_MAYWRITE.
--
Kees Cook
J. Wong # for xfs
> Reviewed-by: SeongJae Park # for damon
> Reviewed-by: Jason Gunthorpe # for infiniband
> Reviewed-by: Russell King (Oracle) # for arm
> Acked-by: Ulf Hansson # for mmc
> Signed-off-by: Jason A. Donenfeld
Reviewed-by: Kees Cook
--
Kees Cook
I = get_random_u32_above(0);
>
> @@
> identifier I;
> @@
> - do {
> ... when != I
> - I = get_random_u32();
> ... when != I
> - } while (I == 0);
> + I = get_random_u32_above(0);
>
> @@
> expression E;
> @@
> - E + 1 + get_random_u32_below(U32_MAX - E)
> + get_random_u32_above(E)
>
> Reviewed-by: Greg Kroah-Hartman
> Signed-off-by: Jason A. Donenfeld
Reviewed-by: Kees Cook
--
Kees Cook
t; net/bluetooth/mgmt.c | 5 ++--
> net/core/pktgen.c | 25 ---
> net/ipv4/tcp_input.c | 2 +-
> net/ipv6/addrconf.c | 6 ++---
> net/netfilter/nf_nat_helper.c
On November 16, 2022 4:43:54 PM PST, "Jason A. Donenfeld"
wrote:
>On Wed, Nov 16, 2022 at 04:31:18PM -0800, Kees Cook wrote:
>> On Thu, Nov 17, 2022 at 01:03:14AM +0100, Jason A. Donenfeld wrote:
>> > On Thu, Nov 17, 2022 at 12:55:47AM +0100, Jason A. Donenfeld wrot
s.
I think "inclusive" is best. The other words still don't provide
unambiguous language. It's the language used in formal math, e.g.
sigma-notation, etc. It's an adjective for "get random" (verb, noun).
--
Kees Cook
is clear: 0-99
inclusive, plus 1, so 1-100 inclusive. "Between 1 and 101" is not obvious
to me to mean: 1-100 inclusive.
These seem so much nicer:
get_random_u32_inclusive(1, 1024)
get_random_u32_inclusive(1, 100)
--
Kees Cook
next merge window to catch any new stuff, and then send those
updates and the removal before -rc1 closes?
--
Kees Cook
[resending because I failed to CC]
On October 7, 2022 7:21:28 PM PDT, "Jason A. Donenfeld" wrote:
>On Fri, Oct 07, 2022 at 03:47:44PM -0700, Kees Cook wrote:
>> On Fri, Oct 07, 2022 at 12:01:03PM -0600, Jason A. Donenfeld wrote:
>> > Rather than incurring a division o
/*
>* Maximum PAGE_SIZE
>*/
> - r = prandom_u32();
> - align = 1 << ((r % 11) + 1);
> + align = 1 << (prandom_u32_max(11) + 1);
>
> pcpu[i] = __alloc_percpu(size, align);
> if (!pcpu[i])
> @@ -393,14 +387,11 @@ static struct test_driver {
>
> static void shuffle_array(int *arr, int n)
> {
> - unsigned int rnd;
> int i, j;
>
> for (i = n - 1; i > 0; i--) {
> - rnd = prandom_u32();
> -
> /* Cut the range. */
> - j = rnd % i;
> + j = prandom_u32_max(i);
>
> /* Swap indexes. */
> swap(arr[i], arr[j]);
Yup, agrees with Cocci on these.
--
Kees Cook
t;> around
> > >>>>>> get_random_u32() for several releases now, and compiles down to the
> > >>>>>> exact same code. Replace the deprecated wrapper with a direct call to
> > >>>>>> the real function. The same also applie
On Wed, Oct 05, 2022 at 09:55:43PM -0700, Kees Cook wrote:
> If any of the subsystems ask you to break this up (I hope not), I've got
> this[1], which does a reasonable job of splitting a commit up into
> separate commits for each matching subsystem.
[1] https://github.com/kees/ker
, let me
> know if I'm doing it wrong.
I usually stick to just mailing lists and subsystem maintainers.
If any of the subsystems ask you to break this up (I hope not), I've got
this[1], which does a reasonable job of splitting a commit up into
separate commits for each matching subsystem
gt; the real function.
>
> Signed-off-by: Jason A. Donenfeld
Global search/replace matches. :)
Reviewed-by: Kees Cook
--
Kees Cook
gt; the real function.
Global search/replace matches. :)
Reviewed-by: Kees Cook
--
Kees Cook
On Wed, Oct 05, 2022 at 11:48:44PM +0200, Jason A. Donenfeld wrote:
> With no callers left of prandom_u32() and prandom_bytes(), remove these
> deprecated wrappers.
>
> Signed-off-by: Jason A. Donenfeld
Reviewed-by: Kees Cook
--
Kees Cook
;
> }
>
> - r = prandom_u32() & SFB_MAX_PROB;
> + r = get_random_u16() & SFB_MAX_PROB;
>
> if (unlikely(r < p_min)) {
> if (unlikely(p_min > SFB_MAX_PROB / 2)) {
include/uapi/linux/pkt_sched.h:#define SFB_MAX_PROB 0x
Reviewed-by: Kees Cook
--
Kees Cook
gt; - j = rnd % i;
> + j = prandom_u32_max(i);
>
> /* Swap indexes. */
> swap(arr[i], arr[j]);
And some by hand. :)
Reviewed-by: Kees Cook
--
Kees Cook
~
Apologies for the breakage! This should be fixed by:
https://lore.kernel.org/lkml/20220929081642.1932200-1-keesc...@chromium.org
--
Kees Cook
10 @@ struct fc_nl_event {
__u16 event_datalen;
__u32 event_num;
__u32 event_code;
- __u32 event_data;
+ union {
+ __u32 event_data;
+ __DECLARE_FLEX_ARRAY(__u8, event_data_flex);
+ };
} __attribute__((aligned(sizeof(__u64;
--
Kees Cook
error with PPC_8xx=y")
> Signed-off-by: Gustavo A. R. Silva
Reviewed-by: Kees Cook
--
Kees Cook
/KSPP/linux/issues/198
> Reported-by: kernel test robot
> Link: https://lore.kernel.org/lkml/202209061224.kxorrgvg-...@intel.com/
> Signed-off-by: Gustavo A. R. Silva
Thanks!
Reviewed-by: Kees Cook
--
Kees Cook
LATENT_ENTROPY_PLUGIN when plugin disabled for a
file
https://git.kernel.org/kees/c/2d08c71d2c79
--
Kees Cook
el.
>
> Signed-off-by: Xiu Jianfeng
Reviewed-by: Kees Cook
-Kees
--
Kees Cook
(req->nbytes < 3 || req->data[2] >= ARRAY_SIZE(adb_handler))
so it's tied to the actual variable (if its size ever changes).
With that:
Reviewed-by: Kees Cook
-Kees
> break;
> mutex_lock(&adb_handler_mutex);
> req->reply[0] = adb_handler[req->data[2]].original_address;
> --
> 2.25.1
>
--
Kees Cook
[...]
Applied to for-next/hardening, thanks!
[1/1] stack: Declare {randomize_,}kstack_offset to fix Sparse warnings
https://git.kernel.org/kees/c/375561bd6195
--
Kees Cook
;
> Fixes: f9b3cd245784 ("Kconfig.debug: make DEBUG_INFO selectable from a
> choice")
> Cc: sta...@vger.kernel.org
> Cc: Kees Cook
> Signed-off-by: Christophe Leroy
Reviewed-by: Kees Cook
--
Kees Cook
e the much better API here. Also with
> the amount of arguments and by reference passing it might be worth
> to pass them as a structure while you're at it.
Yeah, I agree. It really seems like seq_buf would be nicer.
--
Kees Cook
uot; (e.g. current,
+ * percpu, etc) memory contents tends to be easier than arbitrary
+ * location memory exposures.
+ */
#define choose_random_kstack_offset(rand) do { \
if (static_branch_maybe(CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT, \
&randomize_kstack_offset)) {\
--
Kees Cook
se often" is needed here;
it's hard to develop against -next. :)
Should we give it a try for this coming merge window?
--
Kees Cook
nice to block the exposure of canaries and PAC bits, though,
so I'm not opposed, but I'd like to get a better sense of how "heavy"
this might be.
Thanks!
-Kees
--
Kees Cook
red to
ro_after_init. Honestly, I actually this this patch should be modified
to _add_ a new test for EXEC_RO_AFTER_INIT, and leave the existing
.rodata one alone...
-Kees
--
Kees Cook
> +
> + return 0;
> +}
> +
> +DEFINE_SIMPLE_ATTRIBUTE(check_wx_fops, NULL, check_wx_debugfs_set, "%llu\n");
> +
> +static int ptdump_check_wx_init(void)
> +{
> + return debugfs_create_file("check_wx_pages", 0200, NULL,
> +NULL, &check_wx_fops) ? 0 : -ENOMEM;
> +}
> +device_initcall(ptdump_check_wx_init);
> #endif
>
> static int ptdump_init(void)
> --
> 2.25.1
>
--
Kees Cook
nel/git/powerpc/linux.git/log/?h=topic/func-desc-lkdtm
Thanks! I've got some core changes coming for lkdtm, but I'm waiting
until after the merge window to rebase them and get them into -next.
--
Kees Cook
On Wed, Mar 02, 2022 at 12:18:45PM -0800, Linus Torvalds wrote:
> On Wed, Mar 2, 2022 at 12:07 PM Kees Cook wrote:
> >
> > I've long wanted to change kfree() to explicitly set pointers to NULL on
> > free. https://github.com/KSPP/linux/issues/87
>
> We've ha
le
with Coccinelle) and change them into something like kfree_no_null()
and redefine kfree() itself:
#define kfree_no_null(x) do { void *__ptr = (x); __kfree(__ptr); } while (0)
#define kfree(x) do { __kfree(x); x = NULL; } while (0)
--
Kees Cook
1 - 100 of 748 matches
Mail list logo