[PATCH] xen/gntalloc: Replace UAPI 1-element array

Tyshchenko Cc: Gustavo A. R. Silva Cc: xen-devel@lists.xenproject.org Signed-off-by: Kees Cook --- drivers/xen/gntalloc.c | 2 +- include/uapi/xen/gntalloc.h | 5 - 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/xen/gntalloc.c b/drivers/xen/gntalloc.c index 26ffb8755ffb

Re: [PATCH 80/82] xen-netback: Refactor intentional wrap-around test

On Tue, Jan 23, 2024 at 08:55:44AM +0100, Jan Beulich wrote: > On 23.01.2024 01:27, Kees Cook wrote: > > --- a/drivers/net/xen-netback/hash.c > > +++ b/drivers/net/xen-netback/hash.c > > @@ -345,7 +345,7 @@ u32 xenvif_set_hash_mapping(struct xenvif *vif, u

[PATCH 80/82] xen-netback: Refactor intentional wrap-around test

lo Abeni Cc: xen-devel@lists.xenproject.org Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/net/xen-netback/hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/xen-netback/hash.c b/drivers/net/xen-netback/hash.c index ff96f22648ef..69b03b4feba9 100644 --- a/drivers

Re: [PATCH][next] xen: privcmd: Replace zero-length array with flex-array member and use __counted_by

. > > Signed-off-by: Gustavo A. R. Silva Looks right to me. I can see the allocation: size = struct_size(kioreq, ports, ioeventfd->vcpus); kioreq = kzalloc(size, GFP_KERNEL); if (!kioreq) return ERR_PTR(-ENOMEM); kioreq->dom = ioeventfd

Re: [PATCH][next] xen/xenbus: Add __counted_by for struct read_buffer and use struct_size()

rray member. > > This code was found with the help of Coccinelle, and audited and > fixed manually. > > Signed-off-by: Gustavo A. R. Silva Looks good. There are going to be lots of 1-byte flex array members... Reviewed-by: Kees Cook -- Kees Cook

Re: [PATCH] xen/efi: refactor deprecated strncpy

since we're not really writing a string? But since this is all hard-coded, it doesn't matter. :) Reviewed-by: Kees Cook -Kees > > A suitable replacement is `strscpy` [2] due to the fact that it guarantees > NUL-termination on the destination buffer while being functionally the > same in

Re: [PATCH] ALSA: xen-front: refactor deprecated strncpy

ot;security hole" For xen_snd_front_alsa_init(), "card" is already zero-initialized in snd_card_new(). For new_pcm_instance(), "pcm" is already zero-initialized in _snd_pcm_new(). So things look good to me! Reviewed-by: Kees Cook -- Kees Cook

Re: Fwd: UBSAN: index 1 is out of range for type 'xen_netif_rx_sring_entry [1]'

26.445268]  inet_sendmsg+0x42/0x80 > > > > > [   26.445268]  sock_write_iter+0x160/0x180 > > > > > [   26.445274]  vfs_write+0x397/0x440 > > > > > [   26.445274]  ksys_write+0xc9/0x100 > > > > > [   26.445274]  __x64_sys_write+0x19/0x30 > > > > > [   26.445274]  do_syscall_64+0x5c/0x90 > > > > > [   26.445287]  ? syscall_exit_to_user_mode+0x1b/0x50 > > > > > [   26.445290]  ? do_syscall_64+0x68/0x90 > > > > > [   26.445290]  ? do_syscall_64+0x68/0x90 > > > > > [   26.445294]  ? do_syscall_64+0x68/0x90 > > > > > [   26.445294]  ? syscall_exit_to_user_mode+0x1b/0x50 > > > > > [   26.445298]  ? do_syscall_64+0x68/0x90 > > > > > [   26.445300]  ? exc_page_fault+0x94/0x1b0 > > > > > [   26.445302]  entry_SYSCALL_64_after_hwframe+0x6e/0xd8 > > > > > [   26.445306] RIP: 0033:0x7f26c4c3d473 > > > > > [   26.445318] Code: 8b 15 21 2a 0e 00 f7 d8 64 89 02 48 c7 > > > > > c0 ff ff ff ff eb b7 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 > > > > > 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f > > > > > 1f 40 00 48 83 ec 28 48 89 54 24 18 > > > > > [   26.445321] RSP: 002b:7ffdee7b5528 EFLAGS: 0246 > > > > > ORIG_RAX: 0001 > > > > > [   26.445321] RAX: ffda RBX: 0700 > > > > > RCX: 7f26c4c3d473 > > > > > [   26.445321] RDX: 0700 RSI: 55567032e230 > > > > > RDI: 0004 > > > > > [   26.445321] RBP: 555670313d70 R08: fff0 > > > > > R09: > > > > > [   26.445321] R10: R11: 0246 > > > > > R12: 55566fcb2768 > > > > > [   26.445321] R13: R14: 0004 > > > > > R15: 55566fc67a80 > > > > > [   26.445332]  > > > > > [   26.445333] > > > > > > > > > > > > > See Bugzilla for the full thread and attached dmesg. > > > > > > > > Anyway, I'm adding it to regzbot: > > > > > > > > #regzbot introduced: 8446066bf8c1f9f > > > > https://bugzilla.kernel.org/show_bug.cgi?id=217693 > > > > > > > > Thanks. > > > > > > > > [1]: https://bugzilla.kernel.org/show_bug.cgi?id=217693 > > > > > > I doubt it is 8446066bf8c1f9f that causes this. Based on the comment > > > next to the 'ring[1]' in DEFINE_RING_TYPES() in > > > include/xen/interface/io/ring.h, this is probably caused/exposed by > > > commit df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3") in > > > 6.5-rc1, which causes that array to no longer be a flexible array but an > > > array with one element, which would cause UBSAN to complain about an > > > array access past index one. Adding Kees and Gustavo. > > > > I agree. > > > > > > > > Unfortunately, it seems this file is vendored from Xen, so I assume it > > > would need to be fixed there then pulled into Linux: > > > > > > https://github.com/xen-project/xen/tree/master/xen/include/public/io/ring.h > > > > No, I don't think it will be possible to change this in the Xen tree easily. > > > > Especially the public Xen headers are meant to be compatible with a large > > variety of compilers, including rather old ones. > > > > This means that ring[1] can't be easily swapped with ring[], as that would > > cause compile time errors with some compilers. > > > > Just modifying the Linux side header is an option, though, as we don't need > > the same wide range of supported compilers as Xen. > > > > I'll send a patch for that purpose. > > Oh, in fact there is a way in Xen to do that correctly. It schould be enough > to > use ring[XEN_FLEX_ARRAY_DIM], which will do the right thing. > > So I'll write a Xen patch first, after all. Perfect! I went to go look, and yes, this is good: /* Define a variable length array (depends on compiler). */ #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L #define XEN_FLEX_ARRAY_DIM #elif defined(__GNUC__) #define XEN_FLEX_ARRAY_DIM 0 #else #define XEN_FLEX_ARRAY_DIM 1 /* variable size */ #endif Be careful, of course, going from [1] to [], if anything is using sizeof() on the structure. Thanks for fixing this! -Kees -- Kees Cook

Re: [PATCH v1 5/9] KVM: x86: Add new hypercall to lock control registers

> pin (i.e. mark as read-only). > > > > > > These register flags should already be pinned by Linux guests, but once > > > compromised, this self-protection mechanism could be disabled, which is > > > not the case with this dedicated hypercall. > > >

Re: [PATCH v6 13/41] mm: Make pte_mkwrite() take a VMA

linux...@lists.infradead.org > Cc: xen-devel@lists.xenproject.org > Cc: linux-a...@vger.kernel.org > Cc: linux...@kvack.org > Tested-by: Pengfei Xu > Suggested-by: David Hildenbrand > Signed-off-by: Rick Edgecombe I'm not an arch maintainer, but it looks like a correct tree-wide refactor. Reviewed-by: Kees Cook -- Kees Cook

Re: [PATCH v6 11/41] mm: Introduce pte_mkwrite_kernel()

denbrand > Signed-off-by: Rick Edgecombe I think it's a little weird that it's the only PTE helper taking a vma, but it does seem like the right approach. Reviewed-by: Kees Cook -- Kees Cook

Re: [PATCH][next] xen: Replace one-element array with flexible-array member

hub.com/KSPP/linux/issues/255 > Link: https://gcc.gnu.org/pipermail/gcc-patches/2022-October/602902.html [1] > Signed-off-by: Gustavo A. R. Silva Reviewed-by: Kees Cook -- Kees Cook

Re: [RFC][PATCH 2/6] x86/power: Inline write_cr[04]()

On Thu, Jan 12, 2023 at 03:31:43PM +0100, Peter Zijlstra wrote: > Since we can't do CALL/RET until GS is restored and CR[04] pinning is > of dubious value in this code path, simply write the stored values. > > Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Kees Cook -- Kees Cook

[PATCH 1/4] x86/entry: Work around Clang __bdos() bug

Cc: xen-devel@lists.xenproject.org Cc: l...@lists.linux.dev Signed-off-by: Kees Cook --- arch/x86/xen/enlighten_pv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c index 0ed2e487a693..9b1a58dda935 100644 --- a/arch

Re: [PATCH 19/32] afs: Use mem_to_flex_dup() with struct afs_acl

On Thu, May 12, 2022 at 10:41:05PM +0100, David Howells wrote: > > Kees Cook wrote: > > > struct afs_acl { > > - u32 size; > > - u8 data[]; > > + DECLARE_FLEX_ARRAY_ELEMENTS_COUNT(u32, size); > > + DECLARE_FLEX_ARRAY_ELEMENTS(u8, data); &

Re: [PATCH 02/32] Introduce flexible array struct memcpy() helpers

On Thu, May 05, 2022 at 03:16:19PM +0200, Johannes Berg wrote: > On Wed, 2022-05-04 at 08:38 -0700, Kees Cook wrote: > > > > It seemed like requiring a structure be rearranged to take advantage of > > the "automatic layout introspection" wasn't very friendly.

Re: [PATCH 02/32] Introduce flexible array struct memcpy() helpers

end up with people writing a wrapping macro > that sets the variable to NULL before invoking the underlying macro... I hope it won't come to that! :) -- Kees Cook

Re: [PATCH 28/32] selinux: Use mem_to_flex_dup() with xfrm and sidtab

On Wed, May 04, 2022 at 11:14:42PM -0400, Paul Moore wrote: > On Wed, May 4, 2022 at 7:34 PM Gustavo A. R. Silva > wrote: > > > > Hi Paul, > > > > On Wed, May 04, 2022 at 06:57:28PM -0400, Paul Moore wrote: > > > On Tue, May 3, 2022 at 9:57 PM Kees Cook

Re: [PATCH 03/32] flex_array: Add Kunit tests

On Wed, May 04, 2022 at 11:00:38AM +0800, David Gow wrote: > On Wed, May 4, 2022 at 9:47 AM Kees Cook wrote: > > > > Add tests for the new flexible array structure helpers. These can be run > > with: > > > > make ARCH=um mrproper > > ./tools

Re: [PATCH 02/32] Introduce flexible array struct memcpy() helpers

On Wed, May 04, 2022 at 09:25:56AM +0200, Johannes Berg wrote: > On Tue, 2022-05-03 at 18:44 -0700, Kees Cook wrote: > > > > For example, using the most complicated helper, mem_to_flex_dup(): > > > > /* Flexible array struct with members identified.

Re: [PATCH 12/32] cfg80211: Use mem_to_flex_dup() with struct cfg80211_bss_ies

On Wed, May 04, 2022 at 09:28:46AM +0200, Johannes Berg wrote: > On Tue, 2022-05-03 at 18:44 -0700, Kees Cook wrote: > > > > @@ -2277,7 +2274,7 @@ cfg80211_update_notlisted_nontrans(struct wiphy > > *wiphy, > > size_t ielen = len - off

Re: [PATCH 10/32] wcn36xx: Use mem_to_flex_dup() with struct wcn36xx_hal_ind_msg

On Wed, May 04, 2022 at 08:42:46AM +0300, Kalle Valo wrote: > Kees Cook writes: > > > As part of the work to perform bounds checking on all memcpy() uses, > > replace the open-coded a deserialization of bytes out of memory into a > > trailing flexible array by usi

[PATCH 23/32] Bluetooth: Use mem_to_flex_dup() with struct hci_op_configure_data_path

: Luiz Augusto von Dentz Cc: "David S. Miller" Cc: Eric Dumazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: linux-blueto...@vger.kernel.org Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- include/net/bluetooth/hci.h | 4 ++-- net/bluetooth/hci_request.c | 9 ++--- 2 files

[PATCH 32/32] esas2r: Use __mem_to_flex() with struct atto_ioctl

explicitly. Cc: Bradley Grove Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: linux-s...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/scsi/esas2r/atioctl.h | 1 + drivers/scsi/esas2r/esas2r_ioctl.c | 11 +++ 2 files changed, 8 insertions(+), 4 dele

[PATCH 25/32] Drivers: hv: utils: Use mem_to_flex_dup() with struct cn_msg

Zhang Cc: Stephen Hemminger Cc: Wei Liu Cc: Dexuan Cui Cc: linux-hyp...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/hv/hv_utils_transport.c | 7 ++- include/uapi/linux/connector.h | 4 ++-- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/drivers/hv/hv_utils_tra

[PATCH 30/32] usb: gadget: f_fs: Use mem_to_flex_dup() with struct ffs_buffer

: Eugeniu Rosca Cc: John Keeping Cc: Jens Axboe Cc: Udipto Goswami Cc: Andrew Gabbasov Cc: linux-...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/usb/gadget/function/f_fs.c | 11 --- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/drivers/usb/gadget/function

[PATCH 31/32] xenbus: Use mem_to_flex_dup() with struct read_buffer

: Stefano Stabellini Cc: xen-devel@lists.xenproject.org Signed-off-by: Kees Cook --- drivers/xen/xenbus/xenbus_dev_frontend.c | 12 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/drivers/xen/xenbus/xenbus_dev_frontend.c b/drivers/xen/xenbus/xenbus_dev_frontend.c index

[PATCH 26/32] ima: Use mem_to_flex_dup() with struct modsig

: James Morris Cc: "Serge E. Hallyn" Cc: linux-integr...@vger.kernel.org Cc: linux-security-mod...@vger.kernel.org Signed-off-by: Kees Cook --- security/integrity/ima/ima_modsig.c | 12 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/security/integrity/ima/ima_m

[PATCH 24/32] IB/hfi1: Use mem_to_flex_dup() for struct tid_rb_node

Cc: Leon Romanovsky Cc: linux-r...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/infiniband/hw/hfi1/user_exp_rcv.c | 7 ++- drivers/infiniband/hw/hfi1/user_exp_rcv.h | 4 ++-- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/drivers/infiniband/hw/hfi1/user_exp_rcv.c b

[PATCH 13/32] mac80211: Use mem_to_flex_dup() with several structs

fils_discovery_data struct unsol_bcast_probe_resp_data Cc: Johannes Berg Cc: "David S. Miller" Cc: Eric Dumazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: linux-wirel...@vger.kernel.org Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- net/mac80211/cfg.c | 22 ++---

[PATCH 17/32] net/flow_offload: Use mem_to_flex_dup() with struct flow_action_cookie

umazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: Baowen Zheng Cc: Eli Cohen Cc: Louis Peens Cc: Simon Horman Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- include/net/flow_offload.h | 4 ++-- net/core/flow_offload.c| 7 ++- 2 files changed, 4 insertions(+), 7 deletions(-)

[PATCH 19/32] afs: Use mem_to_flex_dup() with struct afs_acl

-...@lists.infradead.org Signed-off-by: Kees Cook --- fs/afs/internal.h | 4 ++-- fs/afs/xattr.c| 7 ++- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/fs/afs/internal.h b/fs/afs/internal.h index 7a72e9c60423..83014d20b6b3 100644 --- a/fs/afs/internal.h +++ b/fs/afs

[PATCH 05/32] brcmfmac: Use mem_to_flex_dup() with struct brcmf_fweh_queue_item

: Hante Meuleman Cc: Kalle Valo Cc: "David S. Miller" Cc: Eric Dumazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: linux-wirel...@vger.kernel.org Cc: brcm80211-dev-list@broadcom.com Cc: sha-cyfmac-dev-l...@infineon.com Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- .../ne

[PATCH 15/32] 802/garp: Use mem_to_flex_dup() with struct garp_attr

umazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: Hulk Robot Cc: Yang Yingliang Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- include/net/garp.h | 4 ++-- net/802/garp.c | 9 +++-- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/include/net/garp.h b/include/net/ga

[PATCH 08/32] iwlwifi: mvm: Use mem_to_flex_dup() with struct ieee80211_key_conf

vid S. Miller" Cc: Jakub Kicinski Cc: Paolo Abeni Cc: Johannes Berg Cc: Gregory Greenman Cc: Eric Dumazet Cc: linux-wirel...@vger.kernel.org Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 8 ++-- include/net/

Re: [PATCH 01/32] netlink: Avoid memcpy() across flexible array boundary

On Tue, May 03, 2022 at 10:31:05PM -0500, Gustavo A. R. Silva wrote: > On Tue, May 03, 2022 at 06:44:10PM -0700, Kees Cook wrote: > [...] > > diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c > > index 1b5a9c2e1c29..09346aee1022 100644 > > --- a/net/netlin

[PATCH 29/32] xtensa: Use mem_to_flex_dup() with struct property

Herring Cc: Frank Rowand Cc: Guenter Roeck Cc: linux-xte...@linux-xtensa.org Cc: devicet...@vger.kernel.org Signed-off-by: Kees Cook --- arch/xtensa/platforms/xtfpga/setup.c | 9 +++-- include/linux/of.h | 3 ++- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git

[PATCH 21/32] soc: qcom: apr: Use mem_to_flex_dup() with struct apr_rx_buf

: linux-arm-...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/soc/qcom/apr.c | 12 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/drivers/soc/qcom/apr.c b/drivers/soc/qcom/apr.c index 3caabd873322..6cf6f6df276e 100644 --- a/drivers/soc/qcom/apr.c +++ b/drivers/soc/qcom

[PATCH 22/32] atags_proc: Use mem_to_flex_dup() with struct buffer

: Andrew Morton Cc: Muchun Song Cc: linux-arm-ker...@lists.infradead.org Signed-off-by: Kees Cook --- arch/arm/kernel/atags_proc.c | 12 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/arch/arm/kernel/atags_proc.c b/arch/arm/kernel/atags_proc.c index 3ec2afe78423

[PATCH 16/32] 802/mrp: Use mem_to_flex_dup() with struct mrp_attr

umazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: Yang Yingliang Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- include/net/mrp.h | 4 ++-- net/802/mrp.c | 9 +++-- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/include/net/mrp.h b/include/net/mrp.h index 1c

[PATCH 18/32] firewire: Use __mem_to_flex_dup() with struct iso_interrupt_event

...@lists.sourceforge.net Signed-off-by: Kees Cook --- drivers/firewire/core-cdev.c | 7 ++- include/uapi/linux/firewire-cdev.h | 4 ++-- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c index c9fe5903725a..7e884c61e12e

[PATCH 10/32] wcn36xx: Use mem_to_flex_dup() with struct wcn36xx_hal_ind_msg

David S. Miller" Cc: Eric Dumazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: wcn3...@lists.infradead.org Cc: linux-wirel...@vger.kernel.org Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/net/wireless/ath/wcn36xx/smd.c | 8 ++-- drivers/net/wireless/ath/wcn36xx/smd.h |

[PATCH 09/32] p54: Use mem_to_flex_dup() with struct p54_cal_database

: "David S. Miller" Cc: Eric Dumazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: linux-wirel...@vger.kernel.org Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/net/wireless/intersil/p54/eeprom.c | 8 ++-- drivers/net/wireless/intersil/p54/p54.h| 4 ++-- 2 files

[PATCH 27/32] KEYS: Use mem_to_flex_dup() with struct user_key_payload

: James Morris Cc: "Serge E. Hallyn" Cc: keyri...@vger.kernel.org Cc: linux-security-mod...@vger.kernel.org Signed-off-by: Kees Cook --- include/keys/user-type.h | 4 ++-- security/keys/user_defined.c | 7 ++- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/include

[PATCH 28/32] selinux: Use mem_to_flex_dup() with xfrm and sidtab

sidtab_str_cache Cc: Steffen Klassert Cc: Herbert Xu Cc: "David S. Miller" Cc: Paul Moore Cc: Stephen Smalley Cc: Eric Paris Cc: Nick Desaulniers Cc: Xiu Jianfeng Cc: "Christian Göttsche" Cc: net...@vger.kernel.org Cc: seli...@vger.kernel.org Signed-off-by: Kees Cook --- inclu

[PATCH 06/32] iwlwifi: calib: Prepare to use mem_to_flex_dup()

dy Lavr Cc: linux-wirel...@vger.kernel.org Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/net/wireless/intel/iwlwifi/dvm/agn.h | 2 +- drivers/net/wireless/intel/iwlwifi/dvm/calib.c | 10 +- drivers/net/wireless/intel/iwlwifi/dvm/ucode.c | 8 3 files changed, 10 i

[PATCH 12/32] cfg80211: Use mem_to_flex_dup() with struct cfg80211_bss_ies

" Cc: Jakub Kicinski Cc: Paolo Abeni Cc: Eric Dumazet Cc: linux-wirel...@vger.kernel.org Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- include/net/cfg80211.h | 4 ++-- net/wireless/scan.c| 21 ++--- 2 files changed, 8 insertions(+), 17 deletions(-)

[PATCH 04/32] fortify: Add run-time WARN for cross-field memcpy()

can use a big hammer and set the sysctl panic_on_warn=1. Cc: Nathan Chancellor Cc: Nick Desaulniers Cc: Tom Rix Cc: linux-harden...@vger.kernel.org Cc: l...@lists.linux.dev Signed-off-by: Kees Cook --- include/linux/fortify-string.h | 70 -- 1 file changed, 67 in

[PATCH 03/32] flex_array: Add Kunit tests

Add tests for the new flexible array structure helpers. These can be run with: make ARCH=um mrproper ./tools/testing/kunit/kunit.py config ./tools/testing/kunit/kunit.py run flex_array Cc: David Gow Cc: kunit-...@googlegroups.com Signed-off-by: Kees Cook --- lib/Kconfig.debug | 12

[PATCH 07/32] iwlwifi: calib: Use mem_to_flex_dup() with struct iwl_calib_result

kub Kicinski Cc: Paolo Abeni Cc: Gregory Greenman Cc: Eric Dumazet Cc: linux-wirel...@vger.kernel.org Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/net/wireless/intel/iwlwifi/dvm/calib.c | 15 +++ 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/dri

[PATCH 20/32] ASoC: sigmadsp: Use mem_to_flex_dup() with struct sigmadsp_data

" Cc: Liam Girdwood Cc: Mark Brown Cc: Jaroslav Kysela Cc: Takashi Iwai Cc: alsa-de...@alsa-project.org Signed-off-by: Kees Cook --- sound/soc/codecs/sigmadsp.c | 11 --- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/sound/soc/codecs/sigmadsp.c b/sound/soc/codecs/

[PATCH 01/32] netlink: Avoid memcpy() across flexible array boundary

https://lore.kernel.org/lkml/d7251d92-150b-5346-6237-52afc154b...@rasmusvillemoes.dk Cc: "David S. Miller" Cc: Jakub Kicinski Cc: Rich Felker Cc: Eric Dumazet Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- include/uapi/linux/netlink.h | 1 + net/netlink/af_netlink.c | 5 +++

[PATCH 14/32] af_unix: Use mem_to_flex_dup() with struct unix_address

umazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: Kuniyuki Iwashima Cc: Alexei Starovoitov Cc: Cong Wang Cc: Al Viro Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- include/net/af_unix.h | 14 -- net/unix/af_unix.c| 7 ++- 2 files changed, 14 insertions(+), 7 deletion

[PATCH 11/32] nl80211: Use mem_to_flex_dup() with struct cfg80211_cqm_config

" Cc: Jakub Kicinski Cc: Paolo Abeni Cc: linux-wirel...@vger.kernel.org Cc: net...@vger.kernel.org Cc: Eric Dumazet Signed-off-by: Kees Cook --- net/wireless/core.h| 4 ++-- net/wireless/nl80211.c | 15 --- 2 files changed, 6 insertions(+), 13 deletions(-) diff --git a/ne

[PATCH 00/32] Introduce flexible array struct memcpy() helpers

ere: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=flexcpy/next-20220502 -Kees [1] https://lwn.net/Articles/864521/ Kees Cook (32): netlink: Avoid memcpy() across flexible array boundary Introduce flexible array struct memcpy() helpers flex_array: Add Kunit tests fortify: Ad

[PATCH 02/32] Introduce flexible array struct memcpy() helpers

jtc1/sc22/wg14/www/docs/n1990.htm Cc: "Gustavo A. R. Silva" Cc: Keith Packard Cc: Francis Laniel Cc: Daniel Axtens Cc: Dan Williams Cc: Vincenzo Frascino Cc: Guenter Roeck Cc: Daniel Vetter Cc: Tadeusz Struk Signed-off-by: Kees Cook --- include/linux/flex_array.h | 637 +

[PATCH] xen: Replace lkml.org links with lore

As started by commit 05a5f51ca566 ("Documentation: Replace lkml.org links with lore"), replace lkml.org links with lore to better use a single source that's more likely to stay available long-term. Signed-off-by: Kees Cook --- drivers/xen/xen-acpi-processor.c | 3 ++- 1 file

Re: [Intel-wired-lan] [PATCH 000/141] Fix fall-through warnings for Clang

h; continue; goto ; return [expression]; [3] https://cwe.mitre.org/data/definitions/484.html -- Kees Cook

Re: [Intel-wired-lan] [PATCH 000/141] Fix fall-through warnings for Clang

are still bugs being found from it -- we need to finish this and shut the door on it for good.) -- Kees Cook

Re: [PATCH 000/141] Fix fall-through warnings for Clang

On Mon, Nov 23, 2020 at 05:32:51PM -0800, Nick Desaulniers wrote: > On Sun, Nov 22, 2020 at 8:17 AM Kees Cook wrote: > > > > On Fri, Nov 20, 2020 at 11:51:42AM -0800, Jakub Kicinski wrote: > > > If none of the 140 patches here fix a real bug, and there is no chan

Re: [PATCH 000/141] Fix fall-through warnings for Clang

On Fri, Nov 20, 2020 at 11:51:42AM -0800, Jakub Kicinski wrote: > On Fri, 20 Nov 2020 11:30:40 -0800 Kees Cook wrote: > > On Fri, Nov 20, 2020 at 10:53:44AM -0800, Jakub Kicinski wrote: > > > On Fri, 20 Nov 2020 12:21:39 -0600 Gustavo A. R. Silva wrote: > > > > This

Re: [PATCH 000/141] Fix fall-through warnings for Clang

On Fri, Nov 20, 2020 at 11:51:42AM -0800, Jakub Kicinski wrote: > On Fri, 20 Nov 2020 11:30:40 -0800 Kees Cook wrote: > > On Fri, Nov 20, 2020 at 10:53:44AM -0800, Jakub Kicinski wrote: > > > On Fri, 20 Nov 2020 12:21:39 -0600 Gustavo A. R. Silva wrote: > > > > This

Re: [PATCH 000/141] Fix fall-through warnings for Clang

ngs are supposed to warn about issues that could > be bugs. Falling through to default: break; can hardly be a bug?! It's certainly a place where the intent is not always clear. I think this makes all the cases unambiguous, and doesn't impact the machine code, since the compiler will happily optimize away any behavioral redundancy. -- Kees Cook

Re: [Xen-devel] [PATCH] x86/xen: Distribute switch variables for initialization

On Thu, Feb 20, 2020 at 11:33:41AM -0500, Boris Ostrovsky wrote: > > > On 2/20/20 1:37 AM, Jürgen Groß wrote: > > On 20.02.20 07:23, Kees Cook wrote: > >> Variables declared in a switch statement before any case statements > >> cannot be automatically initiali

[Xen-devel] [PATCH] x86/xen: Distribute switch variables for initialization

ch/x86/xen/enlighten_pv.c:904:12: warning: statement will never be executed [-Wswitch-unreachable] 904 | unsigned which; |^ [1] https://bugs.llvm.org/show_bug.cgi?id=44916 Signed-off-by: Kees Cook --- arch/x86/xen/enlighten_pv.c |7 --- 1 file changed, 4 insertions(+), 3

Re: [Xen-devel] [PATCH RFC v1 02/12] mm/usercopy.c: Prepare check_page_span() for PG_reserved changes

. Once we no > > longer set these pages to reserved, we can rework this function to > > perform separate checks for ZONE_DEVICE (split from PG_reserved checks). > > > > Cc: Kees Cook > > Cc: Andrew Morton > > Cc: Kate Stewart > > Cc: Allison Randal &g

Re: [Xen-devel] [PATCH 0/3] gcc-plugins: Introduce stackinit plugin

On Mon, Jan 28, 2019 at 4:12 PM Alexander Popov wrote: > > On 23.01.2019 14:03, Kees Cook wrote: > > This adds a new plugin "stackinit" that attempts to perform unconditional > > initialization of all stack variables > > Hello Kees! Hello everyone! > > I

Re: [Xen-devel] [PATCH v6 00/27] x86: PIE support and option to extend KASLR randomization

. With PIE working, the relocations are more sane and boot-time reordering becomes possible (or at least, it becomes the same logically as doing the work on modules, etc). -- Kees Cook ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenp

Re: [Xen-devel] [Intel-gfx] [PATCH 1/3] treewide: Lift switch variables out of switches

CC is reasonable at this. The main issue, though, was most of these places were using the variables in multiple case statements, so they couldn't be limited to a single block (or they'd need to be manually repeated in each block, which is even more ugly, IMO). Whatever the consensus, I'm happy to tweak the patch. Thanks! -- Kees Cook ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [Intel-gfx] [PATCH 1/3] treewide: Lift switch variables out of switches

On Thu, Jan 24, 2019 at 4:44 AM Jani Nikula wrote: > > On Wed, 23 Jan 2019, Edwin Zimmerman wrote: > > On Wed, 23 Jan 2019, Jani Nikula wrote: > >> On Wed, 23 Jan 2019, Greg KH wrote: > >> > On Wed, Jan 23, 2019 at 03:03:47AM -0800, Kees Cook wrote: >

[Xen-devel] [PATCH 2/3] gcc-plugins: Introduce stackinit plugin

on't depend on being zero. :) [1] https://gcc.gnu.org/ml/gcc-patches/2014-06/msg00615.html [2] https://lkml.kernel.org/r/CA+55aFykZL+cSBJjBBts7ebEFfyGPdMzTmLSxKnT_29=j94...@mail.gmail.com Signed-off-by: Kees Cook --- scripts/Makefile.gcc-plugins | 6 ++ scripts/gcc-plugins/Kco

[Xen-devel] [PATCH 0/3] gcc-plugins: Introduce stackinit plugin

el.org/r/CA+55aFykZL+cSBJjBBts7ebEFfyGPdMzTmLSxKnT_29=j94...@mail.gmail.com Kees Cook (3): treewide: Lift switch variables out of switches gcc-plugins: Introduce stackinit plugin lib: Introduce test_stackinit module arch/x86/xen/enlighten_pv.c | 7 +- drivers/cha

[Xen-devel] [PATCH 1/3] treewide: Lift switch variables out of switches

: warning: statement will never be executed [-Wswitch-unreachable] siginfo_t si; ^~ Signed-off-by: Kees Cook --- arch/x86/xen/enlighten_pv.c | 7 --- drivers/char/pcmcia/cm4000_cs.c | 2 +- drivers/char/ppdev.c | 20

[Xen-devel] [PATCH 3/3] lib: Introduce test_stackinit module

: small_hole_runtime_all ok test_stackinit: big_hole_runtime_all ok test_stackinit: u8 ok test_stackinit: u16 ok test_stackinit: u32 ok test_stackinit: u64 ok test_stackinit: char_array ok test_stackinit: small_hole ok test_stackinit: big_hole ok test_stackinit: user ok test_stackinit: failures: 4 Signed-off-by: Kees

Re: [Xen-devel] [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y

On Thu, Aug 2, 2018 at 12:22 PM, Srivatsa S. Bhat wrote: > On 7/26/18 4:09 PM, Kees Cook wrote: >> On Tue, Jul 24, 2018 at 3:02 PM, Jiri Kosina wrote: >>> On Tue, 24 Jul 2018, Srivatsa S. Bhat wrote: >>> >>>> However, if you are proposing that you'd l

Re: [Xen-devel] [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y

ing THREADINFO_GFP imply __GFP_ZERO. This is true in Linus's tree now. Should be trivial to backport: https://git.kernel.org/linus/e01e80634ecdd -Kees -- Kees Cook Pixel Security ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel