Re: [RESEND RFC] kernel/ksysfs.c: restrict /sys/kernel/notes to root access

On Sun, Feb 18, 2024 at 03:35:01PM +0800, Guixiong Wei wrote: > From: Guixiong Wei > > Restrict non-privileged user access to /sys/kernel/notes to > avoid security attack. > > The non-privileged users have read access to notes. The notes > expose the load address of startup_xen. This address cou

Re: [PATCH 0/2] Adjust brk randomness

On Sat, Feb 17, 2024 at 04:25:33PM -0800, H. Peter Anvin wrote: > On February 16, 2024 10:25:42 PM PST, Kees Cook wrote: > >Hi, > > > >It was recently pointed out[1] that x86_64 brk entropy was not great, > >and that on all architectures the brk can (when the random offset is 0) > >be immediately

Re: [PATCH 0/2] Adjust brk randomness

On February 16, 2024 10:25:42 PM PST, Kees Cook wrote: >Hi, > >It was recently pointed out[1] that x86_64 brk entropy was not great, >and that on all architectures the brk can (when the random offset is 0) >be immediately adjacent to .bss, leaving no gap that could stop linear >overflows from the

Re: [PATCH bpf-next] bpf: Check return from set_memory_rox() and friends

On Sat, Feb 17, 2024 at 11:24:07AM +0100, Christophe Leroy wrote: > arch_protect_bpf_trampoline() and alloc_new_pack() call > set_memory_rox() which can fail, leading to unprotected memory. > > Take into account return from set_memory_XX() functions and add > __must_check flag to arch_protect_bpf_

Re: [PATCH] greybus: Avoid fake flexible array for response data

On Sat, Feb 17, 2024 at 02:17:33PM -0600, Alex Elder wrote: > On 2/16/24 5:28 PM, Kees Cook wrote: > > FORTIFY_SOURCE has been ignoring 0-sized destinations while the kernel > > code base has been converted to flexible arrays. In order to enforce > > the 0-sized destinations (e.g. with __counted_by

Re: [PATCH] greybus: audio: apbridgea: Remove flexible array from struct audio_apbridgea_hdr

On 2/17/24 9:47 AM, Erick Archer wrote: When a struct containing a flexible array is included in another struct, and there is a member after the struct-with-flex-array, there is a possibility of memory overlap. These cases must be audited [1]. See: struct inner { ... int flex[];

Re: [PATCH] greybus: Avoid fake flexible array for response data

On 2/16/24 5:28 PM, Kees Cook wrote: FORTIFY_SOURCE has been ignoring 0-sized destinations while the kernel code base has been converted to flexible arrays. In order to enforce the 0-sized destinations (e.g. with __counted_by), the remaining 0-sized destinations need to be handled. Instead of con

[PATCH] greybus: audio: apbridgea: Remove flexible array from struct audio_apbridgea_hdr

When a struct containing a flexible array is included in another struct, and there is a member after the struct-with-flex-array, there is a possibility of memory overlap. These cases must be audited [1]. See: struct inner { ... int flex[]; }; struct outer { ... str

[PATCH v2] RDMA/uverbs: Remove flexible arrays from struct *_filter

When a struct containing a flexible array is included in another struct, and there is a member after the struct-with-flex-array, there is a possibility of memory overlap. These cases must be audited [1]. See: struct inner { ... int flex[]; }; struct outer { ... str

Re: [PATCH] net: sched: Annotate struct tc_pedit with __counted_by

On Fri, Feb 16, 2024 at 7:04 PM Gustavo A. R. Silva wrote: > > > > On 2/16/24 17:27, Kees Cook wrote: > > Prepare for the coming implementation by GCC and Clang of the __counted_by > > attribute. Flexible array members annotated with __counted_by can have > > their accesses bounds-checked at run-t

[PATCH bpf-next] bpf: Check return from set_memory_rox() and friends

arch_protect_bpf_trampoline() and alloc_new_pack() call set_memory_rox() which can fail, leading to unprotected memory. Take into account return from set_memory_XX() functions and add __must_check flag to arch_protect_bpf_trampoline(). Signed-off-by: Christophe Leroy --- arch/x86/net/bpf_jit_co