On 02/18/2024 06:55 PM, Christophe Leroy wrote:
set_memory_rox() can fail, leaving memory unprotected.
Check return and bail out when bpf_jit_binary_lock_ro() returns
and error.
Signed-off-by: Christophe Leroy
---
...
diff --git a/arch/loongarch/net/bpf_jit.c b/arch/loongarch/net/bpf_jit.c
On Mon, Feb 19, 2024 at 03:23:12PM +, Lee Jones wrote:
> Adding this to checkpatch is a good idea.
Yeah, please do. You can look at the "strncpy -> strscpy" check that is
already in there for an example.
>
> What if we also take Kees's suggestion and hit all of these found in
> SCSI in one p
On Mon, Feb 19, 2024 at 08:18:04PM +0100, Mickaël Salaün wrote:
> Because sandboxing can be used as an opportunistic security measure,
> user space may not log unsupported features. Let the system
> administrator know if an application tries to use Landlock but failed
> because it isn't enabled at
Because sandboxing can be used as an opportunistic security measure,
user space may not log unsupported features. Let the system
administrator know if an application tries to use Landlock but failed
because it isn't enabled at boot time. This may be caused by bootloader
configurations with outdat
When linking or renaming a file, if only one of the source or
destination directory is backed by an S_PRIVATE inode, then the related
set of layer masks would be used as uninitialized by
is_access_to_paths_allowed(). This would result to indeterministic
access for one side instead of always being
On Fri, Feb 16, 2024 at 03:31:32PM -0800, Kees Cook wrote:
> The struct xt_entry_target fake flexible array has not be converted to a
> true flexible array, which is mainly blocked by it being both UAPI and
> used in the middle of other structures. In order to properly check for
> 0-sized destinati
On Wed, Feb 14, 2024 at 11:46:03AM -0800, Kees Cook wrote:
> This allows replacements of the idioms "var += offset" and "var -=
> offset" with the wrapping_assign_add() and wrapping_assign_sub() helpers
> respectively. They will avoid wrap-around sanitizer instrumentation.
>
> Add to the selftests
On Wed, Feb 14, 2024 at 11:46:01AM -0800, Kees Cook wrote:
> The check_*_overflow() helpers will return results with potentially
> wrapped-around values. These values have always been checked by the
> selftests, so avoid the confusing language in the kern-doc. The idea of
> "safe for use" was relat
On Mon, 2024-02-19 at 15:23 +, Lee Jones wrote:
> On Sat, 10 Feb 2024, James Bottomley wrote:
>
> > On Thu, 2024-02-08 at 10:29 +, Lee Jones wrote:
> > > On Thu, 08 Feb 2024, Geert Uytterhoeven wrote:
> > >
> > > > Hi Lee,
> > > >
> > > > Thanks for your patch!
> > > >
> > > > On Thu, F
On Sun, 2024-02-18 at 11:55 +0100, Christophe Leroy wrote:
> set_memory_rox() can fail, leaving memory unprotected.
>
> Check return and bail out when bpf_jit_binary_lock_ro() returns
> and error.
>
> Signed-off-by: Christophe Leroy
> ---
> Previous patch introduces a dependency on this patch be
On Sat, 10 Feb 2024, James Bottomley wrote:
> On Thu, 2024-02-08 at 10:29 +, Lee Jones wrote:
> > On Thu, 08 Feb 2024, Geert Uytterhoeven wrote:
> >
> > > Hi Lee,
> > >
> > > Thanks for your patch!
> > >
> > > On Thu, Feb 8, 2024 at 9:48 AM Lee Jones wrote:
> > > > There is a general misun
Christophe Leroy writes:
> set_memory_rox() can fail, leaving memory unprotected.
>
> Check return and bail out when bpf_jit_binary_lock_ro() returns
> and error.
>
> Signed-off-by: Christophe Leroy
> ---
> Previous patch introduces a dependency on this patch because it modifies
> bpf_prog_lock
On Sun, Feb 18, 2024 at 8:47 AM Greg KH wrote:
>
> On Sun, Feb 18, 2024 at 03:35:01PM +0800, Guixiong Wei wrote:
> > From: Guixiong Wei
> >
> > Restrict non-privileged user access to /sys/kernel/notes to
> > avoid security attack.
> >
> > The non-privileged users have read access to notes. The no
On 18.02.24 10:04, Kees Cook wrote:
On Sun, Feb 18, 2024 at 08:47:03AM +0100, Greg KH wrote:
On Sun, Feb 18, 2024 at 03:35:01PM +0800, Guixiong Wei wrote:
From: Guixiong Wei
Restrict non-privileged user access to /sys/kernel/notes to
avoid security attack.
The non-privileged users have read
On 2024/2/18 17:04, Kees Cook wrote:
On Sun, Feb 18, 2024 at 08:47:03AM +0100, Greg KH wrote:
On Sun, Feb 18, 2024 at 03:35:01PM +0800, Guixiong Wei wrote:
From: Guixiong Wei
Restrict non-privileged user access to /sys/kernel/notes to
avoid security attack.
The non-privileged users have re
Hello:
This patch was applied to netdev/net-next.git (main)
by David S. Miller :
On Fri, 16 Feb 2024 15:27:44 -0800 you wrote:
> Prepare for the coming implementation by GCC and Clang of the __counted_by
> attribute. Flexible array members annotated with __counted_by can have
> their accesses bou
Hello:
This patch was applied to netdev/net.git (main)
by David S. Miller :
On Fri, 16 Feb 2024 15:30:05 -0800 you wrote:
> FORTIFY_SOURCE has been ignoring 0-sized destinations while the kernel
> code base has been converted to flexible arrays. In order to enforce
> the 0-sized destinations (e.g
Le 19/02/2024 à 11:19, Simon Horman a écrit :
> On Sat, Feb 17, 2024 at 11:24:07AM +0100, Christophe Leroy wrote:
>> arch_protect_bpf_trampoline() and alloc_new_pack() call
>> set_memory_rox() which can fail, leading to unprotected memory.
>>
>> Take into account return from set_memory_XX() funct
On Sat, Feb 17, 2024 at 11:24:07AM +0100, Christophe Leroy wrote:
> arch_protect_bpf_trampoline() and alloc_new_pack() call
> set_memory_rox() which can fail, leading to unprotected memory.
>
> Take into account return from set_memory_XX() functions and add
> __must_check flag to arch_protect_bpf_
19 matches
Mail list logo
