Since FineIBT performs checking at the destination, it is weaker against
attacks that can construct arbitrary executable memory contents. As such,
some system builders want to run with FineIBT disabled by default. Allow
the "cfi=kcfi" boot param mode to be selectable through Kconfig via the
newly i
An error report from elf_init_reloc_text_sym() doesn't say what list of
symbols it is working on. Include this on the caller's side so it can be
reported when pathological conditions are encountered.
Signed-off-by: Kees Cook
---
I added this to confirm debugging of
https://lore.kernel.org/lkml/20
The EXEC_RODATA test plays a lot of tricks to live in the .rodata section,
and once again ran into objtool's (completely reasonable) assumptions
that executable code should live in an executable section. However, this
manifested only under CONFIG_CFI_CLANG=y, as one of the .cfi_sites was
pointing i
On Tue, Apr 30, 2024 at 02:15:53PM -0700, Kees Cook wrote:
> On Tue, Apr 30, 2024 at 10:48:36AM -0700, Kees Cook wrote:
> > On Tue, Apr 30, 2024 at 11:21:40AM +0200, Peter Zijlstra wrote:
> > > On Fri, Apr 26, 2024 at 03:29:44PM -0700, Kees Cook wrote:
> > >
> > > > - CONFIG_CFI_CLANG=y for x86 an
On Tue, Apr 30, 2024 at 10:48:36AM -0700, Kees Cook wrote:
> On Tue, Apr 30, 2024 at 11:21:40AM +0200, Peter Zijlstra wrote:
> > On Fri, Apr 26, 2024 at 03:29:44PM -0700, Kees Cook wrote:
> >
> > > - CONFIG_CFI_CLANG=y for x86 and arm64. (And disable FINEIBT since
> > > it isn't as secure as str
On Sat, Apr 27, 2024 at 05:05:56PM +0200, Erick Archer wrote:
> This is an effort to get rid of all multiplications from allocation
> functions in order to prevent integer overflows [1][2].
>
> As the "ff" variable is a pointer to "struct ff_device" and this
> structure ends in a flexible array:
>
On Tue, Apr 30, 2024 at 12:59:57PM -0700, Jeff Johnson wrote:
> On 4/30/2024 3:01 AM, Johannes Berg wrote:
> > This really doesn't even seem right, shouldn't do pointer arithmetic on
> > void pointers.
>
> FWIW I argued this in the past in another context and Linus gave his opinion:
>
> https://l
On 4/30/2024 3:01 AM, Johannes Berg wrote:
> This really doesn't even seem right, shouldn't do pointer arithmetic on
> void pointers.
FWIW I argued this in the past in another context and Linus gave his opinion:
https://lore.kernel.org/all/CAHk-=whFKYMrF6euVvziW+drw7-yi1pYdf=uccnzj8k09do...@mail.
On Tue, Apr 30, 2024 at 11:21:40AM +0200, Peter Zijlstra wrote:
> On Fri, Apr 26, 2024 at 03:29:44PM -0700, Kees Cook wrote:
>
> > - CONFIG_CFI_CLANG=y for x86 and arm64. (And disable FINEIBT since
> > it isn't as secure as straight KCFI.)
>
> Oi ?
Same objection I always had[1]: moving the ch
Add some stuff that got missed along the way:
- CONFIG_UNWIND_PATCH_PAC_INTO_SCS=y so SCS vs PAC is hardware
selectable.
- CONFIG_X86_KERNEL_IBT=y while a default, just be sure.
- CONFIG_CFI_CLANG=y globally. (And disable FINEIBT since
it isn't as secure as straight KCFI.)
- CONFIG_PAGE_TAB
On Mon, Apr 29, 2024 at 10:35:03PM -0700, Kees Cook wrote:
> On Mon, Apr 29, 2024 at 03:16:50PM -0700, Nathan Chancellor wrote:
> > On Fri, Apr 26, 2024 at 03:29:44PM -0700, Kees Cook wrote:
> > [...]
> > > +# Enable Kernel Control Flow Integrity (currently Clang only).
> > > +CONFIG_CFI_CLANG=y
>
On Tue, Apr 30, 2024 at 11:36 AM Dhruva Gole wrote:
>
> On Apr 29, 2024 at 20:50:30 +, Justin Stitt wrote:
> > strncpy() is deprecated for use on NUL-terminated destination strings
> > [1] and as such we should prefer more robust and less ambiguous string
> > interfaces.
> >
> > This kernel co
On Wed, 2024-04-24 at 15:01 -0700, Kees Cook wrote:
> Before request->channels[] can be used, request->n_channels must be set.
> Additionally, address calculations for memory after the "channels" array
> need to be calculated from the allocation base ("request") rather than
> via the first "out of
Hello:
This patch was applied to netdev/net-next.git (main)
by Paolo Abeni :
On Sat, 27 Apr 2024 19:23:36 +0200 you wrote:
> This is an effort to get rid of all multiplications from allocation
> functions in order to prevent integer overflows [1][2].
>
> As the "ids" variable is a pointer to "st
On Apr 29, 2024 at 20:50:30 +, Justin Stitt wrote:
> strncpy() is deprecated for use on NUL-terminated destination strings
> [1] and as such we should prefer more robust and less ambiguous string
> interfaces.
>
> This kernel config option is simply assigned with the resume_file
> buffer. It s
On Fri, Apr 26, 2024 at 03:29:44PM -0700, Kees Cook wrote:
> - CONFIG_CFI_CLANG=y for x86 and arm64. (And disable FINEIBT since
> it isn't as secure as straight KCFI.)
Oi ?
On Mon, Apr 29, 2024 at 10:18:03AM -0700, Kees Cook wrote:
> Peter and Ingo, you seem to traditionally take these changes (via -tip)?
> Can you please pick this up?
I have been explicitly not taking these things for perf and sched for a
while now. As I wrote in that other mail, I detest struct_si
On Mon, Apr 29, 2024 at 07:40:58PM +0200, Erick Archer wrote:
> This is an effort to get rid of all multiplications from allocation
> functions in order to prevent integer overflows [1][2].
So personally I detest struct_size() because I can never remember wtf it
does, whereas the code it replaces
18 matches
Mail list logo
