On Wed, Jun 19, 2024, at 23:17, Kees Cook wrote:
> On Wed, Jun 19, 2024 at 11:12:25PM +0200, Arnd Bergmann wrote:
>> On Wed, Jun 19, 2024, at 22:50, Kees Cook wrote:
>> The problem here is that a gcc plugin links against the
>> compiler, not against code produced by it. I'm linking the
>> crosstoo
On 2024/6/18 18:45, Mark Rutland wrote:
Hi Arnd,
On Mon, Jun 17, 2024 at 10:33:08PM +0200, Arnd Bergmann wrote:
On Mon, Jun 17, 2024, at 20:22, Kees Cook wrote:
On Mon, Jun 17, 2024 at 04:52:15PM +0100, Mark Rutland wrote:
On Mon, Jun 17, 2024 at 01:37:21PM +, Yuntao Liu wrote:
Since
On 2024/6/20 5:47, Kees Cook wrote:
An unintended consequence of commit 9c573cd31343 ("randomize_kstack:
Improve entropy diffusion") was that the per-architecture entropy size
filtering reduced how many bits were being added to the mix, rather than
how many bits were being used during the offs
An unintended consequence of commit 9c573cd31343 ("randomize_kstack:
Improve entropy diffusion") was that the per-architecture entropy size
filtering reduced how many bits were being added to the mix, rather than
how many bits were being used during the offsetting. All architectures
fell back to th
On 19/06/24 23:13, Javier Carrasco wrote:
Use the __counted_by compiler attribute for the data[] flexible array
member to improve the results of array bound sanitizers.
Signed-off-by: Javier Carrasco
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/input/misc/ims-pcu.c
On 19/06/24 23:12, Kees Cook wrote:
Both struct cfg80211_wowlan_nd_match and struct cfg80211_wowlan_nd_info
pre-allocate space for channels and matches, but then may end up using
fewer that the full allocation. Shrink the associated counter
(n_channels and n_matches) after counting the results
On Wed, Jun 19, 2024 at 11:13:22PM +0200, Javier Carrasco wrote:
> This case of the common error message upon failure of
> input_allocate_device() repeats the word "input".
>
> Drop one "input" from the error message.
>
> Signed-off-by: Javier Carrasco
Reviewed-by: Kees Cook
--
Kees Cook
On Wed, Jun 19, 2024 at 11:13:21PM +0200, Javier Carrasco wrote:
> Use the __counted_by compiler attribute for the data[] flexible array
> member to improve the results of array bound sanitizers.
>
> Signed-off-by: Javier Carrasco
Looks good to me. Thanks!
Reviewed-by: Kees Cook
--
Kees Cook
On Wed, Jun 19, 2024 at 11:12:25PM +0200, Arnd Bergmann wrote:
> On Wed, Jun 19, 2024, at 22:50, Kees Cook wrote:
> > On Tue, Jun 18, 2024 at 04:41:01PM -0700, Jeff Johnson wrote:
> >> I see the following in my .config:
> >> CONFIG_HAVE_GCC_PLUGINS=y
> >> CONFIG_GCC_PLUGINS=y
> >> CONFIG_GCC_PLUGIN
This case of the common error message upon failure of
input_allocate_device() repeats the word "input".
Drop one "input" from the error message.
Signed-off-by: Javier Carrasco
---
drivers/input/misc/ims-pcu.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/input/mi
Use the __counted_by compiler attribute for the data[] flexible array
member to improve the results of array bound sanitizers.
Signed-off-by: Javier Carrasco
---
drivers/input/misc/ims-pcu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/input/misc/ims-pcu.c b/driver
s(-)
---
base-commit: 2102cb0d050d34d50b9642a3a50861787527e922
change-id: 20240619-ims-pcu-counted_by-7ff24a731073
Best regards,
--
Javier Carrasco
Both struct cfg80211_wowlan_nd_match and struct cfg80211_wowlan_nd_info
pre-allocate space for channels and matches, but then may end up using
fewer that the full allocation. Shrink the associated counter
(n_channels and n_matches) after counting the results. This avoids
compile-time (and run-time)
On Wed, Jun 19, 2024, at 22:50, Kees Cook wrote:
> On Tue, Jun 18, 2024 at 04:41:01PM -0700, Jeff Johnson wrote:
>> I see the following in my .config:
>> CONFIG_HAVE_GCC_PLUGINS=y
>> CONFIG_GCC_PLUGINS=y
>> CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
>> CONFIG_GCC_PLUGIN_RANDSTRUCT=y
>>
>> So I'll turn tho
On Tue, Jun 18, 2024 at 04:41:01PM -0700, Jeff Johnson wrote:
> I'm trying to do an allmodconfig build for ARCH=mips using:
> https://mirrors.edge.kernel.org/pub/tools/crosstool/files/bin/x86_64/13.2.0/x86_64-gcc-13.2.0-nolibc-mips-linux.tar.gz
>
> This build dies quickly with:
> CC scripts
On Wed, Jun 19, 2024 at 09:42:44PM +0200, Javier Carrasco wrote:
> Use the __counted_by compiler attribute for the data[] flexible array
> member to improve the results of array bound sanitizers.
>
> Reviewed-by: Nathan Chancellor
> Signed-off-by: Javier Carrasco
Reviewed-by: Kees Cook
--
Ke
On Wed, Jun 19, 2024 at 09:42:45PM +0200, Javier Carrasco wrote:
> Use the struct_size macro to calculate the size of the pkt, which
> includes a trailing flexible array.
>
> Suggested-by: Nathan Chancellor
> Signed-off-by: Javier Carrasco
Reviewed-by: Kees Cook
--
Kees Cook
All fake flexible arrays should have been removed now, so remove the
special casing that was avoiding checking them. If a destination claims
to be 0 sized, believe it. This is especially important for cases where
__counted_by is in use and may have a 0 element count.
Signed-off-by: Kees Cook
---
On 19/06/24 21:42, Javier Carrasco wrote:
Use the __counted_by compiler attribute for the data[] flexible array
member to improve the results of array bound sanitizers.
Reviewed-by: Nathan Chancellor
Signed-off-by: Javier Carrasco
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
On 19/06/24 21:42, Javier Carrasco wrote:
Use the struct_size macro to calculate the size of the pkt, which
includes a trailing flexible array.
Suggested-by: Nathan Chancellor
Signed-off-by: Javier Carrasco
Reviewed-by: Gustavo A. R. Silva
Thanks
--
Gustavo
---
drivers/usb/serial/ga
Use the struct_size macro to calculate the size of the pkt, which
includes a trailing flexible array.
Suggested-by: Nathan Chancellor
Signed-off-by: Javier Carrasco
---
drivers/usb/serial/garmin_gps.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/drivers/usb/serial/garmi
Use the __counted_by compiler attribute for the data[] flexible array
member to improve the results of array bound sanitizers.
Reviewed-by: Nathan Chancellor
Signed-off-by: Javier Carrasco
---
drivers/usb/serial/garmin_gps.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dr
://lore.kernel.org/r/20240619-garmin_gps_counted_by-v1-1-d8d816f08...@gmail.com
---
Javier Carrasco (2):
USB: serial: garmin_gps: annotate struct garmin_packet with __counted_by
USB: serial: garmin_gps: use struct_size to allocate pkt
drivers/usb/serial/garmin_gps.c | 5 ++---
1 file changed, 2
The msg subsystem is a common target for exploiting[1][2][3][4][5][6][7]
use-after-free type confusion flaws in the kernel for both read and write
primitives. Avoid having a user-controlled dynamically-size allocation
share the global kmalloc cache by using a separate set of kmalloc buckets
via the
Both memdup_user() and vmemdup_user() handle allocations that are
regularly used for exploiting use-after-free type confusion flaws in
the kernel (e.g. prctl() PR_SET_VMA_ANON_NAME[1] and setxattr[2][3][4]
respectively).
Since both are designed for contents coming from userspace, it allows
for use
Dedicated caches are available for fixed size allocations via
kmem_cache_alloc(), but for dynamically sized allocations there is only
the global kmalloc API's set of buckets available. This means it isn't
possible to separate specific sets of dynamically sized allocations into
a separate collection
Plumb kmem_buckets arguments through kvmalloc_node_noprof() so it is
possible to provide an API to perform kvmalloc-style allocations with
a particular set of buckets. Introduce kvmalloc_buckets_node() that takes a
kmem_buckets argument.
Signed-off-by: Kees Cook
---
include/linux/slab.h | 4 +++-
Introduce CONFIG_SLAB_BUCKETS which provides the infrastructure to
support separated kmalloc buckets (in the following kmem_buckets_create()
patches and future codetag-based separation). Since this will provide
a mitigation for a very common case of exploits, enable it by default.
To be able to ch
Encapsulate the concept of a single set of kmem_caches that are used
for the kmalloc size buckets. Redefine kmalloc_caches as an array
of these buckets (for the different global cache buckets).
Signed-off-by: Kees Cook
---
include/linux/slab.h | 5 +++--
mm/slab_common.c | 3 +--
2 files cha
Hi,
v5:
- Use vbabka's macros for optional arguments (thank you! I added a
Co-developed-by and S-o-b)
- Do not make Kconfig "default y", but recommend that it be enabled (vbabka)
- Do not check for NULL before kmem_cache_destroy() on error path (horms)
- Adjust size/bucket argument or
On 19/06/2024 16:43, Nathan Chancellor wrote:
> On Wed, Jun 19, 2024 at 11:40:57AM +0200, Javier Carrasco wrote:
>> Use the __counted_by compiler attribute for the data[] flexible array member
>> to improve the results of array bound sanitizers.
>>
>> Signed-off-by: Javier Carrasco
>> ---
>> The s
On 19/06/24 16:43, Nathan Chancellor wrote:
On Wed, Jun 19, 2024 at 11:40:57AM +0200, Javier Carrasco wrote:
Use the __counted_by compiler attribute for the data[] flexible array member
to improve the results of array bound sanitizers.
Signed-off-by: Javier Carrasco
---
The size is assigned
size;
> - __u8 data[];
> + __u8 data[] __counted_by(size);
> };
>
> /* structure used to keep the current state of the driver */
>
> ---
> base-commit: 0c52056d9f77508cb6d4d68d3fc91c6c08ec71af
> change-id: 20240619-garmin_gps_counted_by-376545960353
>
> Best regards,
> --
> Javier Carrasco
>
Hello everyone, My name is Nicolas Bianconi, and I'm excited to join
this community. You can learn more about me on my website:
https://nicolasbianconi.com. To summarize my experience, I’ve been using
Linux on both servers and desktops for over 7 years and have worked as a
Linux systems adminis
eep the current state of the driver */
---
base-commit: 0c52056d9f77508cb6d4d68d3fc91c6c08ec71af
change-id: 20240619-garmin_gps_counted_by-376545960353
Best regards,
--
Javier Carrasco
35 matches
Mail list logo
