Re: [PATCH] ksmbd: Annotate struct copychunk_ioctl_req with __counted_by_le()

On 9/24/2024 4:56 PM, Thorsten Blum wrote: On 24. Sep 2024, at 21:33, Thorsten Blum wrote: On 24. Sep 2024, at 20:05, Tom Talpey wrote: On 9/24/2024 6:22 AM, Thorsten Blum wrote: Add the __counted_by_le compiler attribute to the flexible array member Chunks to improve access bounds-checking v

Re: [PATCH] ksmbd: Annotate struct copychunk_ioctl_req with __counted_by_le()

On 24. Sep 2024, at 21:33, Thorsten Blum wrote: >> On 24. Sep 2024, at 20:05, Tom Talpey wrote: >> On 9/24/2024 6:22 AM, Thorsten Blum wrote: >>> Add the __counted_by_le compiler attribute to the flexible array member >>> Chunks to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and >>> CO

Re: [PATCH] ksmbd: Annotate struct copychunk_ioctl_req with __counted_by_le()

Hi Tom, > On 24. Sep 2024, at 20:05, Tom Talpey wrote: > On 9/24/2024 6:22 AM, Thorsten Blum wrote: >> Add the __counted_by_le compiler attribute to the flexible array member >> Chunks to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and >> CONFIG_FORTIFY_SOURCE. >> Read Chunks[0] after

Re: [PATCH] ksmbd: Annotate struct copychunk_ioctl_req with __counted_by_le()

On 9/24/2024 6:22 AM, Thorsten Blum wrote: Add the __counted_by_le compiler attribute to the flexible array member Chunks to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and CONFIG_FORTIFY_SOURCE. Read Chunks[0] after checking that ChunkCount is not 0. Compile-tested only. Signed-off

Re: [REGRESSION][BISECTED] Cannot boot Lichee Pi 4A with FORTIFY_SOURCE enabled

On September 24, 2024 8:58:57 AM PDT, Jason Montleon wrote: >On Sun, Sep 22, 2024 at 6:38 PM Kees Cook wrote: >> Can you try this patch? It should avoid using the "WARN" infrastructure >> (if that is the source of blocking boot), but should still provide some >> detail about what tripped it u

Re: [REGRESSION][BISECTED] Cannot boot Lichee Pi 4A with FORTIFY_SOURCE enabled

On Sun, Sep 22, 2024 at 6:38 PM Kees Cook wrote: > Can you try this patch? It should avoid using the "WARN" infrastructure > (if that is the source of blocking boot), but should still provide some > detail about what tripped it up (via the "regular" pr_*() logging). And > if it boots, can you look

[PATCH] ksmbd: Annotate struct copychunk_ioctl_req with __counted_by_le()

Add the __counted_by_le compiler attribute to the flexible array member Chunks to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and CONFIG_FORTIFY_SOURCE. Read Chunks[0] after checking that ChunkCount is not 0. Compile-tested only. Signed-off-by: Thorsten Blum --- fs/smb/server/smb2pd

Re: [PATCH] acl: Annotate struct posix_acl with __counted_by()

On Mon 23-09-24 23:38:05, Thorsten Blum wrote: > Add the __counted_by compiler attribute to the flexible array member > a_entries to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and > CONFIG_FORTIFY_SOURCE. > > Use struct_size() to calculate the number of bytes to allocate for new > and

[PATCH] MAINTAINERS: Add kernel hardening keywords __counted_by{_le|_be}

In addition to __counted_by, also match the keywords __counted_by_le and __counted_by_be. Signed-off-by: Thorsten Blum --- MAINTAINERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/MAINTAINERS b/MAINTAINERS index 911d573f7779..aff8b04b5eac 100644 --- a/MAINTAINERS +++ b/MAI