On February 13, 2025 2:20:01 PM PST, Jeff Xu wrote:
>On Thu, Feb 13, 2025 at 11:28 AM Kees Cook wrote:
>>
>>
>>
>> On February 13, 2025 6:14:00 AM PST, Jeff Xu wrote:
>> >On Wed, Feb 12, 2025 at 5:04 AM Thomas Weißschuh
>> > wrote:
>> >>
>> >> On Wed, Feb 12, 2025 at 03:21:50AM +, jef...@
On Fri, Feb 14, 2025 at 11:23:06AM +1030, Gustavo A. R. Silva wrote:
> -Wflex-array-member-not-at-end was introduced in GCC-14, and we are
> getting ready to enable it, globally.
>
> So, in order to avoid ending up with flexible-array members in the
> middle of other structs, we use the `__struct_
* Liam R. Howlett [250213 19:14]:
> * Jeff Xu [250213 17:00]:
> > On Thu, Feb 13, 2025 at 12:54 PM Liam R. Howlett
> > wrote:
> >
> > > > > >
> > > > > > VM_SEALED isn't defined in 32-bit systems, and mseal.c isn't part of
> > > > > > the build. This is intentional. Any 32-bit code trying to us
-Wflex-array-member-not-at-end was introduced in GCC-14, and we are
getting ready to enable it, globally.
So, in order to avoid ending up with flexible-array members in the
middle of other structs, we use the `__struct_group()` helper to
separate the flexible array from the rest of the members in
* Jeff Xu [250213 17:00]:
> On Thu, Feb 13, 2025 at 12:54 PM Liam R. Howlett
> wrote:
>
> > > > >
> > > > > VM_SEALED isn't defined in 32-bit systems, and mseal.c isn't part of
> > > > > the build. This is intentional. Any 32-bit code trying to use the
> > > > > sealing function or the VM_SEALED
On Fri, Feb 14, 2025 at 12:24 AM Jennifer Miller wrote:
> On Thu, Feb 13, 2025 at 09:24:18PM +, Andrew Cooper wrote:
> > On 13/02/2025 7:23 pm, Jann Horn wrote:
> > > How would we actually do that overwriting and restoring of
> > > KERNEL_GS_BASE? Would we need a scratch register for that?
> >
On Thu, Feb 13, 2025 at 09:24:18PM +, Andrew Cooper wrote:
> On 13/02/2025 7:23 pm, Jann Horn wrote:
> > On Thu, Feb 13, 2025 at 7:15 AM Jennifer Miller wrote:
> >> Here is some napkin asm for this I wrote for the 64-bit syscall entrypoint,
> >> I think more or less the same could be done for
On Thu, Feb 13, 2025 at 11:28 AM Kees Cook wrote:
>
>
>
> On February 13, 2025 6:14:00 AM PST, Jeff Xu wrote:
> >On Wed, Feb 12, 2025 at 5:04 AM Thomas Weißschuh
> > wrote:
> >>
> >> On Wed, Feb 12, 2025 at 03:21:50AM +, jef...@chromium.org wrote:
> >> > From: Jeff Xu
> >> >
> >> > Add code
On Thu, 13 Feb 2025 12:34:55 -0800
Bart Van Assche wrote:
> On 2/13/25 11:53 AM, Thorsten Blum wrote:
> > diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
> > index 84d8de07b7ae..c7ebae24b09f 100644
> > --- a/drivers/scsi/hpsa.c
> > +++ b/drivers/scsi/hpsa.c
> > @@ -460,9 +460,8 @@ static s
On Thu, Feb 13, 2025 at 03:29:12PM +1030, Gustavo A. R. Silva wrote:
> -Wflex-array-member-not-at-end was introduced in GCC-14, and we are
> getting ready to enable it, globally.
>
> So, in order to avoid ending up with flexible-array members in the
> middle of other structs, we use the `__struct_
On Thu, Feb 13, 2025 at 11:13:52PM +0100, Thorsten Blum wrote:
> Add the __counted_by compiler attribute to the flexible array member
> attrs to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
> CONFIG_FORTIFY_SOURCE.
>
> Increment num before adding a new param_attribute to the attrs ar
Add the __counted_by compiler attribute to the flexible array member
attrs to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
CONFIG_FORTIFY_SOURCE.
Increment num before adding a new param_attribute to the attrs array and
adjust the array index accordingly. Increment num immediately aft
On Thu, Feb 13, 2025 at 12:54 PM Liam R. Howlett
wrote:
> > > >
> > > > VM_SEALED isn't defined in 32-bit systems, and mseal.c isn't part of
> > > > the build. This is intentional. Any 32-bit code trying to use the
> > > > sealing function or the VM_SEALED flag will immediately fail
> > > > compi
On Tue, Feb 11, 2025 at 02:18:08PM +0100, Thorsten Blum wrote:
> On 4. Feb 2025, at 17:44, Thorsten Blum wrote:
> > On 14. Jan 2025, at 22:49, Thorsten Blum wrote:
> >> Add the __counted_by compiler attribute to the flexible array member
> >> attrs to improve access bounds-checking via CONFIG_UBSAN
On 13/02/2025 7:23 pm, Jann Horn wrote:
> On Thu, Feb 13, 2025 at 7:15 AM Jennifer Miller wrote:
>> Here is some napkin asm for this I wrote for the 64-bit syscall entrypoint,
>> I think more or less the same could be done for the other entrypoints.
>>
>> ```
>> endbr64
>> test rsp, rsp
>>
On Thu, Feb 13, 2025 at 9:53 PM Kees Cook wrote:
> On Thu, Feb 13, 2025 at 08:41:16PM +, Andrew Cooper wrote:
> > On 13/02/2025 8:28 pm, Kees Cook wrote:
> > > On Thu, Feb 13, 2025 at 01:31:30AM +, Andrew Cooper wrote:
> > Assuming this is an issue you all feel is worth addressing, I
* Kees Cook [250213 15:11]:
> On Thu, Feb 13, 2025 at 01:29:46PM -0500, Liam R. Howlett wrote:
> > * Jeff Xu [250213 12:17]:
> > > On Wed, Feb 12, 2025 at 7:05 AM Liam R. Howlett
> > > wrote:
> > > >
> > > ...
> > > > >
> > > > > In this version, we've improved the handling of system mapping
>
On Thu, Feb 13, 2025 at 08:41:16PM +, Andrew Cooper wrote:
> On 13/02/2025 8:28 pm, Kees Cook wrote:
> > On Thu, Feb 13, 2025 at 01:31:30AM +, Andrew Cooper wrote:
> Assuming this is an issue you all feel is worth addressing, I will
> continue working on providing a patch. I'm con
On Thu, Feb 13, 2025 at 07:59:48PM +, Pedro Falcato wrote:
> On Wed, Feb 12, 2025 at 2:02 PM Lorenzo Stoakes
> wrote:
> >
> > (sorry I really am struggling to reply to mail as lore still seems to be
> > broken).
> >
> > On Wed, Feb 12, 2025 at 12:37:50PM +, Pedro Falcato wrote:
> > > On We
On Thu, Feb 13, 2025 at 08:53:33PM +0100, Thorsten Blum wrote:
> strncpy() is deprecated for NUL-terminated destination buffers. Use
> strscpy() instead and remove the manual NUL-termination.
>
> Use min() to simplify the size calculation.
>
> Compile-tested only.
>
> Link: https://github.com/KS
On 13/02/2025 8:28 pm, Kees Cook wrote:
> On Thu, Feb 13, 2025 at 01:31:30AM +, Andrew Cooper wrote:
Assuming this is an issue you all feel is worth addressing, I will
continue working on providing a patch. I'm concerned though that the
overhead from adding a wrmsr on both syscal
On Thu, Feb 13, 2025 at 12:34:55PM -0800, Bart Van Assche wrote:
> Something I should have noticed earlier: this code occurs inside sysfs
> write callbacks. The strings passed to sysfs write callbacks are
> 0-terminated. Hence, 'buf' can be passed directly to sscanf() and
> tmpbuf[] can be removed.
On 2/13/25 11:53 AM, Thorsten Blum wrote:
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index 84d8de07b7ae..c7ebae24b09f 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -460,9 +460,8 @@ static ssize_t host_store_hp_ssd_smart_path_status(struct
device *dev,
if (!capab
On Thu, Feb 13, 2025 at 01:31:30AM +, Andrew Cooper wrote:
> >> Assuming this is an issue you all feel is worth addressing, I will
> >> continue working on providing a patch. I'm concerned though that the
> >> overhead from adding a wrmsr on both syscall entry and exit to
> >> overwrite and res
On Thu, Feb 13, 2025 at 10:24:25AM -0800, Bart Van Assche wrote:
> On 2/13/25 3:40 AM, Thorsten Blum wrote:
> > diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
> > index c7ebae24b09f..968cefb497eb 100644
> > --- a/drivers/scsi/hpsa.c
> > +++ b/drivers/scsi/hpsa.c
> > @@ -7236,8 +7236,7 @@ st
* Kees Cook [250213 14:34]:
>
>
> On February 13, 2025 10:35:21 AM PST, "Liam R. Howlett"
> wrote:
> >* Kees Cook [250212 17:05]:
> >> On Wed, Feb 12, 2025 at 11:24:35AM +, Lorenzo Stoakes wrote:
> >> > On Wed, Feb 12, 2025 at 03:21:48AM +, jef...@chromium.org wrote:
> >> > > From: Je
On Thu, Feb 13, 2025 at 01:29:46PM -0500, Liam R. Howlett wrote:
> * Jeff Xu [250213 12:17]:
> > On Wed, Feb 12, 2025 at 7:05 AM Liam R. Howlett
> > wrote:
> > >
> > ...
> > > >
> > > > In this version, we've improved the handling of system mapping sealing
> > > > from
> > > > previous versions
On Wed, Feb 12, 2025 at 2:02 PM Lorenzo Stoakes
wrote:
>
> (sorry I really am struggling to reply to mail as lore still seems to be
> broken).
>
> On Wed, Feb 12, 2025 at 12:37:50PM +, Pedro Falcato wrote:
> > On Wed, Feb 12, 2025 at 11:25 AM Lorenzo Stoakes
> > wrote:
> > >
> > > On Wed, Feb
strncpy() is deprecated for NUL-terminated destination buffers. Use
strscpy() instead and remove the manual NUL-termination.
Use min() to simplify the size calculation.
Compile-tested only.
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Suggested-by: Bart Van A
On February 13, 2025 10:35:21 AM PST, "Liam R. Howlett"
wrote:
>* Kees Cook [250212 17:05]:
>> On Wed, Feb 12, 2025 at 11:24:35AM +, Lorenzo Stoakes wrote:
>> > On Wed, Feb 12, 2025 at 03:21:48AM +, jef...@chromium.org wrote:
>> > > From: Jeff Xu
>> > >
>> > > The commit message in t
On February 13, 2025 6:14:00 AM PST, Jeff Xu wrote:
>On Wed, Feb 12, 2025 at 5:04 AM Thomas Weißschuh
> wrote:
>>
>> On Wed, Feb 12, 2025 at 03:21:50AM +, jef...@chromium.org wrote:
>> > From: Jeff Xu
>> >
>> > Add code to detect if the vdso is memory sealed, skip the test
>> > if it is.
>
On Thu, Feb 13, 2025 at 7:15 AM Jennifer Miller wrote:
> On Wed, Feb 12, 2025 at 11:29:02PM +0100, Jann Horn wrote:
> > +Andy Lutomirski (X86 entry code maintainer)
> >
> > On Wed, Feb 12, 2025 at 10:08 PM Jennifer Miller wrote:
> > > As part of a recently accepted paper we demonstrated that sysc
On 13. Feb 2025, at 20:14, David Laight wrote:
> On Wed, 12 Feb 2025 23:43:53 +0100
> Thorsten Blum wrote:
>
>> strncpy() is deprecated for NUL-terminated destination buffers [1].
>>
>> Replace memset() and strncpy() with strscpy_pad() to copy the version
>> string and fill the remaining bytes i
On Wed, 12 Feb 2025 23:43:53 +0100
Thorsten Blum wrote:
> strncpy() is deprecated for NUL-terminated destination buffers [1].
>
> Replace memset() and strncpy() with strscpy_pad() to copy the version
> string and fill the remaining bytes in the destination buffer with NUL
> bytes. This avoids ze
* Kees Cook [250212 17:05]:
> On Wed, Feb 12, 2025 at 11:24:35AM +, Lorenzo Stoakes wrote:
> > On Wed, Feb 12, 2025 at 03:21:48AM +, jef...@chromium.org wrote:
> > > From: Jeff Xu
> > >
> > > The commit message in the first patch contains the full description of
> > > this series.
> >
>
* Jeff Xu [250213 12:17]:
> On Wed, Feb 12, 2025 at 7:05 AM Liam R. Howlett
> wrote:
> >
> ...
> > >
> > > In this version, we've improved the handling of system mapping sealing
> > > from
> > > previous versions, instead of modifying the _install_special_mapping
> > > function itself, which wo
On 2/13/25 3:40 AM, Thorsten Blum wrote:
diff --git a/drivers/scsi/hpsa.c b/drivers/scsi/hpsa.c
index c7ebae24b09f..968cefb497eb 100644
--- a/drivers/scsi/hpsa.c
+++ b/drivers/scsi/hpsa.c
@@ -7236,8 +7236,7 @@ static int hpsa_controller_hard_reset(struct pci_dev
*pdev,
static void init_driv
On 2/13/25 3:24 AM, Thorsten Blum wrote:
This subtle difference between strncpy() and strscpy() regarding the
number of bytes copied isn't really documented anywhere, is it? The
documentation I came across so far seems to focus mostly on the
different return values of the two functions.
From th
On Wed, Feb 12, 2025 at 7:05 AM Liam R. Howlett wrote:
>
...
> >
> > In this version, we've improved the handling of system mapping sealing from
> > previous versions, instead of modifying the _install_special_mapping
> > function itself, which would affect all architectures, we now call
> > _inst
On 10/02/2025 15:23, Kevin Brodsky wrote:
> [...]
>
>>> Any comment or feedback will be highly appreciated, be it on the
>>> high-level approach or implementation choices!
>> As hinted earlier with my QEMU question... what's the best way I can I
>> test this myself? :)
> As mentioned above I tested
On Wed, Feb 12, 2025 at 3:24 AM Lorenzo Stoakes
wrote:
> It'd be nice to update the documentation to have a list of 'known
> problematic userland software with sealed VDSO' so we make people aware.
>
Sure. It will be added in the next version.
>
> And I _want the series to land_ :>) I suspect we
On Wed, Feb 12, 2025 at 2:05 PM Kees Cook wrote:
>
> > It'd be nice to update the documentation to have a list of 'known
> > problematic userland software with sealed VDSO' so we make people aware.
>
> I like this idea! Probably in mseal.rst, as the Kconfig help already
> points there.
>
Will upda
On Wed, Feb 12, 2025 at 5:04 AM Thomas Weißschuh
wrote:
>
> On Wed, Feb 12, 2025 at 03:21:50AM +, jef...@chromium.org wrote:
> > From: Jeff Xu
> >
> > Add code to detect if the vdso is memory sealed, skip the test
> > if it is.
> >
> > Signed-off-by: Jeff Xu
> > ---
> > .../testing/selftest
strncpy() is deprecated for NUL-terminated destination buffers. Use
strscpy() instead and remove the manual NUL-termination.
Compile-tested only.
Link: https://github.com/KSPP/linux/issues/90
Cc: linux-hardening@vger.kernel.org
Signed-off-by: Thorsten Blum
---
arch/m68k/kernel/setup_mm.c | 3 +-
strncpy() is deprecated for NUL-terminated destination buffers. Replace
memset() and strncpy() with strscpy_pad() to copy the version string and
fill the remaining bytes in the destination buffer with NUL bytes. This
avoids zeroing the memory before copying the string.
Compile-tested only.
Link:
On 12. Feb 2025, at 23:22, Thorsten Blum wrote:
> strncpy() is deprecated for NUL-terminated destination buffers [1]. Use
> strscpy() instead and remove the manual NUL-termination.
>
> Use min() to simplify the size calculation.
>
> Compile-tested only.
>
> Link:
> https://www.kernel.org/doc/ht
On 2/11/25 6:50 AM, Michal Swiatkowski wrote:
> On Mon, Feb 10, 2025 at 09:01:52PM -0500, Ethan Carter Edwards wrote:
>> The variable *max_mtu* is uninitialized in the function
>> otx2_get_max_mtu. It is only assigned in the if-statement, leaving the
>> possibility of returning an uninitialized val
On 2/13/25 1:10 AM, Justin Stitt wrote:
> On Tue, Feb 11, 2025 at 6:22 AM Tariq Toukan wrote:
>> On 11/02/2025 2:01, Justin Stitt wrote:
diff --git a/drivers/net/ethernet/mellanox/mlx4/alloc.c
b/drivers/net/ethernet/mellanox/mlx4/alloc.c
index b330020dc0d6..f2bded847e61 100644
48 matches
Mail list logo
