Limit integer wrap-around mitigation to only the "size_t" type (for
now). Notably this covers all special functions/builtins that return
"size_t", like sizeof(). This remains an experimental feature and is
likely to be replaced with type annotations.
Signed-off-by: Kees Cook
---
Cc: Justin Stitt
Update struct hid_descriptor to better reflect the mandatory and
optional parts of the HID Descriptor as per USB HID 1.11 specification.
Note: the kernel currently does not parse any optional HID class
descriptors, only the mandatory report descriptor.
Update all references to member element desc[
Hi,
This brings Linux's integer overflow mitigation integration up to the
current set of features available in Clang for handling things sanely
(i.e. pattern exclusions). While this isn't over yet, it puts all the
infrastructure in place to continue keeping up to date with current
Clang developmen
To make integer wrap-around mitigation actually useful, the associated
sanitizers must not instrument cases where the wrap-around is explicitly
defined (e.g. "-2UL"), being tested for (e.g. "if (a + b < a)"), or
where it has no impact on code flow (e.g. "while (var--)"). Enable
pattern exclusions f
Since we're going to approach integer overflow mitigation a type at a
time, we need to enable all of the associated sanitizers, and then opt
into types one at a time.
Rename the existing "signed wrap" sanitizer to just the entire topic area:
"integer wrap". Enable the implicit integer truncation s
On Thu, Mar 06, 2025 at 04:59:53PM +0800, David Gow wrote:
> On Wed, 5 Mar 2025 at 00:21, Kees Cook wrote:
> >
> > The UM builds distinguish i386 from x86_64 via SUBARCH, but we don't
> > support building i386 directly with Clang. To make SUBARCH work for
> > i386 UM, we need to explicitly test fo
On Mon, Mar 03, 2025 at 10:26:16AM -0800, Kees Cook wrote:
> On Fri, Feb 28, 2025 at 02:57:40PM -0600, Maxwell Bland wrote:
> > Summarizing, there are thousands of dynamic data structures alloc'd and
> > free'd in the kernel all the time, for files, for processes, and so
> > forth, and it is elemen
On Wed, 5 Mar 2025 at 00:21, Kees Cook wrote:
>
> The UM builds distinguish i386 from x86_64 via SUBARCH, but we don't
> support building i386 directly with Clang. To make SUBARCH work for
> i386 UM, we need to explicitly test for it.
>
> This lets me run i386 KUnit tests with Clang:
>
> $ ./tools
On Wed, Mar 05, 2025 at 11:13:00PM -0800, Kees Cook wrote:
> On Wed, Mar 05, 2025 at 02:43:15PM +0100, Peter Zijlstra wrote:
> > Hi Kees,
> >
> > I keep getting hit by the struct_size() brigade, and I keep having
> > trouble reading that macro.
> >
> > I had a wee poke and ended up with the below
