Hi,
This drops -ffreestanding for i386 unconditionally for GCC, and on
Clang version 16 and later. FORTIFY_SOURCE depends on the libcall
optimizations made without -ffreestanding on Clang. On GCC, there is no
expected differences. With that done, it's possible to gain Clang
FORTIFY_SOURCE coverage
The use of -ffreestanding is a leftover that is only needed for certain
versions of Clang. Adjust this to be Clang-only. A later patch will make
this a versioned check.
Signed-off-by: Kees Cook
---
Cc: Nathan Chancellor
Cc: Nick Desaulniers
Cc: Thomas Gleixner
Cc: Ingo Molnar
Cc: Borislav Pet
The i386 regparm bug exposed with FORTIFY_SOURCE with Clang was fixed
in Clang 16[1].
Link:
https://github.com/llvm/llvm-project/commit/c167c0a4dcdb998affb2756ce76903a12f7d8ca5
[1]
Signed-off-by: Kees Cook
---
arch/x86/Makefile | 2 +-
security/Kconfig.hardening | 2 +-
2 files change
On Fri, Mar 07, 2025 at 06:33:13PM -0800, Peter Collingbourne wrote:
> The optimized strscpy() and dentry_string_cmp() routines will read 8
> unaligned bytes at a time via the function read_word_at_a_time(), but
> this is incompatible with MTE which will fault on a partially invalid
> read. The att
The optimized strscpy() and dentry_string_cmp() routines will read 8
unaligned bytes at a time via the function read_word_at_a_time(), but
this is incompatible with MTE which will fault on a partially invalid
read. The attributes on read_word_at_a_time() that disable KASAN are
invisible to the CPU
This patchset introduces support for the Redmi Note 8 (codenamed ginkgo). This
series is a follow-up to v1 (message-id in in-reply-to header) which was sent
without a cover letter.
Changes in v2:
- Add missing cover letter
- Fix up commit message for schema
Gabriel Gonzales (2):
dt-bindings:
Add support for the Xiaomi Redmi Note 8 based on the SM6125 SoC.
Defined features:
- dmesg output to bootloader preconfigured display
- USB
- eMMC
- SD card
- SMD RPM regulators
- Volume Up, Down and Power buttons
Signed-off-by: Gabriel Gonzales
---
arch/arm64/boot/dts/qcom/Makefile
Document the Xiaomi Redmi Note 8 (codenamed ginkgo),
which is based off the SM6125 SoC.
Signed-off-by: Gabriel Gonzales
---
Documentation/devicetree/bindings/arm/qcom.yaml | 1 +
1 file changed, 1 insertion(+)
diff --git a/Documentation/devicetree/bindings/arm/qcom.yaml
b/Documentation/devicet
On Wed, Mar 05, 2025 at 02:43:15PM +0100, Peter Zijlstra wrote:
> Hi Kees,
>
> I keep getting hit by the struct_size() brigade, and I keep having
> trouble reading that macro.
>
> I had a wee poke and ended up with the below, WDYT?
Ah, and to clarify, this is just for readability? (There have be
Hi,
On Thu, Mar 06, 2025 at 08:19:11PM -0800, Kees Cook wrote:
> Limit integer wrap-around mitigation to only the "size_t" type (for
> now). Notably this covers all special functions/builtins that return
> "size_t", like sizeof(). This remains an experimental feature and is
> likely to be replaced
On Thu, Mar 06, 2025 at 08:19:11PM -0800, Kees Cook wrote:
> Limit integer wrap-around mitigation to only the "size_t" type (for
> now). Notably this covers all special functions/builtins that return
> "size_t", like sizeof(). This remains an experimental feature and is
> likely to be replaced with
On March 7, 2025 1:47:34 PM PST, Nathan Chancellor wrote:
>On Tue, Mar 04, 2025 at 09:50:44AM -0800, Kees Cook wrote:
>> On Mon, 03 Mar 2025 13:49:37 -0800, Kees Cook wrote:
>> > The i386 regparm bug exposed with FORTIFY_SOURCE with Clang was fixed
>> > in Clang 16[1].
>> >
>> >
>>
>> Applie
Hi,
On Thu, Mar 06, 2025 at 08:19:10PM -0800, Kees Cook wrote:
> To make integer wrap-around mitigation actually useful, the associated
> sanitizers must not instrument cases where the wrap-around is explicitly
> defined (e.g. "-2UL"), being tested for (e.g. "if (a + b < a)"), or
> where it has no
On Fri, Mar 07, 2025 at 02:57:06PM -0800, Kees Cook wrote:
>
>
> On March 7, 2025 1:47:34 PM PST, Nathan Chancellor wrote:
> >On Tue, Mar 04, 2025 at 09:50:44AM -0800, Kees Cook wrote:
> >> On Mon, 03 Mar 2025 13:49:37 -0800, Kees Cook wrote:
> >> > The i386 regparm bug exposed with FORTIFY_SOUR
On Tue, Mar 04, 2025 at 09:50:44AM -0800, Kees Cook wrote:
> On Mon, 03 Mar 2025 13:49:37 -0800, Kees Cook wrote:
> > The i386 regparm bug exposed with FORTIFY_SOURCE with Clang was fixed
> > in Clang 16[1].
> >
> >
>
> Applied to for-next/hardening, thanks!
>
> [1/1] hardening: Enable i386 FOR
From: Kees Cook
commit d219d2a9a92e39aa92799efe8f2aa21259b6dd82 upstream
When the check_[op]_overflow() helpers were introduced, all arguments
were required to be the same type to make the fallback macros simpler.
However, now that the fallback macros have been removed[1], it is fine
to allow mi
On 3. Mar 2025, at 19:44, Kees Cook wrote:
> On Mon, Mar 03, 2025 at 12:02:22AM +0100, Thorsten Blum wrote:
>> Convert mux_control_ops to a flexible array member at the end of the
>> mux_chip struct and add the __counted_by() compiler attribute to
>> improve access bounds-checking via CONFIG_UBSAN_
strncpy() is deprecated for NUL-terminated destination buffers; use
strscpy() instead. The destination buffer ownername is only used with
"%s" format strings and must therefore be NUL-terminated, but not NUL-
padded.
No functional changes intended.
Link: https://github.com/KSPP/linux/issues/90
Cc
18 matches
Mail list logo
