On Wed, Sep 11, 2024, at 00:26, Kees Cook wrote:
> On Mon, Sep 09, 2024 at 04:26:03PM +0300, Andy Shevchenko wrote:
>> Recently I'm trying to compile my (almost) x86_64_defconfig based kernel with
>> `make W=1` while having CONFIG_WERROR=y. With a handful of patches I was able
>> to achieve that wi
that 15.75KB is
> somehow safe to use while 15.00KB is not."
>
> Co-developed-by: Yuntao Liu
> Signed-off-by: Yuntao Liu
> Fixes: 9c573cd31343 ("randomize_kstack: Improve entropy diffusion")
> Link: https://lore.kernel.org/r/20240617133721.377540-1-liuyunta...@huawei.com
> Signed-off-by: Kees Cook
Reviewed-by: Arnd Bergmann
On Wed, Jun 19, 2024, at 23:17, Kees Cook wrote:
> On Wed, Jun 19, 2024 at 11:12:25PM +0200, Arnd Bergmann wrote:
>> On Wed, Jun 19, 2024, at 22:50, Kees Cook wrote:
>> The problem here is that a gcc plugin links against the
>> compiler, not against code produced b
On Wed, Jun 19, 2024, at 22:50, Kees Cook wrote:
> On Tue, Jun 18, 2024 at 04:41:01PM -0700, Jeff Johnson wrote:
>> I see the following in my .config:
>> CONFIG_HAVE_GCC_PLUGINS=y
>> CONFIG_GCC_PLUGINS=y
>> CONFIG_GCC_PLUGIN_LATENT_ENTROPY=y
>> CONFIG_GCC_PLUGIN_RANDSTRUCT=y
>>
>> So I'll turn tho
On Tue, Jun 18, 2024, at 12:45, Mark Rutland wrote:
> On Mon, Jun 17, 2024 at 10:33:08PM +0200, Arnd Bergmann wrote:
>> On Mon, Jun 17, 2024, at 20:22, Kees Cook wrote:
>> > On Mon, Jun 17, 2024 at 04:52:15PM +0100, Mark Rutland wrote:
> Sorry, to be clear, I'm happy f
On Tue, Jun 18, 2024, at 01:31, Kees Cook wrote:
> On Mon, Jun 17, 2024 at 10:33:08PM +0200, Arnd Bergmann wrote:
>> On Mon, Jun 17, 2024, at 20:22, Kees Cook wrote:
>
> I'm all for more entropy, but arch maintainers had wanted specific
> control over this value,
On Mon, Jun 17, 2024, at 20:22, Kees Cook wrote:
> On Mon, Jun 17, 2024 at 04:52:15PM +0100, Mark Rutland wrote:
>> On Mon, Jun 17, 2024 at 01:37:21PM +, Yuntao Liu wrote:
>> > Since the offset would be bitwise ANDed with 0x3FF in
>> > add_random_kstack_offset(), so just remove AND operation he
On Wed, May 22, 2024, at 08:35, Nicolai Stange wrote:
> Kees Cook writes:
>>
>> diff --git a/include/linux/randomize_kstack.h
>> b/include/linux/randomize_kstack.h
>> index 5d868505a94e..6d92b68efbf6 100644
>> --- a/include/linux/randomize_kstack.h
>> +++ b/include/linux/randomize_kstack.h
>> @@
From: Arnd Bergmann
This is one of the drivers with an unused variable that is marked 'const'.
Adding a __used annotation here avoids the warning and lets us enable
the option by default:
lib/test_ubsan.c:137:28: error: unused variable 'skip_ubsan_array'
[-Werror,-Wu
From: Arnd Bergmann
gcc-9 and some other older versions produce a false-positive warning
for zeroing two fields
In file included from include/linux/string.h:369,
from drivers/net/wireless/ath/ath9k/main.c:18:
In function 'fortify_memset_chk',
inlined from '
From: Arnd Bergmann
The carl9170_tx_release() function sometimes triggers a fortified-memset
warning in my randconfig builds:
In file included from include/linux/string.h:254,
from drivers/net/wireless/ath/carl9170/tx.c:40:
In function 'fortify_memset_chk',
in
From: Arnd Bergmann
While testing some other patch series I worked on across gcc versions, I found
a couple of stringop warnings that only show up with some toolchains but not
others. The warnings I both seem to be false positive.
I have also not found an explanation why both of these happen in
On Sat, Mar 23, 2024, at 00:40, Jeremy Linton wrote:
> On 3/8/24 14:29, Arnd Bergmann wrote:
>> On Fri, Mar 8, 2024, at 17:49, Jeremy Linton wrote:
>>> On 3/7/24 05:10, Arnd Bergmann wrote:
>>>>
>>>> I'm not sure I understand the logic. Do you mea
On Fri, Mar 8, 2024, at 17:49, Jeremy Linton wrote:
> On 3/7/24 05:10, Arnd Bergmann wrote:
>>
>> I'm not sure I understand the logic. Do you mean that accessing
>> CNTVCT itself is slow, or that reseeding based on CNTVCT is slow
>> because of the overhead of
On Thu, Mar 7, 2024, at 20:15, Kees Cook wrote:
> On Thu, Mar 07, 2024 at 12:10:34PM +0100, Arnd Bergmann wrote:
>> There is not even any attempt to use the most random bits of
>> the cycle counter, as both the high 22 to 24 bits get masked
>> out (to keep the wasted stack spa
On Thu, Mar 7, 2024, at 20:10, Kees Cook wrote:
> On Thu, Mar 07, 2024 at 12:10:34PM +0100, Arnd Bergmann wrote:
>> For the strength, we have at least four options:
>>
>> - strong rng, most expensive
>> - your new prng, less strong but somewhat cheaper and/or mor
On Wed, Mar 6, 2024, at 22:54, Jeremy Linton wrote:
> On 3/6/24 14:46, Arnd Bergmann wrote:
>> On Wed, Mar 6, 2024, at 00:33, Kees Cook wrote:
>>> On Tue, Mar 05, 2024 at 04:18:24PM -0600, Jeremy Linton wrote:
>>>> The existing arm64 stack randomization uses the ker
On Wed, Mar 6, 2024, at 00:33, Kees Cook wrote:
> On Tue, Mar 05, 2024 at 04:18:24PM -0600, Jeremy Linton wrote:
>> The existing arm64 stack randomization uses the kernel rng to acquire
>> 5 bits of address space randomization. This is problematic because it
>> creates non determinism in the syscal
On Thu, Apr 6, 2023, at 13:19, kernel test robot wrote:
> If you fix the issue, kindly add following tag where applicable
> | Reported-by: kernel test robot
> | Link:
> https://lore.kernel.org/oe-kbuild-all/202304061930.4au0pasm-...@intel.com/
>
> All errors (new ones prefixed by >>):
>
>>> ld.l
On Wed, Feb 21, 2024, at 03:02, Jeremy Linton wrote:
> The existing arm64 stack randomization uses the kernel rng to acquire
> 5 bits of address space randomization. This is problematic because it
> creates non determinism in the syscall path when the rng needs to be
> generated or reseeded. This s
On Fri, Jan 26, 2024, at 22:22, Linus Torvalds wrote:
> On Mon, 22 Jan 2024 at 07:29, Gustavo A. R. Silva
> wrote:
>>
>> Enable -Wstringop-overflow globally
>
> I suspect I'll have to revert this.
>
> On arm64, I get a "writing 16 bytes into a region of size 0" in the Xe driver
>
>drivers/gpu
On Thu, Dec 14, 2023, at 17:08, Thierry Reding wrote:
> On Tue, Oct 17, 2023 at 10:53:14AM +0530, Kartik wrote:
>> This series of patches add ACPI support for Tegra194 and Tegra234 in
>> Tegra fuse and apbmisc drivers. It also adds support for Tegra241
>> which uses ACPI boot.
>
> Applied, thanks.
alling strnlen(). When
> src length is unknown (SIZE_MAX), it will use dest length, which is what
> the original code did.
>
> Reported-by: Arnd Bergmann
> Fixes: dfbafa70bde2 ("string: Introduce strtomem() and strtomem_pad()")
> Cc: Andy Shevchenko
> Cc: linux-hardening@vger.kernel.org
> Signed-off-by: Kees Cook
Thanks for addressing this, looks good
Tested-by: Arnd Bergmann
s://www.kernel.org/doc/html/latest/process/deprecated.html#strncpy-on-nul-terminated-strings
>
> [1]
> Link:
> https://manpages.debian.org/testing/linux-manual-4.8/strscpy.9.en.html
> [2]
> Link: https://github.com/KSPP/linux/issues/90
> Cc: linux-hardening@vger.kernel.org
> Signed-off-by: Justin Stitt
Reviewed-by: Arnd Bergmann
24 matches
Mail list logo
