On Sat, May 03, 2025 at 04:43:21PM -0400, Ethan Carter Edwards wrote:
> Replace kmalloc with internal multiplication with kmalloc_array to
> improve code readability and prevent potential overflows.
But this is not an array of a structure size.
>
> Signed-off-by: Ethan Carter Edwards
> ---
> d
On Tue, May 06, 2025 at 12:17:27PM -0700, Randy Dunlap wrote:
>
>
> On 5/6/25 11:51 AM, Kees Cook wrote:
> > On Tue, May 06, 2025 at 08:54:29AM -0700, Randy Dunlap wrote:
> >> Hi Kees,
> >>
> >> On 4/22/25 8:50 PM, Randy Dunlap wrote:
> >>>
> >>>
> >>> On 4/22/25 7:37 PM, Kees Cook wrote:
>
ges to lib/test_overflow.c]
Signed-off-by: Florian Fainelli
Signed-off-by: Greg Kroah-Hartman
---
include/linux/overflow.h | 72 ++-
1 file changed, 41 insertions(+), 31 deletions(-)
--- a/include/linux/overflow.h
+++ b/include/linux/overflow.h
@@ -55
On Fri, Feb 07, 2025 at 09:53:30AM +1030, Gustavo A. R. Silva wrote:
>
> > > unsigned int used;
> > > unsigned int size;
> > > unsigned int commit;
> > > - unsigned int lookahead; /* Lazy update on recv, can become less
> > > than "read" */
> > > + unsigned i
On Thu, Feb 06, 2025 at 02:09:45PM +1030, Gustavo A. R. Silva wrote:
> diff --git a/include/linux/tty_buffer.h b/include/linux/tty_buffer.h
> index 31125e3be3c5..80a9d7832c97 100644
> --- a/include/linux/tty_buffer.h
> +++ b/include/linux/tty_buffer.h
> @@ -7,7 +7,7 @@
> #include
> #include
>
On Wed, Feb 05, 2025 at 06:33:13PM +1030, Gustavo A. R. Silva wrote:
>
>
> On 05/02/25 17:29, Jiri Slaby wrote:
> > On 05. 02. 25, 7:49, Gustavo A. R. Silva wrote:
> > > If the above changes are better for you then I'll send a new patch. :)
> >
> > No, you are supposed to switch tty_buffer to tt
On Wed, Feb 05, 2025 at 03:51:35PM +1030, Gustavo A. R. Silva wrote:
> -Wflex-array-member-not-at-end was introduced in GCC-14, and we are
> getting ready to enable it, globally.
>
> So, in order to avoid ending up with a flexible-array member in the
> middle of other structs, we use the `struct_g
On Wed, Feb 05, 2025 at 03:51:35PM +1030, Gustavo A. R. Silva wrote:
> --- a/include/linux/tty_buffer.h
> +++ b/include/linux/tty_buffer.h
> @@ -8,19 +8,24 @@
> #include
>
> struct tty_buffer {
> - union {
> - struct tty_buffer *next;
> - struct llist_node free;
> -
On Tue, Dec 17, 2024 at 09:47:23AM +0100, Hanno Böck wrote:
> Hello,
>
> On Tue, 3 Dec 2024 14:53:27 +0100
> "Günther Noack" wrote:
>
> > Hanno, you are the original author of this patch and you have done a
> > more detailed analysis on the TIOCLINUX problems than me -- do you
> > agree that thi
On Fri, Dec 13, 2024 at 09:13:54PM -0800, Jared Finder wrote:
> On 2024-12-03 06:07, Günther Noack wrote:
> > On Tue, Dec 03, 2024 at 02:53:27PM +0100, Günther Noack wrote:
> > > Hanno, you are the original author of this patch and you have done a
> > > more
> > > detailed analysis on the TIOCLINUX
On Thu, Nov 21, 2024 at 08:38:27PM -0800, Kees Cook wrote:
>
>
> On November 20, 2024 11:28:35 AM PST, Greg Kroah-Hartman
> wrote:
> >On Wed, Nov 20, 2024 at 10:12:40AM -0800, Kees Cook wrote:
> >> On Wed, Nov 20, 2024 at 08:35:38AM +0100, Linus Walleij wrote:
>
On Wed, Nov 20, 2024 at 10:12:40AM -0800, Kees Cook wrote:
> On Wed, Nov 20, 2024 at 08:35:38AM +0100, Linus Walleij wrote:
> > On Wed, Nov 20, 2024 at 6:31 AM David Wang <00107...@163.com> wrote:
> >
> > > Using device name as format string of seq_printf() is proned to
> > > "Format string attack
5.15-stable review patch. If anyone has any objections, please let me know.
--
From: Justin Stitt
[ Upstream commit b0009b8bed98bd5d59449af48781703df261c247 ]
strncpy() is deprecated for use on NUL-terminated destination strings
[1] and as such we should prefer more robust and
@vger.kernel.org
Signed-off-by: Kees Cook
Cc: Thomas Meyer
Signed-off-by: Greg Kroah-Hartman
---
scripts/gcc-plugins/gcc-common.h |4
1 file changed, 4 insertions(+)
--- a/scripts/gcc-plugins/gcc-common.h
+++ b/scripts/gcc-plugins/gcc-common.h
@@ -570,4 +570,8 @@ static inline void
@vger.kernel.org
Signed-off-by: Kees Cook
Cc: Thomas Meyer
Signed-off-by: Greg Kroah-Hartman
---
scripts/gcc-plugins/gcc-common.h |4
1 file changed, 4 insertions(+)
--- a/scripts/gcc-plugins/gcc-common.h
+++ b/scripts/gcc-plugins/gcc-common.h
@@ -980,4 +980,8 @@ static inline void
@vger.kernel.org
Signed-off-by: Kees Cook
Cc: Thomas Meyer
Signed-off-by: Greg Kroah-Hartman
---
scripts/gcc-plugins/gcc-common.h |4
1 file changed, 4 insertions(+)
--- a/scripts/gcc-plugins/gcc-common.h
+++ b/scripts/gcc-plugins/gcc-common.h
@@ -977,4 +977,8 @@ static inline void
@vger.kernel.org
Signed-off-by: Kees Cook
Cc: Thomas Meyer
Signed-off-by: Greg Kroah-Hartman
---
scripts/gcc-plugins/gcc-common.h |4
1 file changed, 4 insertions(+)
--- a/scripts/gcc-plugins/gcc-common.h
+++ b/scripts/gcc-plugins/gcc-common.h
@@ -977,4 +977,8 @@ static inline void
6.9-stable review patch. If anyone has any objections, please let me know.
--
From: Justin Stitt
[ Upstream commit 9fad9d560af5c654bb38e0b07ee54a4e9acdc5cd ]
Running syzkaller with the newly reintroduced signed integer overflow
sanitizer produces this report:
[ 65.194362] -
6.6-stable review patch. If anyone has any objections, please let me know.
--
From: Justin Stitt
[ Upstream commit 9fad9d560af5c654bb38e0b07ee54a4e9acdc5cd ]
Running syzkaller with the newly reintroduced signed integer overflow
sanitizer produces this report:
[ 65.194362] -
@vger.kernel.org
Signed-off-by: Kees Cook
Cc: Thomas Meyer
Signed-off-by: Greg Kroah-Hartman
---
scripts/gcc-plugins/gcc-common.h |4
1 file changed, 4 insertions(+)
--- a/scripts/gcc-plugins/gcc-common.h
+++ b/scripts/gcc-plugins/gcc-common.h
@@ -440,4 +440,8 @@ static inline void
On Mon, Jul 15, 2024 at 01:17:10PM -0700, Kees Cook wrote:
> On Mon, Jul 15, 2024 at 08:04:21PM +0200, Mickaël Salaün wrote:
> > Yes, that's why we use WARN_ON_ONCE() to check cases that should never
> > happen (at the time of writting), but in practice it's useful to check
> > (with fuzzing) that
On Mon, Jul 15, 2024 at 02:20:59PM +0200, Mickaël Salaün wrote:
> On Mon, Jul 15, 2024 at 01:16:38PM +0200, Greg Kroah-Hartman wrote:
> > On Mon, Jul 15, 2024 at 12:37:53PM +0200, Mickaël Salaün wrote:
> > > Hello,
> > >
> > > AFAIK, commit 88da52ccd66e ("
6.1-stable review patch. If anyone has any objections, please let me know.
--
From: Justin Stitt
[ Upstream commit efb905aeb44b0e99c0e6b07865b1885ae0471ebf ]
When running syzkaller with the newly reintroduced signed integer wrap
sanitizer we encounter this splat:
[ 366.01595
6.9-stable review patch. If anyone has any objections, please let me know.
--
From: Justin Stitt
[ Upstream commit efb905aeb44b0e99c0e6b07865b1885ae0471ebf ]
When running syzkaller with the newly reintroduced signed integer wrap
sanitizer we encounter this splat:
[ 366.01595
6.6-stable review patch. If anyone has any objections, please let me know.
--
From: Justin Stitt
[ Upstream commit efb905aeb44b0e99c0e6b07865b1885ae0471ebf ]
When running syzkaller with the newly reintroduced signed integer wrap
sanitizer we encounter this splat:
[ 366.01595
5.15-stable review patch. If anyone has any objections, please let me know.
--
From: Christophe Leroy
[ Upstream commit 7d2cc63eca0c993c99d18893214abf8f85d566d8 ]
set_memory_ro() can fail, leaving memory unprotected.
Check its return and take it into account as an error.
Lin
6.1-stable review patch. If anyone has any objections, please let me know.
--
From: Christophe Leroy
[ Upstream commit 7d2cc63eca0c993c99d18893214abf8f85d566d8 ]
set_memory_ro() can fail, leaving memory unprotected.
Check its return and take it into account as an error.
Link
6.6-stable review patch. If anyone has any objections, please let me know.
--
From: Christophe Leroy
[ Upstream commit e60adf513275c3a38e5cb67f7fd12387e43a3ff5 ]
set_memory_rox() can fail, leaving memory unprotected.
Check return and bail out when bpf_jit_binary_lock_ro() ret
6.6-stable review patch. If anyone has any objections, please let me know.
--
From: Christophe Leroy
[ Upstream commit 7d2cc63eca0c993c99d18893214abf8f85d566d8 ]
set_memory_ro() can fail, leaving memory unprotected.
Check its return and take it into account as an error.
Link
6.9-stable review patch. If anyone has any objections, please let me know.
--
From: Christophe Leroy
[ Upstream commit e60adf513275c3a38e5cb67f7fd12387e43a3ff5 ]
set_memory_rox() can fail, leaving memory unprotected.
Check return and bail out when bpf_jit_binary_lock_ro() ret
6.9-stable review patch. If anyone has any objections, please let me know.
--
From: Christophe Leroy
[ Upstream commit 7d2cc63eca0c993c99d18893214abf8f85d566d8 ]
set_memory_ro() can fail, leaving memory unprotected.
Check its return and take it into account as an error.
Link
On Thu, Jun 27, 2024 at 10:14:05AM -0700, Kees Cook wrote:
> On Wed, May 29, 2024 at 02:29:42PM -0700, Nathan Chancellor wrote:
> > Work for __counted_by on generic pointers in structures (not just
> > flexible array members) has started landing in Clang 19 (current tip of
> > tree). During the dev
On Thu, May 30, 2024 at 08:22:03AM +0200, Jiri Slaby wrote:
> > This will be an error in a future compiler version
> > [-Werror,-Wbounds-safety-counted-by-elt-type-unknown-size]
> > 291 | struct mxser_port ports[] __counted_by(nports);
> > | ^
ion of the commit as that doesn't apply to
5.15.y - gregkh]
Signed-off-by: Greg Kroah-Hartman
---
include/linux/overflow.h | 72 ++-
1 file changed, 41 insertions(+), 31 deletions(-)
--- a/include/linux/overflow.h
+++ b/include/linux/overflow.h
@
On Mon, Jan 01, 2024 at 05:08:28AM -0800, Harshit Mogalapalli wrote:
> Syzkaller hit 'WARNING in dg_dispatch_as_host' bug.
>
> memcpy: detected field-spanning write (size 56) of single field
> "&dg_info->msg"
> at drivers/misc/vmw_vmci/vmci_datagram.c:237 (size 24)
>
> WARNING: CPU: 0 PID: 1555
On Thu, Nov 16, 2023 at 11:21:22AM -0800, Kees Cook wrote:
> Hi,
>
> One of the last users of strlcpy() is kernfs, which has some complex
> calling hierarchies that needed to be carefully examined. This series
> refactors the strlcpy() calls into strscpy() calls, and bubbles up all
> changes in re
ned-off-by: Kees Cook
Signed-off-by: Greg Kroah-Hartman
---
scripts/gcc-plugins/randomize_layout_plugin.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/scripts/gcc-plugins/randomize_layout_plugin.c
+++ b/scripts/gcc-plugins/randomize_layout_plugin.c
@@ -209,12 +209,14
Signed-off-by: Kees Cook
Signed-off-by: Greg Kroah-Hartman
---
scripts/gcc-plugins/randomize_layout_plugin.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/scripts/gcc-plugins/randomize_layout_plugin.c
+++ b/scripts/gcc-plugins/randomize_layout_plugin.c
@@ -209,
Signed-off-by: Kees Cook
Signed-off-by: Greg Kroah-Hartman
---
scripts/gcc-plugins/randomize_layout_plugin.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/scripts/gcc-plugins/randomize_layout_plugin.c
+++ b/scripts/gcc-plugins/randomize_layout_plugin.c
@@ -209,
ned-off-by: Kees Cook
Signed-off-by: Greg Kroah-Hartman
---
scripts/gcc-plugins/randomize_layout_plugin.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/scripts/gcc-plugins/randomize_layout_plugin.c
+++ b/scripts/gcc-plugins/randomize_layout_plugin.c
@@ -191,12 +191,14
ned-off-by: Kees Cook
Signed-off-by: Greg Kroah-Hartman
---
scripts/gcc-plugins/randomize_layout_plugin.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/scripts/gcc-plugins/randomize_layout_plugin.c
+++ b/scripts/gcc-plugins/randomize_layout_plugin.c
@@ -191,12 +191,14
6.5-stable review patch. If anyone has any objections, please let me know.
--
From: Kees Cook
[ Upstream commit 1ee60356c2dca938362528404af95b8ef3e49b6a ]
The randstruct GCC plugin tried to discover "fake" flexible arrays
to issue warnings about them in randomized structs. In
ned-off-by: Kees Cook
Signed-off-by: Greg Kroah-Hartman
---
scripts/gcc-plugins/randomize_layout_plugin.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/scripts/gcc-plugins/randomize_layout_plugin.c
+++ b/scripts/gcc-plugins/randomize_layout_plugin.c
@@ -191,12 +191,14
6.6-stable review patch. If anyone has any objections, please let me know.
--
From: Kees Cook
[ Upstream commit 1ee60356c2dca938362528404af95b8ef3e49b6a ]
The randstruct GCC plugin tried to discover "fake" flexible arrays
to issue warnings about them in randomized structs. In
Signed-off-by: Kees Cook
Signed-off-by: Greg Kroah-Hartman
---
scripts/gcc-plugins/randomize_layout_plugin.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/scripts/gcc-plugins/randomize_layout_plugin.c
+++ b/scripts/gcc-plugins/randomize_layout_plugin.c
@@ -209,
Signed-off-by: Kees Cook
Signed-off-by: Greg Kroah-Hartman
---
scripts/gcc-plugins/randomize_layout_plugin.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
--- a/scripts/gcc-plugins/randomize_layout_plugin.c
+++ b/scripts/gcc-plugins/randomize_layout_plugin.c
@@ -209,
6.1-stable review patch. If anyone has any objections, please let me know.
--
From: Kees Cook
[ Upstream commit 0e108725f6cc5b3be9e607f89c9fbcbb236367b7 ]
Arnd noticed we have a case where a shorter source string is being copied
into a destination byte array, but this results
6.6-stable review patch. If anyone has any objections, please let me know.
--
From: Kees Cook
[ Upstream commit 0e108725f6cc5b3be9e607f89c9fbcbb236367b7 ]
Arnd noticed we have a case where a shorter source string is being copied
into a destination byte array, but this results
6.5-stable review patch. If anyone has any objections, please let me know.
--
From: Kees Cook
[ Upstream commit 0e108725f6cc5b3be9e607f89c9fbcbb236367b7 ]
Arnd noticed we have a case where a shorter source string is being copied
into a destination byte array, but this results
; (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
> functions).
>
> As found with Coccinelle[1], add __counted_by for struct urb_priv.
>
> [1]
> https://github.com/kees/kernel-tools/blob/trunk/coccinelle/examples/counted_by.cocci
>
> Cc: Alan S
On Fri, Sep 29, 2023 at 06:20:10PM +0200, Jann Horn wrote:
> On Fri, Sep 29, 2023 at 5:42 PM Gustavo A. R. Silva
> wrote:
> > `struct urb` is a flexible structure, which means that it contains a
> > flexible-array member at the bottom. This could potentially lead to an
> > overwrite of the object
6.5-stable review patch. If anyone has any objections, please let me know.
--
From: Justin Stitt
[ Upstream commit 4b2fd81f2af7147e844ecec0c5c07a16bca6b86e ]
`strncpy` is deprecated for use on NUL-terminated destination strings [1].
A suitable replacement is `strscpy` [2] due
52 matches
Mail list logo
