auth_tok->token_type = ECRYPTFS_PASSWORD;
> - strncpy((char *)auth_tok->token.password.signature, key_desc,
> - ECRYPTFS_PASSWORD_SIG_SIZE);
> + strscpy_pad(auth_tok->token.password.signature, key_desc);
> auth_tok->token.password.session_key_encryption_key_bytes =
> ECRYPTFS_MAX_KEY_BYTES;
> /*
> --
> 2.51.0
>
>
--
Kees Cook
ck correctly rejects:
MODULE_LICENSE("GPL\0proprietary")
while accepting normal declarations:
MODULE_LICENSE("GPL")
Link: https://lwn.net/Articles/82305/ [1]
Suggested-by: Rusty Russell
Signed-off-by: Kees Cook
---
Cc: Luis Chamberlain
Cc: Petr Pavlu
Cc: Daniel Gom
ll six firmware filename macro
definitions. Semicolons should only appear at the point of use, not in
the macro definition.
Signed-off-by: Kees Cook
---
Cc: Malcolm Priestley
Cc: Mauro Carvalho Chehab
Cc:
---
drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 ++--
1 file changed, 6 insertions(
tf buffer overflow: %d written to buffer size
%zu!\n",\
__written + 1, __dst_len);\
__written; \
})
tl;dr: I think it's worth switching to snprintf (or scnprintf) where
possible to make an explicit choice about what the destination buffer
is expected to contain in the case of an overflow. Using sprintf leaves
it potentially ambiguous.
-Kees
--
Kees Cook
-next/hardening, thanks!
[1/1] lib/string_choices: Add str_assert_deassert() helper
https://git.kernel.org/kees/c/c8a935a31bc7
Take care,
--
Kees Cook
ars ago I wanted to have tighter integration between pstore
and nvdimm code. The thread is here, for reference:
https://lore.kernel.org/lkml/CAGXu5jLtmb3qinZnX3rScUJLUFdf+pRDVPjy=cs4kutw9tl...@mail.gmail.com/
I'm not sure it it'll be a useful as background, but I thought I'd
mention it. :)
-Kees
--
Kees Cook
compatibility.
>
> The compatibility check for gcc plugins is too inflexible,
> and a lot of times wrong. Add ability to let the user choose
> how stringent compatibility is.
Why is it wrong a lot? I'm not sure I understand what problem is being
solved here?
-Kees
--
Kees Cook
GCC now runs TODO_verify_il automatically[1], so it is no longer exposed to
plugins. Only use the flag on GCC < 16.
Suggested-by: Christopher Fore
Link:
https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=9739ae9384dd7cd3bb1c7683d6b80b7a9116eaf8
Signed-off-by: Kees Cook
---
How about like this,
bool stackleak_instrument_gate(void)
>
> #define PASS_NAME stackleak_instrument
> #define PROPERTIES_REQUIRED PROP_gimple_leh | PROP_cfg
>-#define TODO_FLAGS_START TODO_verify_ssa | TODO_verify_flow |
>TODO_verify_stmts
>-#define TODO_FLAGS_FINISH TODO_verify_ssa | TODO_verify_stmts |
>TODO_dump_func \
>+#define TODO_FLAGS_FINISH TODO_dump_func \
> | TODO_update_ssa | TODO_rebuild_cgraph_edges
> #include "gcc-generate-gimple-pass.h"
>
--
Kees Cook
TRAILING_OVERLAP()
https://git.kernel.org/kees/c/2bbdcf02c3f3
Take care,
--
Kees Cook
On Mon, Sep 08, 2025 at 04:51:42PM -0500, Bjorn Helgaas wrote:
> On Thu, Sep 04, 2025 at 10:28:41PM -0700, Kees Cook wrote:
> > After commit cbc654d18d37 ("bitops: Add __attribute_const__ to generic
> > ffs()-family implementations"), which allows GCC's value ran
On Fri, Sep 05, 2025 at 10:25:49AM +0200, Arnd Bergmann wrote:
> On Fri, Sep 5, 2025, at 07:28, Kees Cook wrote:
> > After commit cbc654d18d37 ("bitops: Add __attribute_const__ to generic
> > ffs()-family implementations"), which allows GCC's value range tracker
>
\
> + (0 + (_val)) : 0,
> \
> _pfx "value too large for the field"); \
> BUILD_BUG_ON_MSG(__bf_cast_unsigned(_mask, _mask) > \
> __bf_cast_unsigned(_reg, ~0ull), \
>
> I found similar patterns with ffs and FIELD_PREP here
> drivers/dma/uniphier-xdmac.c row 156 and 165
> drivers/gpu/drm/i915/display/intel_cursor_regs.h row 17
You got warnings for these?
--
Kees Cook
On Mon, Sep 08, 2025 at 03:53:49PM -0500, Bjorn Helgaas wrote:
> On Thu, Sep 04, 2025 at 10:28:41PM -0700, Kees Cook wrote:
> > After commit cbc654d18d37 ("bitops: Add __attribute_const__ to generic
> > ffs()-family implementations"), which allows GCC's value ran
On Tue, Aug 05, 2025 at 02:48:23PM -0700, Nathan Chancellor wrote:
> On Tue, Aug 05, 2025 at 04:50:28PM +0200, Alexander Lobakin wrote:
> > From: Nathan Chancellor
> > Date: Sun, 3 Aug 2025 10:32:35 -0700
> >
> > > On Sat, Aug 02, 2025 at 11:43:32AM -0700, Kees C
alue tracker seems happy again. :)
Fixes: cbc654d18d37 ("bitops: Add __attribute_const__ to generic ffs()-family
implementations")
Reported-by: Linux Kernel Functional Testing
Closes:
https://lore.kernel.org/linux-pci/CA+G9fYuysVr6qT8bjF6f08WLyCJRG7aXAeSd2F7=ztahhd7...@mail.gmail.com/
S
-by: kernel test robot
Closes:
https://lore.kernel.org/oe-kbuild-all/202508031025.dowxtzzc-...@intel.com/ [3]
Signed-off-by: Kees Cook
---
v2: clarify commit log (we want this patch regardless of GCC being fixed)
v1: https://lore.kernel.org/lkml/20250826034354.work.684-k...@kernel.org/
---
arch/arc/
nstead of "int".
The function behavior remains identical (parameter is unused).
Fixes: c64f46ee1377 ("arm64: mm: use enum to identify pgtable level instead of
*_SHIFT")
Signed-off-by: Kees Cook
---
v2: Fixed the Fixes line. ;)
v1: https://lore.kernel.org/lkml/20250829154913.w
nstead of "int".
The function behavior remains identical (parameter is unused).
Fixes: 47546a1912fc ("arm64: mm: install KPTI nG mappings with MMU enabled")
Signed-off-by: Kees Cook
---
Cc: Ard Biesheuvel
Cc: Catalin Marinas
Cc: Will Deacon
Cc: Oliver Upton
Cc: Anshuman
On August 29, 2025 12:06:17 PM EDT, Mark Rutland wrote:
>On Fri, Aug 29, 2025 at 08:49:21AM -0700, Kees Cook wrote:
>> Fixes: 47546a1912fc ("arm64: mm: install KPTI nG mappings with MMU enabled")
>
>That doesn't look right; that commit is from June 2022
On Tue, Aug 26, 2025 at 09:24:04PM -0400, Yury Norov wrote:
> On Tue, Aug 26, 2025 at 09:56:06AM -0700, Kees Cook wrote:
> > On Tue, Aug 26, 2025 at 03:08:59PM +0200, Rasmus Villemoes wrote:
> > > If __builtin_arc_fls() simply doesn't qualify for attr_const for
> > &
I already sent the patch to fix it. :)
https://gcc.gnu.org/pipermail/gcc-patches/2025-August/693273.html
--
Kees Cook
rted-by: kernel test robot
Closes:
https://lore.kernel.org/oe-kbuild-all/202508031025.dowxtzzc-...@intel.com/
Signed-off-by: Kees Cook
---
Cc: Yury Norov
Cc: Rasmus Villemoes
Cc: Vineet Gupta
Cc:
---
arch/arc/include/asm/bitops.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/arch/
an the type be extracted from an AST analysis of the lhs?
struct foo *p = kmalloc(bytes, gfp);
Doesn't tell us much from "bytes", but typeof(*p) does...
--
Kees Cook
to for-linus/hardening, thanks!
[1/1] hardening: Require clang 20.1.0 for __counted_by
https://git.kernel.org/kees/c/871fcff457f9
Take care,
--
Kees Cook
minimum LLVM version to 15.0.0")
>
> respectively. This series bumps the rest of the kernel to 15.0.0 to
> match, which allows for a decent number of clean ups.
Looks good to me!
Reviewed-by: Kees Cook
> I think it makes sense for either Andrew to carry this via -mm on a
> nonmm branch
t strictly
NUL terminated. You can see ethtool itself has to be careful with the
strings, limiting the fprintf to their sizeof():
https://git.kernel.org/pub/scm/network/ethtool/ethtool.git/tree/ethtool.c#n1013
or using strncmp everywhere.
--
Kees Cook
double-check this and see what needs to happen here.
I've fixed a lot of these already[1].
-Kees
[1] https://lore.kernel.org/lkml/20250416010210.work.904-k...@kernel.org/
--
Kees Cook
checking behavior)
>
> All tests validated using:
> - scripts/checkpatch.pl --strict (clean output)
> - Functional testing on kernel v6.16-rc2
>
> Changes in v3:
> - Replaced all printf() calls with TH_LOG() for proper test logging (Kees
> Cook)
> - Added struct __test_met
> First seen on the next-20250804
> Good: next-20250801
> Bad: next-20250804
Are you able to bisect this by any chance?
--
Kees Cook
s8p193mb2271.eurp193.prod.outlook.com
Fixes: b6b26d86c61c ("iommu/amd: Add a length limitation for the ivrs_acpihid
command-line parameter")
Signed-off-by: Kees Cook
---
This was sent out before but it didn't end up on any public mailing list. My
mistake!
Cc: Joerg Roedel
Cc: Suravee Suthik
On Fri, Aug 01, 2025 at 03:17:42PM +0200, Alexander Lobakin wrote:
> From: Alexander Lobakin
> Date: Fri, 1 Aug 2025 15:12:43 +0200
>
> > From: Kees Cook
> > Date: Thu, 31 Jul 2025 10:05:47 -0700
> >
> >> On Thu, Jul 31, 2025 at 01:37:34PM +0100, Simon Ho
(GCC) 15.1.1 20250521 (Red Hat 15.1.1-2)
clang version 20.1.8 (Fedora 20.1.8-1.fc42)
ClangBuiltLinux clang version 21.1.0-rc2
clang version 22.0.0git
Signed-off-by: Kees Cook
---
v2: Clang is fixed too! :) (Nathan)
v1: https://lore.kernel.org/lkml/20250802002733.work.941-k
On Fri, Aug 01, 2025 at 06:13:44PM -0700, Nathan Chancellor wrote:
> On Fri, Aug 01, 2025 at 05:55:27PM -0700, Kees Cook wrote:
> > On Fri, Aug 01, 2025 at 05:43:16PM -0700, Nathan Chancellor wrote:
> > > On Fri, Aug 01, 2025 at 05:27:40PM -0700, Kees Cook wrote:
> > &g
On Fri, Aug 01, 2025 at 05:43:16PM -0700, Nathan Chancellor wrote:
> On Fri, Aug 01, 2025 at 05:27:40PM -0700, Kees Cook wrote:
> > With the few remaining fixes now landed, we can re-enable the option
> > -Wunterminated-string-initialization for GCC. (Clang does not yet fully
>
With the few remaining fixes now landed, we can re-enable the option
-Wunterminated-string-initialization for GCC. (Clang does not yet fully
understand the "nonstring" attribute.)
Signed-off-by: Kees Cook
---
Cc: Masahiro Yamada
Cc: Nathan Chancellor
Cc: Nicolas Schier
Cc:
--
> + u64 frame_sz_le_qword;
> + struct {
> + /* Frame size to deduce data_hard_end/reserved
> + * tailroom. */
> + u32 frame_sz;
> + /* Supported values defined in xdp_buff_flags. */
> + u32 flags;
> + };
> + };
> };
Yeah, this looks like a nice way to express this, and is way more
descriptive than "(u64 *)&xdp->base.frame_sz" :)
--
Kees Cook
On Wed, Jul 30, 2025 at 04:13:25PM -0700, Alexei Starovoitov wrote:
> On Wed, Jul 30, 2025 at 4:09 PM Kees Cook wrote:
> >
> > On Wed, Jul 30, 2025 at 04:07:33PM -0700, Alexei Starovoitov wrote:
> > > On Wed, Jul 30, 2025 at 4:02 PM Kees Cook wrote:
> > > >
&
On Wed, Jul 30, 2025 at 04:07:33PM -0700, Alexei Starovoitov wrote:
> On Wed, Jul 30, 2025 at 4:02 PM Kees Cook wrote:
> >
> > On Thu, Jul 03, 2025 at 01:48:14PM -0700, Kumar Kartikeya Dwivedi wrote:
> > > +static void bpf_prog_report_rqspinlock_violation(const char *str,
//docs.kernel.org/process/deprecated.html#p-format-specifier
I don't see any justification here, please remove the lock address or
use regular %p to get a hashed value.
--
Kees Cook
On Tue, Jul 29, 2025 at 04:41:00PM -0700, Kees Cook wrote:
> In order to support Clang's stack depth tracking (for Linux's kstack_erase
> feature), the coverage sanitizer needed to be disabled for __init (and
> __head) section code. Doing this universally (i.e. for GCC too) cr
intel.com/
Reported-by: syzbot+5245cb609175fb6e8...@syzkaller.appspotmail.com
Closes:
https://lore.kernel.org/all/6888d004.a00a0220.26d0e1.0004....@google.com/
Signed-off-by: Kees Cook
---
v2: correctly split compiler-specific stuff out of compiler_types.h (Miguel)
v1: https://lore.kernel.org
On Wed, Jul 30, 2025 at 01:00:39AM +0200, Marco Elver wrote:
> On Wed, 30 Jul 2025 at 00:43, Kees Cook wrote:
> >
> > In order to support Clang's stack depth tracking (for Linux's kstack_erase
> > feature), the coverage sanitizer needed to be disabled for __ini
When FORTIFY_SOURCE reports about a run-time buffer overread, the wrong
buffer size was being shown in the error message. (The bounds checking
was correct.)
Fixes: 3d965b33e40d ("fortify: Improve buffer overflow reporting")
Signed-off-by: Kees Cook
---
Cc:
---
include/linux/fortif
intel.com/
Reported-by: syzbot+5245cb609175fb6e8...@syzkaller.appspotmail.com
Closes:
https://lore.kernel.org/all/6888d004.a00a0220.26d0e1.0004....@google.com/
Signed-off-by: Kees Cook
---
Cc: Linus Torvalds
Cc: Thomas Gleixner
Cc: Ingo Molnar
Cc: Borislav Petkov
Cc: Dave Hansen
Cc:
Cc: "
On Sat, Jul 26, 2025 at 02:24:51PM +0200, Hans de Goede wrote:
> Hi Kees,
>
> On 24-Jul-25 10:08 AM, Kees Cook wrote:
> > When gmin_get_config_var() calls efi.get_variable() and the EFI variable
> > is larger than the expected buffer size, two behaviors combine to crea
ported-by: Linux Kernel Functional Testing
Closes:
https://lore.kernel.org/all/CA+G9fYtBk8qnpWvoaFwymCx5s5i-5KXtPGpmf=_+ukjddco...@mail.gmail.com
Reported-by: Nathan Chancellor
Closes: https://lore.kernel.org/all/20250726004313.GA3650901@ax162
Suggested-by: Nathan Chancellor
Signed-off-by:
i386, arm64, and arm.
Reported-by: Nathan Chancellor
Closes: https://lore.kernel.org/all/20250726004313.GA3650901@ax162
Signed-off-by: Kees Cook
---
kernel/Makefile | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/Makefile b/kernel/Makefile
index e4f01f1d4d0c..0ee9afd8b7cf 100644
(with CONFIG_DEBUG_STACK_USAGE=y).
Fixes: a45728fd4120 ("LoongArch: Enable HAVE_ARCH_STACKLEAK")
Reported-by: Nathan Chancellor
Closes: https://lore.kernel.org/all/20250726004313.GA3650901@ax162
Cc: Youling Tang
Cc: Huacai Chen
Signed-off-by: Kees Cook
---
include/linux/sched/task_sta
ng the atomisp camera stack.
Reported-by: zepta
Closes:
https://lore.kernel.org/all/capbs6koqym7fmdpwouxtexsoe44x4h3f8fw+y_qwq6e+odm...@mail.gmail.com
Fixes: 38d4f74bc148 ("media: atomisp_gmin_platform: stop abusing efivar API")
Signed-off-by: Kees Cook
---
Cc: Greg Kroah-Hartman
Cc: Ard Bies
,
ensuring the function works correctly across different boundary
conditions. Each test uses unique padding values to detect any potential
cross-contamination.
Signed-off-by: Kees Cook
---
This patch was LLM assisted! It did well, but missed the entire concept of
copying non-byte-array objects originally
little more documentation:
- struct arpreq: ARP protocol is IPv4-only by design
- struct rtentry: Legacy IPv4 routing API, IPv6 uses different structures
Signed-off-by: Kees Cook
---
Cc: "David S. Miller"
Cc: Eric Dumazet
Cc: Jakub Kicinski
Cc: Paolo Abeni
Cc: Simon Horman
Cc:
--
My CC-adding automation returned nothing on a future patch to the
include/linux/in6.h file, and I went looking for why. Add the missed
in6.h to MAINTAINERS.
Signed-off-by: Kees Cook
---
Cc: "David S. Miller"
Cc: Eric Dumazet
Cc: Jakub Kicinski
Cc: Paolo Abeni
Cc: Simon
filtering the actual population of the
array. (So I think cfg80211_scan_request is correctly used at this point,
but I understand your desire to remove __counted_by on it.)
Do you want me to send patches for the static cases to add comments or
is that too much churn?
-Kees
--
Kees Cook
80211: use __counted_by where appropriate")
Signed-off-by: Kees Cook
---
Cc: Johannes Berg
Cc: Dmitry Antipov
Cc:
---
net/wireless/nl80211.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 1c808b08b747..db8b089454ca 100644
--- a/ne
;wifi: cfg80211: Annotate struct cfg80211_rnr_elems with
__counted_by")
Signed-off-by: Kees Cook
---
Cc: Johannes Berg
Cc:
---
net/mac80211/cfg.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/mac80211/cfg.c b/net/mac80211/cfg.c
index 4f20d57ab913..2ed07fa121ab 100644
n
in station mode")
Signed-off-by: Kees Cook
---
Cc: Johannes Berg
Cc: Chung-Hsien Hsu
Cc: Chi-hsien Lin
Cc: James Prestwood
Cc: Arend van Spriel
Cc: "Gustavo A. R. Silva"
Cc: Ting-Ying Li
Cc:
Cc:
Cc:
Cc:
---
.../net/wireless/broadcom/brcm80211/brcmfmac/cyw/fwil_types.h |
On Tue, Jul 15, 2025 at 09:08:14AM +0200, Alejandro Colomar wrote:
> Hi Kees,
>
> On Mon, Jul 14, 2025 at 10:19:39PM -0700, Kees Cook wrote:
> > On Fri, Jul 11, 2025 at 10:58:56AM -0700, Linus Torvalds wrote:
> > > struct seq_buf s;
> > > seq_buf_
On Tue, Jul 15, 2025 at 08:24:29AM +0200, Martin Uecker wrote:
> Am Montag, dem 14.07.2025 um 22:19 -0700 schrieb Kees Cook:
> > On Fri, Jul 11, 2025 at 10:58:56AM -0700, Linus Torvalds wrote:
> > > struct seq_buf s;
> > > seq_buf_init(&s, buf, s
) and strstarts()
https://git.kernel.org/kees/c/2d8ae9a4f1bc
Take care,
--
Kees Cook
le by KCFI,
one could add __kcfi_salt("foo").
To test the result, add a corresponding LKDTM test, CFI_FORWARD_SALT.
Link: https://github.com/KSPP/linux/issues/365 [1]
Signed-off-by: Kees Cook
---
Cc: Bill Wendling
Cc: Andrew Cooper
Cc: Arnd Bergmann
Cc: Greg Kroah-Hartman
Cc: Migu
[PASSED] seq_buf_printf_overflow_test
[PASSED] seq_buf_get_buf_commit_test
= [PASSED] seq_buf =
Signed-off-by: Kees Cook
---
I used an LLM to produce this; it did pretty well, but I had to help it
get the Kconfig and make targets in the right places, and I tweaked
examine
> + * @prefix: prefix to look for.
> + */
> +static inline bool strstarts(const char *str, const char *prefix)
> +{
> + return strncmp(str, prefix, strlen(prefix)) == 0;
> +}
> +
> #endif /* _LINUX_STRING_H_ */
> --
> 2.47.2
>
--
Kees Cook
it in 1 line. :P
I would love to see more string handling replaced with seq_buf.
--
Kees Cook
; [ 214.242575]
I would also note that the _entire_ trace is bogus too -- all the
leading "?" lines means it's just guessing based on what was left over
in memory rather than a sane dump.
> > This is my first time reporting a bug on the mailing list, so please
> > let me know if any additional information or formatting is required.
I'd repeat what Petr said, which is: if the compiler is emitting
warnings, then it's likely the bug is not with the core kernel. :)
-Kees
--
Kees Cook
On Tue, Jul 01, 2025 at 03:41:35PM +0200, Jann Horn wrote:
> On Sun, Jun 29, 2025 at 1:40 AM Kees Cook wrote:
> > It seems the Clang can see through OPTIMIZER_HIDE_VAR when the constant
> > is coming from sizeof.
>
> Wait, what? That sounds extremely implausible/bro
by: Nathan Chancellor
Closes: https://github.com/ClangBuiltLinux/linux/issues/2075 [1]
Cc: "Jannik Glückert"
Suggested-by: Nathan Chancellor
Fixes: 6ee149f61bcc ("kunit/fortify: Replace "volatile" with
OPTIMIZER_HIDE_VAR()")
Signed-off-by: Kees Cook
---
Cc:
---
li
e hardening tree.
Applied to for-next/hardening, thanks!
[1/1] acpi: nfit: intel: avoid multiple -Wflex-array-member-not-at-end warnings
https://git.kernel.org/kees/c/5e54510a9389
Take care,
--
Kees Cook
ased on a Geometic Mean of 100 tests:
>
> Without patch: 50512.95 bogo-ops/sec
> With patch:50819.58 bogo-ops/sec
>
> %Std.Deviation of ~0.18%, so low jitter in results, improvement of ~0.6%
>
> Signed-off-by: Colin Ian King
Nice find! It seems some ftrace configs are
these could be even further minimized to this, leaving
the trailing object indentation unchanged:
- struct {
- struct nd_cmd_pkg pkg;
+ TRAILING_OVERLAP(struct nd_cmd_pkg, pkg, nd_payload,
struct nd_intel_get_security_state cmd;
- } nd_cmd = {
+ ) nd_cmd = {
--
Kees Cook
cmd = {
...
-Kees
[1]
https://web.git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=for-next/kspp&id=29bb79e9dbf1ba100125e39deb7147acd490903f
--
Kees Cook
the original memory layout.
>
>
Applied to for-next/hardening, thanks!
[1/1] stddef: Introduce TRAILING_OVERLAP() helper macro
https://git.kernel.org/kees/c/29bb79e9dbf1
Take care,
--
Kees Cook
tps://git.kernel.org/kees/c/4bfbc2691de8
Take care,
--
Kees Cook
I would think padding should be included?
--
Kees Cook
ert
> "fortify: Allow KUnit test to build without FORTIFY"").
Same thing as for randstruct: I want the test to always be available. I
don't want 1a78f8cb5daac reverted.
-Kees
--
Kees Cook
On Mon, Jun 02, 2025 at 08:14:08PM +0200, Geert Uytterhoeven wrote:
> Hi Kees,
>
> On Mon, 2 Jun 2025 at 20:08, Kees Cook wrote:
> > On Mon, Jun 02, 2025 at 04:49:51PM +0200, Geert Uytterhoeven wrote:
> > > When CONFIG_RANDSTRUCT is not enabled, all randstruct tests are
7;ve added the appropriate
Fixes tag.
Applied to for-linus/hardening, thanks!
[1/1] ubsan: Fix incorrect hand-side used in handle
https://git.kernel.org/kees/c/c50b612bef51
Take care,
--
Kees Cook
his because it means that looking at CI output means
I can't tell if the test was not built or if the config was not
included. I want to always have the test available, but skip the test if
the config is missing.
-Kees
--
Kees Cook
On May 31, 2025 2:09:53 AM PDT, Arnd Bergmann wrote:
> Kbuild: remove structleak gcc plugin
> gcc-plugins: remove SANCOV gcc plugin
I didn't see either of these emailed out, but we'd talked about it earlier and
the resulting changes look good to me. Thanks!
Ack
On Fri, May 30, 2025 at 12:09:04PM -0700, Nathan Chancellor wrote:
> On Thu, May 29, 2025 at 10:12:22PM -0700, Kees Cook wrote:
> > On Thu, May 29, 2025 at 09:06:46PM -0300, Thiago Jung Bauermann wrote:
> > > This commit was reported by our CI as breaking the allmodconfig build
.com/KSPP/linux/issues/367
Closes:
https://lore.kernel.org/lkml/2025053646.104457-1-thiago.bauerm...@linaro.org/
Reported-by: Ingo Saitz
Closes: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104745
Fixes: 313dd1b62921 ("gcc-plugins: Add the randstruct plugin")
Signed-off-by:
On Fri, May 30, 2025 at 12:09:04PM -0700, Nathan Chancellor wrote:
> On Thu, May 29, 2025 at 10:12:22PM -0700, Kees Cook wrote:
> > On Thu, May 29, 2025 at 09:06:46PM -0300, Thiago Jung Bauermann wrote:
> > > This commit was reported by our CI as breaking the allmodconfig build
behaviors can be seen here:
https://godbolt.org/z/P7Go8Tr33
Link:
https://lore.kernel.org/netdev/20250520205920.2134829-9-anthony.l.ngu...@intel.com
[1]
Fixes: 47e36ed78406 ("overflow: Fix direct struct member initialization in
_DEFINE_FLEX()")
Signed-off-by: Kees Cook
---
Cc: &qu
On Fri, May 30, 2025 at 11:06:01AM -0700, Kees Cook wrote:
> #define __DEFINE_FLEX(type, name, member, count, trailer...) \
> _Static_assert(__builtin_constant_p(count), \
>"onstack flex array members require compile-time
\
__DEFINE_FLEX(struct libeth_xdp_buff, name, priv, \
LIBETH_XDP_PRIV_SZ(__VA_ARGS__ + 0), \
__uninitialized); \
LIBETH_XDP_ASSERT_PRIV_SZ(__VA_ARGS__ + 0)
Does that look like what you'd want? (Note I didn't actually build this;
I want to make sure the concept is workable...)
--
Kees Cook
-gnu- \
--kconfig_add CONFIG_RANDSTRUCT_FULL=y randstruct
...
# Totals: pass:5 fail:0 skip:0 total:5
--
Kees Cook
On Wed, May 28, 2025 at 02:32:23PM -0700, Nathan Chancellor wrote:
> On Wed, May 28, 2025 at 11:26:22AM -0700, Kees Cook wrote:
> > Depending on !COMPILE_TEST isn't sufficient to keep this feature out of
> > CI because we can't stop it from being included in randconfig bu
p it
from being enabled by anyone not expecting it.
Link:
https://discourse.llvm.org/t/rfc-v2-clang-introduce-overflowbehaviortypes-for-wrapping-and-non-wrapping-arithmetic/86507
[1]
Signed-off-by: Kees Cook
---
Cc: Justin Stitt
Cc: Eric Biggers
Cc: Arnd Bergmann
Cc: Jann Horn
Cc: Mar
On Tue, May 27, 2025 at 09:02:28AM +0200, Paolo Abeni wrote:
> On 5/21/25 10:46 PM, Kees Cook wrote:
> > diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
> > index fff13a8b48f1..616479e71466 100644
> > --- a/net/core/dev_ioctl.c
> > +++ b/net/core/dev_io
rity bugs
>by doing "git grep strcpy".
FWIW, what I'd like is a lack of ambiguity for both humans and compilers. "Get
rid of strcpy" is the Big Hammer solution for strcpy. The more precise version
is "disallow strcpy of a src or dst where either lack a compile-time buffer
size".
-Kees
--
Kees Cook
C094A90F88@keescook/ [1]
Reported-by: Randy Dunlap
Closes:
https://lore.kernel.org/all/e3754f69-1dea-4542-8de0-a567a14fb...@infradead.org/
Tested-by: Randy Dunlap
Signed-off-by: Kees Cook
---
v2: isolate this specifically to 32-bit x86 -- doing this generally is much
more work
slot since
it is the same size (128B) as other existing single-scope stack variables,
like the vfinfo array (128B), so no additional stack space is used by
this function.
Acked-by: Gustavo A. R. Silva
Signed-off-by: Kees Cook
---
Cc: Kuniyuki Iwashima
Cc: Eric Dumazet
Cc: Jakub Kicinski
Cc
Convert callers of dev_set_mac_address_user() to use struct
sockaddr_storage. Add sanity checks on dev->addr_len usage.
Signed-off-by: Kees Cook
---
Cc: Willem de Bruijn
Cc: Jason Wang
Cc: Andrew Lunn
Cc: "David S. Miller"
Cc: Eric Dumazet
Cc: Jakub Kicinski
Cc: Paolo Abe
To avoid future casting with coming API type changes, switch struct
ncsi_dev_priv::pending_mac to a full struct sockaddr_storage.
Acked-by: Gustavo A. R. Silva
Signed-off-by: Kees Cook
---
Cc: Samuel Mendoza-Jonas
Cc: Paul Fertser
Cc: "David S. Miller"
Cc: Eric Dumazet
Cc: Jaku
Switch to struct sockaddr_storage for calling dev_set_mac_address(). Add
a temporary cast to struct sockaddr, which will be removed in a
subsequent patch.
Acked-by: Gustavo A. R. Silva
Signed-off-by: Kees Cook
---
Cc: Alexander Aring
Cc: Stefan Schmidt
Cc: Miquel Raynal
Cc: "David S. M
All users of dev_set_mac_address() are now using a struct sockaddr_storage.
Convert the internal data type to struct sockaddr_storage, drop the casts,
and update pointer types.
Acked-by: Gustavo A. R. Silva
Signed-off-by: Kees Cook
---
Cc: Jakub Kicinski
Cc: Jay Vosburgh
Cc: Andrew Lunn
Cc
To support coming API type changes, switch to sockaddr_storage usage
internally.
Acked-by: Gustavo A. R. Silva
Signed-off-by: Kees Cook
---
Cc: Andrew Lunn
Cc: "David S. Miller"
Cc: Eric Dumazet
Cc: Jakub Kicinski
Cc: Paolo Abeni
Cc: Hayes Wang
Cc: Douglas Anderson
Cc: Grant Gr
allocation changes.
Acked-by: Gustavo A. R. Silva
Signed-off-by: Kees Cook
---
Cc: "David S. Miller"
Cc: Eric Dumazet
Cc: Jakub Kicinski
Cc: Paolo Abeni
Cc: Simon Horman
Cc: Andrew Lunn
Cc: Stanislav Fomichev
Cc: Cosmin Ratiu
Cc: Lei Yang
Cc: Kuniyuki Iwashima
Cc: Ido Schimmel
Cc:
--
All the callers of inet_addr_is_any() have a sockaddr_storage-backed
sockaddr. Avoid casts and switch prototype to the actual object being
used.
Reviewed-by: Kuniyuki Iwashima
Reviewed-by: Martin K. Petersen # SCSI
Signed-off-by: Kees Cook
---
Cc: Christoph Hellwig
Cc: Sagi Grimberg
Cc
()
- dev_set_mac_address()
- dev_set_mac_address_user()
Only a few callers of dev_set_mac_address() needed adjustment; all others
were already using struct sockaddr_storage internally.
-Kees
Kees Cook (8):
net: core: Convert inet_addr_is_any() to sockaddr_storage
net: core: Switch
1 - 100 of 1874 matches
Mail list logo
