es Cook
Reviewed-by: Nathan Chancellor
> ---
> arch/x86/Makefile | 2 +-
> security/Kconfig.hardening | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/arch/x86/Makefile b/arch/x86/Makefile
> index d25ed25fb7d9..917459d1ad40 100644
> ---
also adjust the comment but it is probably not that big of a
deal since the "temporary" is already pretty stale.
Reviewed-by: Nathan Chancellor
> ---
> Cc: Nathan Chancellor
> Cc: Nick Desaulniers
> Cc: Thomas Gleixner
> Cc: Ingo Molnar
> Cc: Borislav Petkov
> C
On Fri, Mar 07, 2025 at 02:57:06PM -0800, Kees Cook wrote:
>
>
> On March 7, 2025 1:47:34 PM PST, Nathan Chancellor wrote:
> >On Tue, Mar 04, 2025 at 09:50:44AM -0800, Kees Cook wrote:
> >> On Mon, 03 Mar 2025 13:49:37 -0800, Kees Cook wrote:
> >> &g
On Tue, Mar 04, 2025 at 09:50:44AM -0800, Kees Cook wrote:
> On Mon, 03 Mar 2025 13:49:37 -0800, Kees Cook wrote:
> > The i386 regparm bug exposed with FORTIFY_SOURCE with Clang was fixed
> > in Clang 16[1].
> >
> >
>
> Applied to for-next/hardening, thanks!
>
> [1/1] hardening: Enable i386 FOR
-rc3. Hopefully they do not change the init pattern :)
Tested-by: Nathan Chancellor
> ---
> Cc: Nathan Chancellor
> Cc: Bill Wendling
> Cc: Justin Stitt
> Cc: l...@lists.linux.dev
> ---
> lib/tests/stackinit_kunit.c | 30 --
> 1 file chang
On Tue, Mar 04, 2025 at 09:07:57AM -0800, Kees Cook wrote:
> On Tue, Mar 04, 2025 at 03:51:19PM +0100, Thomas Weißschuh wrote:
> > No, it doesn't.
> >
> > Running tests with:
> > $ .kunit/linux kunit.filter_glob=overflow.DEFINE_FLEX_test kunit.enable=1
> > mem=1G console=tty kunit_shutdown=halt
>
nit tests with Clang:
>
> $ ./tools/testing/kunit/kunit.py run \
> --make_options LLVM=1 \
> --make_options SUBARCH=i386
> ...
>
> Fixes: c7500c1b53bf ("um: Allow builds with Clang")
> Signed-off-by: Kees Cook
Reviewed-by: Nathan Chancellor
>
gt; This is also what exists in tools/testing/selftests/lib.mk.
> Minus the missing CONFIG_FORTIFY_SOURCE on clang x86_32
> and a failure of overflow.DEFINE_FLEX_test (clang 19.1.7).
Does Kees's other patch resolve the second issue? It'll obviously fix
the first :P
https
Cook
Yes, thank you for catching this!
Reviewed-by: Nathan Chancellor
I assume you'll take this?
> ---
> Cc: Nathan Chancellor
> Cc: Nick Desaulniers
> Cc: Bill Wendling
> Cc: Justin Stitt
> Cc: "Gustavo A. R. Silva"
> Cc: l...@lists.linux.de
t --arch=x86_64 \
> --make_option CC=gcc-15
>
> Suggested-by: Jakub Jelinek
> Link: https://lore.kernel.org/linux-toolchains/Z0hRrrNU3Q+ro2T7@tucnak/ [1]
> Signed-off-by: Kees Cook
Reviewed-by: Nathan Chancellor
As far as I understand it, clang
Hi John,
On Sat, Dec 28, 2024 at 11:21:27AM +, John Rowley wrote:
> Hi, I'm experiencing UBSAN array-index-out-of-bounds errors while using
> my Framework 13" AMD laptop with its Mediatek MT7922 wifi adapter
> (mt7921e).
>
> It seems to happen only once on boot, and occurs with both kernel
>
Hi Naresh,
+ Kees and linux-hardening, since this is a hardening configuration.
On Mon, Nov 25, 2024 at 07:34:22PM +0530, Naresh Kamboju wrote:
> The arm TI x15 board boot has failed with the Linux next, mainline
> and the Linux stable. Please find boot log and build links.
>
> The boot failed w
On Wed, Oct 30, 2024 at 09:50:42AM -0500, Ira Weiny wrote:
> [snip]
>
> > >> drivers/cxl/cxlmem.h:755:35: error: use of undeclared identifier
> > >> 'regions_retunred'
> > 755 | } __packed region[] __counted_by(regions_retunred);
> > |
ree_initmem+0x95/0x98 ]---
I can confirm that this patch resolves that issue for me and LKDTM's
REPORT_STACK_CANARY test passes with that configuration.
Reviewed-by: Nathan Chancellor
Tested-by: Nathan Chancellor
I presume the '#ifndef CONFIG_X86_64' in arch/x86/entry/entry.S is
On Thu, Sep 26, 2024 at 02:21:42PM +0200, Thorsten Blum wrote:
> On 26. Sep 2024, at 03:46, kernel test robot wrote:
> >
> > Hello,
> >
> > kernel test robot noticed
> > "WARNING:at_lib/string_helpers.c:#__fortify_report" on:
> >
> > commit: 3d2d832826325210abb9849ee96634bf5a197517 ("[PATCH] a
On Sun, Sep 29, 2024 at 08:35:44AM -0700, Linus Torvalds wrote:
> On Sat, 28 Sept 2024 at 11:13, Nathan Chancellor wrote:
> >
> > MODVERSIONS recently grew a dependency on !COMPILE_TEST so that Rust
> > could be more easily tested. However, this introduces a Kconfig warn
On Sun, Sep 29, 2024 at 10:20:59PM +0200, Paul Moore wrote:
> On September 28, 2024 8:26:28 PM Nathan Chancellor wrote:
> > When running get_maintainer.pl on security/Kconfig.hardening, only the
> > security subsystem folks show up, even though they have never taken
> >
q -c
3 Andrew Morton
1 Greg Kroah-Hartman
18 Kees Cook
2 Linus Torvald
Add it to the hardening section so that the KSPP folks are also shown,
which matches reality over who should comment on and take said patches
if necessary.
Signed-off-by: Nathan Chancellor
--
;
MODULES [=y]
Add the !COMPILE_TEST dependency to the selections to clear up the
warning.
Fixes: 1f9c4a996756 ("Kbuild: make MODVERSIONS support depend on not being a
compile test build")
Signed-off-by: Nathan Chancellor
---
security/Kconfig.hardening | 4 ++--
1 file changed, 2 i
On Fri, Sep 27, 2024 at 09:39:54AM +0800, kernel test robot wrote:
> tree: https://git.kernel.org/pub/scm/linux/kernel/git/djiang/linux.git
> cxl/fwctl
> head: b4f2900f53c72de8fc639b62e44763c6a9695d3b
> commit: 5a0496c19151d83cd0d926f8a1488eeaab27509b [13/25] cxl: Add Get
> Supported Features
On Sat, Sep 14, 2024 at 01:32:19AM +0200, Thorsten Blum wrote:
> Thanks for reporting this.
>
> Changing
>
> memset(&mk->mp->attrs[mk->mp->num - 1], 0, sizeof(mk->mp->attrs[0]));
>
> to
>
> memset(mk->mp->attrs + mk->mp->num - 1, 0, sizeof(mk->mp->attrs[0]));
>
> fixes the false-positive war
Hi Thorsten,
On Mon, Sep 09, 2024 at 06:27:26PM +0200, Thorsten Blum wrote:
> Add the __counted_by compiler attribute to the flexible array member
> attrs to improve access bounds-checking via CONFIG_UBSAN_BOUNDS and
> CONFIG_FORTIFY_SOURCE.
>
> Increment num before adding a new param_attribute t
On Wed, Jun 26, 2024 at 11:19:24AM -0600, Keith Busch wrote:
> On Wed, Jun 26, 2024 at 10:06:05AM -0700, Nathan Chancellor wrote:
> > Ping? This is still relevant and I don't think this is a compiler bug
> > that would justify withholding this change.
>
> Sorry, I misun
Ping? This is still relevant and I don't think this is a compiler bug
that would justify withholding this change.
On Wed, May 29, 2024 at 02:42:40PM -0700, Nathan Chancellor wrote:
> Work for __counted_by on generic pointers in structures (not just
> flexible array members) has started
t reference to the flexible array
> (see pkt_add()), which allows for a straightforward annotation without
> further modifications.
Agreed, this seems like a reasonable patch in and of itself that should
work:
Reviewed-by: Nathan Chancellor
It might also make sense to change the pkt alloc
truct. Adjust the tests to check for the condition and for compiler
> support.
>
> Reported-by: Christian Schrefl
> Closes:
> https://lore.kernel.org/all/0bfc6b38-8bc5-4971-b6fb-dc642a73f...@gmail.com/
> Suggested-by: Nathan Chancellor
> Signed-off-by: Kees Cook
Seems
On Thu, May 30, 2024 at 09:40:13AM +0200, Greg Kroah-Hartman wrote:
> On Thu, May 30, 2024 at 08:22:03AM +0200, Jiri Slaby wrote:
> > > This will be an error in a future compiler version
> > > [-Werror,-Wbounds-safety-counted-by-elt-type-unknown-size]
> > > 291 | struct mxser_port po
Hi Jiri,
On Thu, May 30, 2024 at 08:41:18AM +0200, Jiri Slaby wrote:
> On 29. 05. 24, 23:42, Nathan Chancellor wrote:
> >drivers/nvme/target/fc.c:151:2: error: 'counted_by' should not be
> > applied to an array with element of unknown size because 'struct
>
Cc: sta...@vger.kernel.org
Closes: https://github.com/ClangBuiltLinux/linux/issues/2027
Fixes: ccd3129aca28 ("nvmet-fc: Annotate struct nvmet_fc_tgt_queue with
__counted_by")
Signed-off-by: Nathan Chancellor
---
drivers/nvme/target/fc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletio
://github.com/ClangBuiltLinux/linux/issues/2026
Fixes: f34907ecca71 ("mxser: Annotate struct mxser_board with __counted_by")
Signed-off-by: Nathan Chancellor
---
drivers/tty/mxser.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/tty/mxser.c b/drivers/tty/mxser.c
On Tue, May 07, 2024 at 12:46:46PM +0200, Johannes Berg wrote:
> On Thu, 2024-04-25 at 11:13 -0700, Nathan Chancellor wrote:
> > On Wed, Apr 24, 2024 at 03:01:01PM -0700, Kees Cook wrote:
> > > Before request->channels[] can be used, request->n_channels must be set.
>
whatever choice
was made at compile time. This patch was a perfect excuse to put my new
CET enabled test machine to work.
Reviewed-by: Nathan Chancellor
Tested-by: Nathan Chancellor
CFI_DEFAULT_AUTO reads a little bit better to me personally but I am not
looking to get into painting today :)
On Mon, Apr 29, 2024 at 10:35:03PM -0700, Kees Cook wrote:
> On Mon, Apr 29, 2024 at 03:16:50PM -0700, Nathan Chancellor wrote:
> > On Fri, Apr 26, 2024 at 03:29:44PM -0700, Kees Cook wrote:
> > [...]
> > > +# Enable Kernel Control Flow Integrity (currently Clang only).
&
LANG=y for x86 and arm64. (And disable FINEIBT since
> it isn't as secure as straight KCFI.)
>
> - CONFIG_PAGE_TABLE_CHECK=y for userspace mapping sanity.
>
> Signed-off-by: Kees Cook
Seems reasonable to me.
Reviewed-by: Nathan Chancellor
One comment below.
> ---
>
for earlier Clang versions today. Force the
> calling convention to use non-register arguments.
>
> Reported-by: Erhard Furtner
> Closes: https://github.com/KSPP/linux/issues/350
> Signed-off-by: Kees Cook
Acked-by: Nathan Chancellor
> ---
> Cc: Marco Elver
> Cc: Andr
") rather than
> via the first "out of bounds" index of "channels", otherwise run-time
> bounds checking will throw a warning.
>
> Reported-by: Nathan Chancellor
> Fixes: e3eac9f32ec0 ("wifi: cfg80211: Annotate struct cfg80211_scan_request
>
zation to before the first access of ->hws, which
clears up the warning.
Cc: sta...@vger.kernel.org
Fixes: f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with
__counted_by")
Signed-off-by: Nathan Chancellor
---
drivers/clk/bcm/clk-raspberrypi.c | 2 +-
1 file changed, 1
re the first access of ->hws, which
clears up the warning.
Cc: sta...@vger.kernel.org
Fixes: f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with
__counted_by")
Signed-off-by: Nathan Chancellor
---
drivers/clk/bcm/clk-bcm2711-dvp.c | 3 ++-
1 file changed, 2 insertions(+), 1
/c/79a2207963b8fea452acfc5dea13ed54bd36c7e1
---
Nathan Chancellor (2):
clk: bcm: dvp: Assign ->num before accessing ->hws
clk: bcm: rpi: Assign ->num before accessing ->hws
drivers/clk/bcm/clk-bcm2711-dvp.c | 3 ++-
drivers/clk/bcm/clk-raspberrypi.c | 2 +-
2 file
https://github.com/KSPP/linux/issues/350
> Signed-off-by: Kees Cook
> ---
> Cc: Marco Elver
> Cc: Andrey Konovalov
> Cc: Andrey Ryabinin
> Cc: Nathan Chancellor
> Cc: Nick Desaulniers
> Cc: Bill Wendling
> Cc: Justin Stitt
> Cc: l...@lists.linux.dev
> Cc: ka
ed failure code: f2005515 [#1]
> PREEMPT SMP
>
> Reported-by: Nathan Chancellor
> Closes:
> https://lore.kernel.org/lkml/20240411-fix-ubsan-in-hardening-config-v1-0-e0177c80f...@kernel.org
> Fixes: 557f8c582a9b ("ubsan: Reintroduce signed overflow sanitizer")
On Mon, Apr 15, 2024 at 11:15:05AM -0700, Kees Cook wrote:
> On Thu, Apr 11, 2024 at 11:11:05AM -0700, Nathan Chancellor wrote:
> > [0.189542] Internal error: UBSAN: unrecognized failure code:
> > f2005515 [#1] PREEMPT SMP
>
> Oops! Yes, I didn't update t
. Disable CONFIG_UBSAN_SIGNED_WRAP in
hardening.config to avoid this situation.
Fixes: 557f8c582a9b ("ubsan: Reintroduce signed overflow sanitizer")
Signed-off-by: Nathan Chancellor
---
kernel/configs/hardening.config | 1 +
1 file changed, 1 insertion(+)
diff --git a/kernel/configs/hardenin
AN_ENUM is not set
# CONFIG_TEST_UBSAN is not set
Fixes: 215199e3d9f3 ("hardening: Provide Kconfig fragments for basic options")
Signed-off-by: Nathan Chancellor
---
kernel/configs/hardening.config | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --
nel_init+0x28/0x1b8
[0.200123] ret_from_fork+0x10/0x20
[0.200547] Code: 5460 37f80080 39400268 371001c8 (d42aa2a0)
[0.200996] ---[ end trace 0000 ]---
---
Nathan Chancellor (2):
configs/hardening: Fix disabling UBSAN configurations
configs/hardenin
The current message for telling the user that their compiler does not
support the counted_by attribute in the FAM_BOUNDS test does not make
much sense either grammatically or semantically. Fix it to make it
correct in both aspects.
Signed-off-by: Nathan Chancellor
---
drivers/misc/lkdtm/bugs.c
On Wed, Feb 28, 2024 at 08:41:07AM +, Lukasz Luba wrote:
> Hi Nathan and Kees,
>
> On 2/27/24 17:00, Kees Cook wrote:
> > On Tue, Feb 27, 2024 at 05:47:44PM +0100, Daniel Lezcano wrote:
> > > Ok my misunderstanding was I thought sizeof() was calling _bdos under the
> > > hood, so when calling
Hi Daniel and Lukasz,
On Tue, Feb 27, 2024 at 04:37:36PM +0100, Daniel Lezcano wrote:
> On 27/02/2024 12:09, Rafael J. Wysocki wrote:
> > On Tue, Feb 27, 2024 at 11:14 AM Daniel Lezcano
> > wrote:
> > >
> > > On 27/02/2024 01:54, Nathan Chancel
core: Store zone trips table in struct
thermal_zone_device")
Signed-off-by: Nathan Chancellor
---
drivers/thermal/thermal_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/thermal/thermal_core.c b/drivers/thermal/thermal_core.c
index bb21f78b4bfa..1eabc8ebe27d 10
Now that the minimum supported version of LLVM for building the kernel
has been bumped to 13.0.1, this condition is always true, as the build
will fail during the configuration stage for older LLVM versions. Remove
it.
Signed-off-by: Nathan Chancellor
---
Cc: keesc...@chromium.org
Cc: linux
kernel.org/20240109-update-llvm-links-v1-0-eb09b59db...@kernel.org/
---
Nathan Chancellor (11):
kbuild: Raise the minimum supported version of LLVM to 13.0.1
Makefile: Drop warn-stack-size plugin opt
x86: Drop stack-alignment plugin opt
ARM: Remove Thumb2 __builtin_thread_pointer
51 matches
Mail list logo
