Re: BTI interaction between seccomp filters in systemd and glibc mprotect calls, causing service failures

On Sat, 24 Oct 2020 at 12:34, Topi Miettinen wrote: > > On 23.10.2020 20.52, Salvatore Mesoraca wrote: > > Hi, > > > > On Thu, 22 Oct 2020 at 23:24, Topi Miettinen wrote: > >> SARA looks interesting. What is missing is a prctl() to enable all W^X > >&g

Re: BTI interaction between seccomp filters in systemd and glibc mprotect calls, causing service failures

Hi, On Thu, 22 Oct 2020 at 23:24, Topi Miettinen wrote: > SARA looks interesting. What is missing is a prctl() to enable all W^X > protections irrevocably for the current process, then systemd could > enable it for services with MemoryDenyWriteExecute=yes. SARA actually has a procattr[0] interfa

Re: [PATCH v5 04/12] S.A.R.A.: generic DFA for string matching

Salvatore Mesoraca wrote: > > Jann Horn wrote: > > > > On Sat, Jul 6, 2019 at 12:55 PM Salvatore Mesoraca > > wrote: > > > Creation of a generic Discrete Finite Automata implementation > > > for string matching. The transition tables have to be produced

Re: [PATCH v5 11/12] S.A.R.A.: /proc/*/mem write limitation

Jann Horn wrote: > > On Sat, Jul 6, 2019 at 12:55 PM Salvatore Mesoraca > wrote: > > Prevent a task from opening, in "write" mode, any /proc/*/mem > > file that operates on the task's mm. > > A process could use it to overwrite read-only m

Re: [PATCH v5 04/12] S.A.R.A.: generic DFA for string matching

Jann Horn wrote: > > On Sat, Jul 6, 2019 at 12:55 PM Salvatore Mesoraca > wrote: > > Creation of a generic Discrete Finite Automata implementation > > for string matching. The transition tables have to be produced > > in user-space. > > This allows us to possibly

Re: [PATCH v5 06/12] S.A.R.A.: WX protection

Al Viro wrote: > > On Sat, Jul 06, 2019 at 12:54:47PM +0200, Salvatore Mesoraca wrote: > > > +#define sara_warn_or_return(err, msg) do { \ > > + if ((sara_wxp_flags & SARA_WXP_VERBOSE))\ > > + pr_wxp(msg);

Re: [PATCH v5 00/12] S.A.R.A. a new stacked LSM

James Morris wrote: > > On Sat, 6 Jul 2019, Salvatore Mesoraca wrote: > > > S.A.R.A. (S.A.R.A. is Another Recursive Acronym) is a stacked Linux > > Please make this just SARA. Nobody wants to read or type S.A.R.A. Agreed. Thank you for your suggestion.

Re: [PATCH v5 01/12] S.A.R.A.: add documentation

Randy Dunlap wrote: > > Hi, > > Just a few typo fixes (inline). Hi Randy, thank you for your help! I'll address these and the other fixes in the next version of the patchset. Best, Salvatore

Re: [PATCH v5 00/12] S.A.R.A. a new stacked LSM

You are right. I just forgot to remove that paragraph from the cover letter. My bad. Thank you for noticing that :) Il giorno sab 6 lug 2019 alle ore 16:33 Jordan Glover ha scritto: > > On Saturday, July 6, 2019 10:54 AM, Salvatore Mesoraca > wrote: > > > S.A.R.A. is meant to

[PATCH v5 03/12] S.A.R.A.: cred blob management

eam, so this part will be modified as soon as the LSM stackable cred blob management will be available. Signed-off-by: Salvatore Mesoraca --- security/sara/Makefile| 2 +- security/sara/include/sara_data.h | 84 +++ security/sara/main.c

[PATCH v5 07/12] LSM: creation of "pagefault_handler" LSM hook

esn't introduce new exploit vectors. - It's a feature that can be turned on only if needed, on a per executable file basis. Signed-off-by: Salvatore Mesoraca --- arch/Kconfig | 6 ++ arch/x86/Kconfig | 1 + arch/x86/mm/fault.c | 6 ++ include/linux

[PATCH v5 05/12] LSM: creation of "check_vmflags" LSM hook

his hook is also used to determine what to do with an RWE PT_GNU_STACK header. This allows LSM to force the loader to silently ignore executable stack markings, which is useful a thing to do when trampoline emulation is available. Signed-off-by: Salvatore Mesoraca --- fs/binfmt_elf.c |

[PATCH v5 04/12] S.A.R.A.: generic DFA for string matching

-by: Salvatore Mesoraca --- security/sara/Kconfig| 22 +++ security/sara/Makefile | 3 +- security/sara/dfa.c | 335 +++ security/sara/dfa_test.c | 135 security/sara/include/dfa.h | 52

[PATCH v5 08/12] S.A.R.A.: trampoline emulation

ct the original grsecurity/PaX code. Signed-off-by: Salvatore Mesoraca --- arch/x86/Kbuild| 2 + arch/x86/security/Makefile | 2 + arch/x86/security/sara/Makefile| 1 + arch/x86/security/sara/emutramp.c | 57 arch/x86/

[PATCH v5 10/12] S.A.R.A.: XATTRs support

Adds support for extended filesystem attributes in security and user namespaces. They can be used to override flags set via the centralized configuration, even when S.A.R.A. configuration is locked or saractl is not used at all. Signed-off-by: Salvatore Mesoraca --- Documentation/admin-guide

[PATCH v5 12/12] MAINTAINERS: take maintainership for S.A.R.A.

Signed-off-by: Salvatore Mesoraca --- MAINTAINERS | 9 + 1 file changed, 9 insertions(+) diff --git a/MAINTAINERS b/MAINTAINERS index f16e5d0..de6dab1 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -13925,6 +13925,15 @@ F: drivers/phy/samsung/phy-s5pv210-usb2.c F: drivers/phy

[PATCH v5 06/12] S.A.R.A.: WX protection

some of the features available in PaX according to my understanding of the code. Changes or omissions from the original code are mine and don't reflect the original grsecurity/PaX code. Signed-off-by: Salvatore Mesoraca --- security/sara/Kconfig | 74 + security/sara/Makefi

[PATCH v5 11/12] S.A.R.A.: /proc/*/mem write limitation

Prevent a task from opening, in "write" mode, any /proc/*/mem file that operates on the task's mm. A process could use it to overwrite read-only memory, bypassing S.A.R.A. restrictions. Signed-off-by: Salvatore Mesoraca --- security/sara/include/sara_data.h | 18 -

[PATCH v5 09/12] S.A.R.A.: WX protection procattr interface

feature can be use to run the JIT compiler with few restrictions while enforcing full WX Protection in the rest of the program. To simplify access to this interface a CC0 licensed library is available here: https://github.com/smeso/libsara Signed-off-by: Salvatore Mesoraca --- fs/proc/base.c

[PATCH v5 00/12] S.A.R.A. a new stacked LSM

other minor fixes not worth mentionig here. Changes in v5: - Updated the code to use the new stacking interface. - Path matching is now done using a DFA Salvatore Mesoraca (12): S.A.R.A.: add documentation S.A.R.A.: create framework S.A.R.A.: cred blob management S.A.R.A.:

[PATCH v5 01/12] S.A.R.A.: add documentation

Adding documentation for S.A.R.A. LSM. Signed-off-by: Salvatore Mesoraca --- Documentation/admin-guide/LSM/SARA.rst | 177 Documentation/admin-guide/LSM/index.rst | 1 + Documentation/admin-guide/kernel-parameters.txt | 24 3 files changed, 202

[PATCH v5 02/12] S.A.R.A.: create framework

: Salvatore Mesoraca --- security/Kconfig | 11 +- security/Makefile | 2 + security/sara/Kconfig | 40 +++ security/sara/Makefile | 3 + security/sara/include/sara.h | 29 ++ security/sara/include/securityfs.h | 61

Re: [PATCH v2] kconfig: add hardened defconfig helpers

Jonathan Corbet wrote: > [omissis] > > Some overall thoughts: > > - As Sam asked: who are the users of this feature? Presumably you have > some real people out there in mind for each of these levels, or you would > not have created them? In general this feature will be useful for all those p

Re: [PATCH] proc: prevent a task from writing on its own /proc/*/mem

2018-06-04 18:57 GMT+02:00 Steve Kemp : >> A configurable LSM is probably the right way to do this. > > I wonder how many out of tree LSM there are? Looking at the mainline > kernel the only "small" LSM bundled is YAMA, and it seems that most of > the patches proposing new ones eventually die out.

Re: [PATCH] proc: prevent a task from writing on its own /proc/*/mem

2018-05-28 11:06 GMT+02:00 Jann Horn : > On Sat, May 26, 2018 at 4:50 PM, Salvatore Mesoraca > wrote: >> Prevent a task from opening, in "write" mode, any /proc/*/mem >> file that operates on the task's mm. >> /proc/*/mem is mainly a debugging means and,

Re: [PATCH] proc: prevent a task from writing on its own /proc/*/mem

2018-05-27 3:33 GMT+02:00 Linus Torvalds : > On Sat, May 26, 2018 at 5:32 PM Kees Cook wrote: > >> I went through some old threads from 2012 when e268337dfe26 was >> introduced, and later when things got looked at during DirtyCOW. There >> was discussion about removing FOLL_FORCE (in order to bloc

Re: [PATCH] proc: prevent a task from writing on its own /proc/*/mem

2018-05-26 17:48 GMT+02:00 Alexey Dobriyan : > On Sat, May 26, 2018 at 04:50:46PM +0200, Salvatore Mesoraca wrote: >> Prevent a task from opening, in "write" mode, any /proc/*/mem >> file that operates on the task's mm. >> /proc/*/mem is mainly a debugging me

[PATCH] proc: prevent a task from writing on its own /proc/*/mem

/mem file. A process can use it to overwrite read-only memory, making pointless the use of security_file_mprotect() or other ways to enforce RO memory. Signed-off-by: Salvatore Mesoraca --- fs/proc/base.c | 25 ++--- fs/proc/internal.h | 3 ++- fs/proc/task_mmu.c

Re: [PATCH v2] net: dsa: drop some VLAs in switch.c

2018-05-08 11:39 GMT+02:00 David Laight : > From: Salvatore Mesoraca >> Sent: 07 May 2018 20:03 > ... >> This optimization will save us an allocation when number of ports is >> less than 32 or 64 (depending on arch). >> IMHO it's useful, if you consider that, r

Re: [PATCH v2] net: dsa: drop some VLAs in switch.c

2018-05-07 21:26 GMT+02:00 Andrew Lunn : >> >> +++ b/include/net/dsa.h >> >> @@ -256,6 +256,9 @@ struct dsa_switch { >> >> /* Number of switch port queues */ >> >> unsigned intnum_tx_queues; >> >> >> >> + unsigned long *bitmap; >> >> + unsigned long

Re: [PATCH v2] net: dsa: drop some VLAs in switch.c

2018-05-07 20:14 GMT+02:00 Florian Fainelli : > On 05/07/2018 08:23 AM, Salvatore Mesoraca wrote: >> We avoid 2 VLAs by using a pre-allocated field in dsa_switch. >> We also try to avoid dynamic allocation whenever possible. >> >> Link: >> ht

[PATCH v2] net: dsa: drop some VLAs in switch.c

: Salvatore Mesoraca --- include/net/dsa.h | 3 +++ net/dsa/dsa2.c| 14 ++ net/dsa/switch.c | 22 ++ 3 files changed, 27 insertions(+), 12 deletions(-) diff --git a/include/net/dsa.h b/include/net/dsa.h index 60fb4ec..576791d 100644 --- a/include/net/dsa.h

Re: [PATCH] net: dsa: drop some VLAs in switch.c

2018-03-13 21:06 GMT+01:00 Florian Fainelli : > On 03/13/2018 12:58 PM, Vivien Didelot wrote: >> Hi Salvatore, >> >> Salvatore Mesoraca writes: >> >>> dsa_switch's num_ports is currently fixed to DSA_MAX_PORTS. So we avoid >>> 2 VLAs[1] by using

Re: [PATCH v2 0/2] crypto: removing various VLAs

2018-04-20 18:51 GMT+02:00 Herbert Xu : > On Mon, Apr 09, 2018 at 03:54:45PM +0200, Salvatore Mesoraca wrote: >> v2: >> As suggested by Herbert Xu, the blocksize and alignmask checks >> have been moved to crypto_check_alg. >> So, now, all the ot

Re: [PATCH v4] Protected FIFOs and regular files

2018-04-10 23:23 GMT+02:00 Kees Cook : > On Wed, Feb 28, 2018 at 1:22 AM, Salvatore Mesoraca > wrote: >> 2018-02-27 21:22 GMT+01:00 Kees Cook : >>> On Tue, Feb 27, 2018 at 11:47 AM, Kees Cook wrote: >>>> [...] >>>> >>>> I think this look

Re: [PATCH v2 0/2] crypto: removing various VLAs

2018-04-09 16:35 GMT+02:00 David Laight : > From: Salvatore Mesoraca >> Sent: 09 April 2018 14:55 >> >> v2: >> As suggested by Herbert Xu, the blocksize and alignmask checks >> have been moved to crypto_check_alg. >> So, now, all the

Re: [PATCH 0/6] Remove several VLAs in the crypto subsystem

Please ignore this thread, I sent the old patch-set again by mistake :( I'm sorry for the noise. Salvatore

Re: [PATCH 0/6] Remove several VLAs in the crypto subsystem

Please ignore this thread I sent the old patch-set again by mistake :( I'm sorry for the noise. Salvatore

[PATCH v2 2/2] crypto: remove several VLAs

We avoid various VLAs[1] by using constant expressions for block size and alignment mask. [1] http://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com Signed-off-by: Salvatore Mesoraca --- crypto/cfb.c| 7 +++ crypto/cipher.c | 3 ++- crypto/ctr.c

[PATCH 1/6] crypto: api - laying macros for statically allocated buffers

://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com Signed-off-by: Salvatore Mesoraca --- crypto/internal.h | 8 1 file changed, 8 insertions(+) diff --git a/crypto/internal.h b/crypto/internal.h index 9a3f399..89ae41e 100644 --- a/crypto/internal.h +++ b/crypto

[PATCH v2 0/2] crypto: removing various VLAs

-dd95-2d4286913...@redhat.com Salvatore Mesoraca (2): crypto: api - laying defines and checks for statically allocated buffers crypto: remove several VLAs crypto/algapi.c | 10 ++ crypto/cfb.c| 7 +++ crypto/cipher.c | 3 ++- crypto/ctr.c

[PATCH 4/6] crypto: pcbc - avoid VLA use

ff-by: Salvatore Mesoraca --- crypto/pcbc.c | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/crypto/pcbc.c b/crypto/pcbc.c index d9e45a9..797da2f 100644 --- a/crypto/pcbc.c +++ b/crypto/pcbc.c @@ -21,6 +21,7 @@ #include #include #include +#include "

[PATCH 6/6] crypto: cfb - avoid VLA use

aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com Signed-off-by: Salvatore Mesoraca --- crypto/cfb.c | 14 ++ 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/crypto/cfb.c b/crypto/cfb.c index 94ee39b..f500816 100644 --- a/crypto/cfb.c +++ b/crypto/cfb.c @@

[PATCH 3/6] crypto: api - avoid VLA use

cu1rq...@mail.gmail.com Signed-off-by: Salvatore Mesoraca --- crypto/cipher.c | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/cipher.c b/crypto/cipher.c index 94fa355..9cedf23 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -67,7 +67,7 @@ static void cipher_crypt_unaligned

[PATCH v2 1/2] crypto: api - laying defines and checks for statically allocated buffers

crypto_check_alg when a new cipher is registered. [1] http://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com Signed-off-by: Salvatore Mesoraca --- crypto/algapi.c | 10 ++ include/crypto/algapi.h | 8 2 files changed, 18 insertions(+) diff

[PATCH 5/6] crypto: cts - avoid VLA use

d-off-by: Salvatore Mesoraca --- crypto/cts.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/crypto/cts.c b/crypto/cts.c index 4773c18..12e6bd3 100644 --- a/crypto/cts.c +++ b/crypto/cts.c @@ -50,6 +50,7 @@ #include #include #include +#include "internal.h&

[PATCH 0/6] Remove several VLAs in the crypto subsystem

aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com [2] http://lkml.kernel.org/r/4e536889-439a-49e6-dd95-2d4286913...@redhat.com Salvatore Mesoraca (6): crypto: api - laying macros for statically allocated buffers crypto: ctr - avoid VLA use crypto: api - avoid VLA use crypto: pcbc - avoid VLA use c

[PATCH 2/6] crypto: ctr - avoid VLA use

cu1rq...@mail.gmail.com Signed-off-by: Salvatore Mesoraca --- crypto/ctr.c | 13 +++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/crypto/ctr.c b/crypto/ctr.c index 854d924..ce62552 100644 --- a/crypto/ctr.c +++ b/crypto/ctr.c @@ -20,6 +20,7 @@ #include #include #include +#in

Re: [PATCH 3/6] crypto: api - avoid VLA use

2018-04-08 11:22 GMT+02:00 Herbert Xu : > On Sun, Apr 08, 2018 at 11:07:12AM +0200, Salvatore Mesoraca wrote: >> >> > This check should be done when the algorithm is registered. Perhaps >> > crypto_check_alg. >> >> Please correct me if I'm wrong: &

Re: [PATCH 3/6] crypto: api - avoid VLA use

2018-04-08 5:16 GMT+02:00 Herbert Xu : > On Sat, Apr 07, 2018 at 08:38:20PM +0200, Salvatore Mesoraca wrote: >> >> int crypto_init_cipher_ops(struct crypto_tfm *tfm) >> { >> + const unsigned long alignmask = crypto_tfm_alg_alignmask(tfm); >&

Re: [PATCH 2/6] crypto: ctr - avoid VLA use

018-04-08 5:19 GMT+02:00 Herbert Xu : > On Sat, Apr 07, 2018 at 08:38:19PM +0200, Salvatore Mesoraca wrote: >> >> @@ -206,6 +207,14 @@ static struct crypto_instance *crypto_ctr_alloc(struct >> rtattr **tb) >> if (alg->cra_blocksize < 4)

Re: [PATCH 1/6] crypto: api - laying macros for statically allocated buffers

2018-04-08 5:15 GMT+02:00 Herbert Xu : > On Sat, Apr 07, 2018 at 08:38:18PM +0200, Salvatore Mesoraca wrote: >> Creating 2 new compile-time constants for internal use, >> in preparation for the removal of VLAs[1] from crypto code. >> All ciphers implemented in Linux have a bl

Re: [PATCH 0/6] Remove several VLAs in the crypto subsystem

2018-04-07 21:56 GMT+02:00 Kees Cook : > On Sat, Apr 7, 2018 at 11:38 AM, Salvatore Mesoraca > wrote: >> As suggested by Laura Abbott[2], I'm resending my patch with >> MAX_BLOCKSIZE and MAX_ALIGNMASK defined in an header, so they >> can be used in other places. &

[PATCH 4/6] crypto: pcbc - avoid VLA use

ff-by: Salvatore Mesoraca --- crypto/pcbc.c | 9 +++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/crypto/pcbc.c b/crypto/pcbc.c index d9e45a9..797da2f 100644 --- a/crypto/pcbc.c +++ b/crypto/pcbc.c @@ -21,6 +21,7 @@ #include #include #include +#include "

[PATCH 1/6] crypto: api - laying macros for statically allocated buffers

://lkml.kernel.org/r/CA+55aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com Signed-off-by: Salvatore Mesoraca --- crypto/internal.h | 8 1 file changed, 8 insertions(+) diff --git a/crypto/internal.h b/crypto/internal.h index 9a3f399..89ae41e 100644 --- a/crypto/internal.h +++ b/crypto

[PATCH 6/6] crypto: cfb - avoid VLA use

aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com Signed-off-by: Salvatore Mesoraca --- crypto/cfb.c | 14 ++ 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/crypto/cfb.c b/crypto/cfb.c index 94ee39b..f500816 100644 --- a/crypto/cfb.c +++ b/crypto/cfb.c @@

[PATCH 3/6] crypto: api - avoid VLA use

cu1rq...@mail.gmail.com Signed-off-by: Salvatore Mesoraca --- crypto/cipher.c | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/crypto/cipher.c b/crypto/cipher.c index 94fa355..9cedf23 100644 --- a/crypto/cipher.c +++ b/crypto/cipher.c @@ -67,7 +67,7 @@ static void cipher_crypt_unaligned

[PATCH 5/6] crypto: cts - avoid VLA use

d-off-by: Salvatore Mesoraca --- crypto/cts.c | 8 ++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/crypto/cts.c b/crypto/cts.c index 4773c18..12e6bd3 100644 --- a/crypto/cts.c +++ b/crypto/cts.c @@ -50,6 +50,7 @@ #include #include #include +#include "internal.h&

[PATCH 2/6] crypto: ctr - avoid VLA use

cu1rq...@mail.gmail.com Signed-off-by: Salvatore Mesoraca --- crypto/ctr.c | 13 +++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/crypto/ctr.c b/crypto/ctr.c index 854d924..ce62552 100644 --- a/crypto/ctr.c +++ b/crypto/ctr.c @@ -20,6 +20,7 @@ #include #include #include +#in

[PATCH 0/6] Remove several VLAs in the crypto subsystem

aFzCG-zNmZwX4A2FQpadafLfEzK6CC=qpxydaacu1rq...@mail.gmail.com [2] http://lkml.kernel.org/r/4e536889-439a-49e6-dd95-2d4286913...@redhat.com Salvatore Mesoraca (6): crypto: api - laying macros for statically allocated buffers crypto: ctr - avoid VLA use crypto: api - avoid VLA use crypto: pcbc - avoid VLA use c

Re: [v3] crypto: ctr - avoid VLA use

2018-04-03 23:37 GMT+02:00 Laura Abbott : > On 03/30/2018 01:53 AM, Salvatore Mesoraca wrote: >> --- >> crypto/ctr.c | 15 +-- >> 1 file changed, 13 insertions(+), 2 deletions(-) >> >> diff --git a/crypto/ctr.c b/crypto/ctr.c >> index 854d92

Re: [v2] ftrace: drop a VLA in module_exists()

2018-03-30 16:34 GMT+02:00 Steven Rostedt : > On Fri, 30 Mar 2018 10:53:08 +0200 > Salvatore Mesoraca wrote: > > Couple of things. First, "PATCH" was dropped from the subject. If my > inbox was busy today, I probably would have missed this email. Aargh, I'm sorr

[v3] crypto: ctr - avoid VLA use

also check the selected cipher at instance creation time, if it doesn't comply with these limits, we fail the creation. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Salvatore Mesoraca --- crypto/ctr.c | 15 +-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --

[v2] ftrace: drop a VLA in module_exists()

. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Salvatore Mesoraca --- kernel/trace/ftrace.c | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index eac9ce2..16bbf06 100644 --- a/kernel/trace/ftrace.c +++ b/kernel

Re: [PATCH] ftrace: drop a VLA in module_exists()

2018-03-27 1:16 GMT+02:00 Kees Cook : > On Tue, Mar 13, 2018 at 12:51 PM, Salvatore Mesoraca > wrote: >> Avoid a VLA[1] by using a real constant expression instead of a variable. >> The compiler should be able to optimize the original code and avoid using >> an actual VL

Re: [PATCH v2] crypto: ctr - avoid VLA use

2018-03-23 16:36 GMT+01:00 Herbert Xu : > On Thu, Mar 15, 2018 at 12:18:58PM +0100, Salvatore Mesoraca wrote: >> >> +#define MAX_BLOCKSIZE 16 >> + >> +#ifdef CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS >> +#define MAX_ALIGNMASK 15 >> +#else >> +#define

Re: [PATCH] net: dsa: drop some VLAs in switch.c

2018-03-14 13:48 GMT+01:00 Salvatore Mesoraca : > 2018-03-14 12:24 GMT+01:00 David Laight : >> Isn't using DECLARE_BITMAP() completely OTT when the maximum size is less >> than the number of bits in a word? > > It allocates ceiling(size/8) "unsigned long"s, so y

[PATCH v2] crypto: ctr - avoid VLA use

also check the selected cipher at instance creation time, if it doesn't comply with these limits, we fail the creation. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Salvatore Mesoraca --- crypto/ctr.c | 20 ++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff

Re: [PATCH] crypto: ctr: avoid VLA use

2018-03-15 10:54 GMT+01:00 Herbert Xu : > On Wed, Mar 14, 2018 at 02:17:30PM +0100, Salvatore Mesoraca wrote: >> All ciphers implemented in Linux have a block size less than or >> equal to 16 bytes and the most demanding hw require 16 bits >> alignment for the block buffer.

Re: [PATCH] crypto: ctr: avoid VLA use

2018-03-14 19:31 GMT+01:00 Eric Biggers : > On Wed, Mar 14, 2018 at 02:17:30PM +0100, Salvatore Mesoraca wrote: >> All ciphers implemented in Linux have a block size less than or >> equal to 16 bytes and the most demanding hw require 16 bits >> alignment for the block buffer.

Re: [PATCH] Btrfs: drop a VLA in btrfs_check_super_csum()

2018-03-14 16:42 GMT+01:00 David Sterba : > We already have a patch for that from a few days ago, but thanks anyway. > > https://patchwork.kernel.org/patch/10277901/ Oh.. OK Best regards, Salvatore

Re: [PATCH] crypto: ctr: avoid VLA use

2018-03-14 14:31 GMT+01:00 Stephan Mueller : > Am Mittwoch, 14. März 2018, 14:17:30 CET schrieb Salvatore Mesoraca: > > Hi Salvatore, > >> if (walk.nbytes) { >> - crypto_ctr_crypt_final(&walk, child); >> - err =

[PATCH] scsi: eata: drop EATA and EATA-PIO drivers

Remove support for EATA and EATA-PIO SCSI host adapters. These devices are ancient and, apparently, nobody is still using them. https://lkml.kernel.org/r/20180313090540.GA4810%20()%20infradead%20!%20org Signed-off-by: Salvatore Mesoraca --- Documentation/scsi/scsi-parameters.txt |2

[PATCH] crypto: ctr: avoid VLA use

check, at runtime, that our assumptions still stand, possibly dynamically allocating a new buffer, just in case something changes in the future. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Salvatore Mesoraca --- Notes: Can we maybe skip the runtime check? crypto/ctr.c | 50

Re: [PATCH] net: dsa: drop some VLAs in switch.c

2018-03-14 12:24 GMT+01:00 David Laight : > Isn't using DECLARE_BITMAP() completely OTT when the maximum size is less > than the number of bits in a word? It allocates ceiling(size/8) "unsigned long"s, so yes.

Re: [PATCH] drm/i915: drop various VLAs in i915_debugfs.c

2018-03-14 13:27 GMT+01:00 Joonas Lahtinen : > CHV_SS_MAX should be good enough. Make these function scoped (so #define > at the beginning and #undef at the end of function). > > Do use ARRAY_SIZE() instead of repeating. Thank you very much for your suggestions. Unfortunately, it seems that someon

Re: [PATCH] drm/i915: drop various VLAs in i915_debugfs.c

2018-03-14 13:17 GMT+01:00 Jani Nikula : > Thanks for your patch. However, Chris beat you to it with: > > 7aa0b14ede64 ("drm/i915: Remove variable length arrays from sseu debugfs > printers") I didn't notice it :) > as well as adding -Wvla to our subdir-ccflags-y to prevent more from > cropping u

Re: [PATCH] scsi: eata: drop VLA in reorder()

2018-03-13 10:05 GMT+01:00 Christoph Hellwig : > On Mon, Mar 12, 2018 at 10:35:36PM -0400, Martin K. Petersen wrote: >> No objections to Salvatore's patch but I have a slight affinity for >> retiring unused code over patching it. So unless there are objections... > > Lets kill it. And the not DMA

Re: [PATCH] net: dsa: drop some VLAs in switch.c

2018-03-13 20:58 GMT+01:00 Vivien Didelot : > Hi Salvatore, Hi Vivien, > Salvatore Mesoraca writes: > >> dsa_switch's num_ports is currently fixed to DSA_MAX_PORTS. So we avoid >> 2 VLAs[1] by using DSA_MAX_PORTS instead of ds->num_ports. >> >&g

[PATCH] ocfs2: drop a VLA in ocfs2_orphan_del()

. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Salvatore Mesoraca --- fs/ocfs2/namei.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fs/ocfs2/namei.c b/fs/ocfs2/namei.c index c801edd..41ef356 100644 --- a/fs/ocfs2/namei.c +++ b/fs/ocfs2/namei.c @@ -2332,8 +2332,7

[PATCH] drm/i915: drop various VLAs in i915_debugfs.c

code. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Salvatore Mesoraca --- drivers/gpu/drm/i915/i915_debugfs.c | 26 -- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/drivers/gpu/drm/i915/i915_debugfs.c b/drivers/gpu/drm/i915/i915_debugfs.c index

[PATCH] ftrace: drop a VLA in module_exists()

. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Salvatore Mesoraca --- kernel/trace/ftrace.c | 7 +++ 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/kernel/trace/ftrace.c b/kernel/trace/ftrace.c index eac9ce2..adebb92 100644 --- a/kernel/trace/ftrace.c +++ b/kernel

[PATCH] net: dsa: drop some VLAs in switch.c

dsa_switch's num_ports is currently fixed to DSA_MAX_PORTS. So we avoid 2 VLAs[1] by using DSA_MAX_PORTS instead of ds->num_ports. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Salvatore Mesoraca --- net/dsa/switch.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) di

[PATCH] Btrfs: drop a VLA in btrfs_check_super_csum()

. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Salvatore Mesoraca --- fs/btrfs/disk-io.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/fs/btrfs/disk-io.c b/fs/btrfs/disk-io.c index 21f34ad..88cef92 100644 --- a/fs/btrfs/disk-io.c +++ b/fs/btrfs/disk-io.c

[PATCH v3] scsi: eata: drop VLAs in reorder()

Avoid 3 VLAs[1] by using a single dinamically allocated array and some helper variables: we don't need 3 arrays. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Salvatore Mesoraca --- drivers/scsi/eata.c | 40 ++-- 1 file changed, 26 insertions(+

Re: [PATCH v2] scsi: eata: drop VLA in reorder()

2018-03-12 13:48 GMT+01:00 Salvatore Mesoraca : > Avoid 3 VLAs[1] by using a single dinamically allocated array > and some helper variables: we don't need 3 arrays. > > [1] https://lkml.org/lkml/2018/3/7/621 > > Signed-off-by: Salvatore Mesoraca > --- &

Re: [PATCH] net: llc: drop VLA in llc_sap_mcast()

2018-03-12 16:14 GMT+01:00 David Miller : > From: Salvatore Mesoraca > Date: Sun, 11 Mar 2018 22:12:04 +0100 > >> Avoid a VLA[1] by using a real constant expression instead of a variable. >> The compiler should be able to optimize the original code and avoid using >>

[PATCH v2] scsi: eata: drop VLA in reorder()

Avoid 3 VLAs[1] by using a single dinamically allocated array and some helper variables: we don't need 3 arrays. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Salvatore Mesoraca --- drivers/scsi/eata.c | 40 ++-- 1 file changed, 26 insertions(+

Re: [PATCH 1/2] net: rds: drop VLA in rds_for_each_conn_info()

2018-03-12 8:06 GMT+01:00 santosh.shilim...@oracle.com : > On 3/11/18 2:07 PM, Salvatore Mesoraca wrote: >> >> Avoid VLA[1] by using an already allocated buffer passed >> by the caller. >> >> [1] https://lkml.org/lkml/2018/3/7/621 >> >> Signed-off-by: S

Re: [PATCH] scsi: eata: drop VLA in reorder()

2018-03-12 4:08 GMT+01:00 Tobin C. Harding : > Adding kernel newbies to CC because I pose a few noob questions :) > Adding Linus to CC because I quoted him. > > On Sun, Mar 11, 2018 at 10:06:58PM +0100, Salvatore Mesoraca wrote: >> n_ready will always be less than or equal to MA

[PATCH] net: llc: drop VLA in llc_sap_mcast()

. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Salvatore Mesoraca --- net/llc/llc_sap.c | 7 --- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/net/llc/llc_sap.c b/net/llc/llc_sap.c index d90928f..a7f7b8f 100644 --- a/net/llc/llc_sap.c +++ b/net/llc/llc_sap.c @@ -394,8

[PATCH 2/2] net: rds: drop VLA in rds_walk_conn_path_info()

Avoid VLA[1] by using an already allocated buffer passed by the caller. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Salvatore Mesoraca --- net/rds/connection.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/rds/connection.c b/net/rds/connection.c index

[PATCH 1/2] net: rds: drop VLA in rds_for_each_conn_info()

Avoid VLA[1] by using an already allocated buffer passed by the caller. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Salvatore Mesoraca --- net/rds/connection.c | 2 +- net/rds/ib.c | 3 +++ net/rds/rds.h| 1 + 3 files changed, 5 insertions(+), 1 deletion(-) diff

[PATCH] scsi: eata: drop VLA in reorder()

n_ready will always be less than or equal to MAX_MAILBOXES. So we avoid a VLA[1] and use fixed-length arrays instead. [1] https://lkml.org/lkml/2018/3/7/621 Signed-off-by: Salvatore Mesoraca --- drivers/scsi/eata.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers

Re: [PATCH v4] Protected FIFOs and regular files

2018-02-27 21:22 GMT+01:00 Kees Cook : > On Tue, Feb 27, 2018 at 11:47 AM, Kees Cook wrote: >> On Tue, Feb 27, 2018 at 3:00 AM, Salvatore Mesoraca >> wrote: >>> Disallows open of FIFOs or regular files not owned by the user in world >>> writable sticky director

[PATCH v4] Protected FIFOs and regular files

n of this particular attack vector. In fact, before hardlinks/symlinks restrictions, fifos/regular files weren't the favorite vehicle to exploit them. Suggested-by: Solar Designer Suggested-by: Kees Cook Signed-off-by: Salvatore Mesoraca --- Notes: Changes in v3: - Fixed format

Re: [kernel-hardening] [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-12-07 22:47 GMT+01:00 Solar Designer : > On Tue, Dec 05, 2017 at 11:21:00AM +0100, Salvatore Mesoraca wrote: > > 2017-11-30 17:30 GMT+01:00 Solar Designer : > > > $ strace flock /tmp/lockfile -c cat > > > [...] > > > open("/tmp/lockfile", O_RD

Re: [kernel-hardening] [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-30 17:30 GMT+01:00 Solar Designer : > Replying to Salvatore and Ian at once, and CC'ing H. Peter Anvin and > Karel Zak for util-linux flock(1). > > On Thu, Nov 30, 2017 at 02:57:06PM +, Ian Campbell wrote: > > On Thu, 2017-11-30 at 15:39 +0100, Salvatore Mesora

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-27 1:26 GMT+01:00 Solar Designer : > On Fri, Nov 24, 2017 at 12:43:47PM +0100, Salvatore Mesoraca wrote: > > 2017-11-24 11:53 GMT+01:00 David Laight : > > > From: Alan Cox > > >> Sent: 22 November 2017 16:52 > > >> > > >> On Wed, 22 Nov

Re: [PATCH v3 2/2] Protected O_CREAT open in sticky directories

2017-11-24 12:53 GMT+01:00 David Laight : > From: Salvatore Mesoraca [mailto:s.mesorac...@gmail.com] >> Sent: 24 November 2017 11:44 >> >> 2017-11-24 11:53 GMT+01:00 David Laight : >> > From: Alan Cox >> >> Sent: 22 November 2017 16:52 >> >> &g

  1   2   >