[Xen-devel] [PATCH 1/3] treewide: Lift switch variables out of switches

: warning: statement will never be executed [-Wswitch-unreachable] siginfo_t si; ^~ Signed-off-by: Kees Cook --- arch/x86/xen/enlighten_pv.c | 7 --- drivers/char/pcmcia/cm4000_cs.c | 2 +- drivers/char/ppdev.c | 20

[Xen-devel] [PATCH 3/3] lib: Introduce test_stackinit module

kinit: small_hole_runtime_all ok test_stackinit: big_hole_runtime_all ok test_stackinit: u8 ok test_stackinit: u16 ok test_stackinit: u32 ok test_stackinit: u64 ok test_stackinit: char_array ok test_stackinit: small_hole ok test_stackinit: big_hole ok test_stackinit: user ok test_stackinit: failures: 4 Signed-off-by:

[Xen-devel] [PATCH 0/3] gcc-plugins: Introduce stackinit plugin

/lkml.kernel.org/r/CA+55aFykZL+cSBJjBBts7ebEFfyGPdMzTmLSxKnT_29=j94...@mail.gmail.com Kees Cook (3): treewide: Lift switch variables out of switches gcc-plugins: Introduce stackinit plugin lib: Introduce test_stackinit module arch/x86/xen/enlighten_pv.c | 7 +- d

[Xen-devel] [PATCH 2/3] gcc-plugins: Introduce stackinit plugin

on't depend on being zero. :) [1] https://gcc.gnu.org/ml/gcc-patches/2014-06/msg00615.html [2] https://lkml.kernel.org/r/CA+55aFykZL+cSBJjBBts7ebEFfyGPdMzTmLSxKnT_29=j94...@mail.gmail.com Signed-off-by: Kees Cook --- scripts/Makefile.gcc-plugins | 6 ++ scripts/gcc-plugin

Re: [Xen-devel] [Intel-gfx] [PATCH 1/3] treewide: Lift switch variables out of switches

On Thu, Jan 24, 2019 at 4:44 AM Jani Nikula wrote: > > On Wed, 23 Jan 2019, Edwin Zimmerman wrote: > > On Wed, 23 Jan 2019, Jani Nikula wrote: > >> On Wed, 23 Jan 2019, Greg KH wrote: > >> > On Wed, Jan 23, 2019 at 03:03:47AM -0800, Kees Cook wrote: >

Re: [Xen-devel] [Intel-gfx] [PATCH 1/3] treewide: Lift switch variables out of switches

ts > for both. GCC is reasonable at this. The main issue, though, was most of these places were using the variables in multiple case statements, so they couldn't be limited to a single block (or they'd need to be manually repeated in each block, which is even more ugly, IMO). Whatever the consensus, I'm happy to tweak the patch. Thanks! -- Kees Cook ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [PATCH v6 00/27] x86: PIE support and option to extend KASLR randomization

h PIE working, the relocations are more sane and boot-time reordering becomes possible (or at least, it becomes the same logically as doing the work on modules, etc). -- Kees Cook ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenp

Re: [Xen-devel] [PATCH 0/3] gcc-plugins: Introduce stackinit plugin

On Mon, Jan 28, 2019 at 4:12 PM Alexander Popov wrote: > > On 23.01.2019 14:03, Kees Cook wrote: > > This adds a new plugin "stackinit" that attempts to perform unconditional > > initialization of all stack variables > > Hello Kees! Hello everyone! > > I

Re: [Xen-devel] [PATCH RFC v1 02/12] mm/usercopy.c: Prepare check_page_span() for PG_reserved changes

7;t change. Once we no > > longer set these pages to reserved, we can rework this function to > > perform separate checks for ZONE_DEVICE (split from PG_reserved checks). > > > > Cc: Kees Cook > > Cc: Andrew Morton > > Cc: Kate Stewart > > Cc: Allison

Re: [Xen-devel] [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y

29f57fc7 > > or making THREADINFO_GFP imply __GFP_ZERO. This is true in Linus's tree now. Should be trivial to backport: https://git.kernel.org/linus/e01e80634ecdd -Kees -- Kees Cook Pixel Security ___ Xen-devel mailing list Xen-devel@lists.xenproject.org https://lists.xenproject.org/mailman/listinfo/xen-devel

Re: [Xen-devel] [RESEND] Spectre-v2 (IBPB/IBRS) and SSBD fixes for 4.4.y

On Thu, Aug 2, 2018 at 12:22 PM, Srivatsa S. Bhat wrote: > On 7/26/18 4:09 PM, Kees Cook wrote: >> On Tue, Jul 24, 2018 at 3:02 PM, Jiri Kosina wrote: >>> On Tue, 24 Jul 2018, Srivatsa S. Bhat wrote: >>> >>>> However, if you are proposing that you

[Xen-devel] [PATCH] x86/xen: Distribute switch variables for initialization

ction ‘xen_write_msr_safe’: arch/x86/xen/enlighten_pv.c:904:12: warning: statement will never be executed [-Wswitch-unreachable] 904 | unsigned which; |^ [1] https://bugs.llvm.org/show_bug.cgi?id=44916 Signed-off-by: Kees Cook --- arch/x86/xen/enlighten_pv.c |7 --- 1 fi

Re: [Xen-devel] [PATCH] x86/xen: Distribute switch variables for initialization

On Thu, Feb 20, 2020 at 11:33:41AM -0500, Boris Ostrovsky wrote: > > > On 2/20/20 1:37 AM, Jürgen Groß wrote: > > On 20.02.20 07:23, Kees Cook wrote: > >> Variables declared in a switch statement before any case statements > >> cannot be automatically initiali

Re: [PATCH 000/141] Fix fall-through warnings for Clang

ngs are supposed to warn about issues that could > be bugs. Falling through to default: break; can hardly be a bug?! It's certainly a place where the intent is not always clear. I think this makes all the cases unambiguous, and doesn't impact the machine code, since the compiler will happily optimize away any behavioral redundancy. -- Kees Cook

Re: [PATCH 000/141] Fix fall-through warnings for Clang

On Fri, Nov 20, 2020 at 11:51:42AM -0800, Jakub Kicinski wrote: > On Fri, 20 Nov 2020 11:30:40 -0800 Kees Cook wrote: > > On Fri, Nov 20, 2020 at 10:53:44AM -0800, Jakub Kicinski wrote: > > > On Fri, 20 Nov 2020 12:21:39 -0600 Gustavo A. R. Silva wrote: > > > > This

Re: [PATCH 000/141] Fix fall-through warnings for Clang

On Fri, Nov 20, 2020 at 11:51:42AM -0800, Jakub Kicinski wrote: > On Fri, 20 Nov 2020 11:30:40 -0800 Kees Cook wrote: > > On Fri, Nov 20, 2020 at 10:53:44AM -0800, Jakub Kicinski wrote: > > > On Fri, 20 Nov 2020 12:21:39 -0600 Gustavo A. R. Silva wrote: > > > > This

Re: [PATCH 000/141] Fix fall-through warnings for Clang

On Mon, Nov 23, 2020 at 05:32:51PM -0800, Nick Desaulniers wrote: > On Sun, Nov 22, 2020 at 8:17 AM Kees Cook wrote: > > > > On Fri, Nov 20, 2020 at 11:51:42AM -0800, Jakub Kicinski wrote: > > > If none of the 140 patches here fix a real bug, and there is no change >

Re: [Intel-wired-lan] [PATCH 000/141] Fix fall-through warnings for Clang

inal series may be lower, but there are still bugs being found from it -- we need to finish this and shut the door on it for good.) -- Kees Cook

Re: [Intel-wired-lan] [PATCH 000/141] Fix fall-through warnings for Clang

-through All switch/case blocks must end in one of: break; fallthrough; continue; goto ; return [expression]; [3] https://cwe.mitre.org/data/definitions/484.html -- Kees Cook

[PATCH] xen: Replace lkml.org links with lore

As started by commit 05a5f51ca566 ("Documentation: Replace lkml.org links with lore"), replace lkml.org links with lore to better use a single source that's more likely to stay available long-term. Signed-off-by: Kees Cook --- drivers/xen/xen-acpi-processor.c | 3 ++- 1

[PATCH 1/4] x86/entry: Work around Clang __bdos() bug

esaulniers Cc: xen-devel@lists.xenproject.org Cc: l...@lists.linux.dev Signed-off-by: Kees Cook --- arch/x86/xen/enlighten_pv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/arch/x86/xen/enlighten_pv.c b/arch/x86/xen/enlighten_pv.c index 0ed2e487a693..9b1a58dda935 100644

Re: [PATCH][next] xen: Replace one-element array with flexible-array member

hub.com/KSPP/linux/issues/255 > Link: https://gcc.gnu.org/pipermail/gcc-patches/2022-October/602902.html [1] > Signed-off-by: Gustavo A. R. Silva Reviewed-by: Kees Cook -- Kees Cook

Re: [PATCH v6 11/41] mm: Introduce pte_mkwrite_kernel()

denbrand > Signed-off-by: Rick Edgecombe I think it's a little weird that it's the only PTE helper taking a vma, but it does seem like the right approach. Reviewed-by: Kees Cook -- Kees Cook

Re: [PATCH v6 13/41] mm: Make pte_mkwrite() take a VMA

Cc: linux...@lists.infradead.org > Cc: xen-devel@lists.xenproject.org > Cc: linux-a...@vger.kernel.org > Cc: linux...@kvack.org > Tested-by: Pengfei Xu > Suggested-by: David Hildenbrand > Signed-off-by: Rick Edgecombe I'm not an arch maintainer, but it looks like a correct tree-wide refactor. Reviewed-by: Kees Cook -- Kees Cook

Re: [RFC][PATCH 2/6] x86/power: Inline write_cr[04]()

On Thu, Jan 12, 2023 at 03:31:43PM +0100, Peter Zijlstra wrote: > Since we can't do CALL/RET until GS is restored and CR[04] pinning is > of dubious value in this code path, simply write the stored values. > > Signed-off-by: Peter Zijlstra (Intel) Reviewed-by: Kees Cook -- Kees Cook

Re: [PATCH][next] xen/pci: Avoid -Wflex-array-member-not-at-end warning

rr, 1); > + > + add->seg = pci_domain_nr(pci_dev->bus); > + add->bus = pci_dev->bus->number; > + add->devfn = pci_dev->devfn; > > #ifdef CONFIG_ACPI > acpi_handle handle; Looks correct to me! Reviewed-by: Kees Cook -- Kees Cook

Re: Fwd: UBSAN: index 1 is out of range for type 'xen_netif_rx_sring_entry [1]'

+0x2c/0x50 > > > > > [   26.445268]  inet_sendmsg+0x42/0x80 > > > > > [   26.445268]  sock_write_iter+0x160/0x180 > > > > > [   26.445274]  vfs_write+0x397/0x440 > > > > > [   26.445274]  ksys_write+0xc9/0x100 > > > > > [   26.445274]  __x64_sys_write+0x19/0x30 > > > > > [   26.445274]  do_syscall_64+0x5c/0x90 > > > > > [   26.445287]  ? syscall_exit_to_user_mode+0x1b/0x50 > > > > > [   26.445290]  ? do_syscall_64+0x68/0x90 > > > > > [   26.445290]  ? do_syscall_64+0x68/0x90 > > > > > [   26.445294]  ? do_syscall_64+0x68/0x90 > > > > > [   26.445294]  ? syscall_exit_to_user_mode+0x1b/0x50 > > > > > [   26.445298]  ? do_syscall_64+0x68/0x90 > > > > > [   26.445300]  ? exc_page_fault+0x94/0x1b0 > > > > > [   26.445302]  entry_SYSCALL_64_after_hwframe+0x6e/0xd8 > > > > > [   26.445306] RIP: 0033:0x7f26c4c3d473 > > > > > [   26.445318] Code: 8b 15 21 2a 0e 00 f7 d8 64 89 02 48 c7 > > > > > c0 ff ff ff ff eb b7 0f 1f 00 64 8b 04 25 18 00 00 00 85 c0 > > > > > 75 14 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 55 c3 0f > > > > > 1f 40 00 48 83 ec 28 48 89 54 24 18 > > > > > [   26.445321] RSP: 002b:7ffdee7b5528 EFLAGS: 0246 > > > > > ORIG_RAX: 0001 > > > > > [   26.445321] RAX: ffda RBX: 0700 > > > > > RCX: 7f26c4c3d473 > > > > > [   26.445321] RDX: 0700 RSI: 55567032e230 > > > > > RDI: 0004 > > > > > [   26.445321] RBP: 555670313d70 R08: fff0 > > > > > R09: > > > > > [   26.445321] R10: R11: 0246 > > > > > R12: 55566fcb2768 > > > > > [   26.445321] R13: R14: 0004 > > > > > R15: 55566fc67a80 > > > > > [   26.445332]  > > > > > [   26.445333] > > > > > > > > > > > > > See Bugzilla for the full thread and attached dmesg. > > > > > > > > Anyway, I'm adding it to regzbot: > > > > > > > > #regzbot introduced: 8446066bf8c1f9f > > > > https://bugzilla.kernel.org/show_bug.cgi?id=217693 > > > > > > > > Thanks. > > > > > > > > [1]: https://bugzilla.kernel.org/show_bug.cgi?id=217693 > > > > > > I doubt it is 8446066bf8c1f9f that causes this. Based on the comment > > > next to the 'ring[1]' in DEFINE_RING_TYPES() in > > > include/xen/interface/io/ring.h, this is probably caused/exposed by > > > commit df8fc4e934c1 ("kbuild: Enable -fstrict-flex-arrays=3") in > > > 6.5-rc1, which causes that array to no longer be a flexible array but an > > > array with one element, which would cause UBSAN to complain about an > > > array access past index one. Adding Kees and Gustavo. > > > > I agree. > > > > > > > > Unfortunately, it seems this file is vendored from Xen, so I assume it > > > would need to be fixed there then pulled into Linux: > > > > > > https://github.com/xen-project/xen/tree/master/xen/include/public/io/ring.h > > > > No, I don't think it will be possible to change this in the Xen tree easily. > > > > Especially the public Xen headers are meant to be compatible with a large > > variety of compilers, including rather old ones. > > > > This means that ring[1] can't be easily swapped with ring[], as that would > > cause compile time errors with some compilers. > > > > Just modifying the Linux side header is an option, though, as we don't need > > the same wide range of supported compilers as Xen. > > > > I'll send a patch for that purpose. > > Oh, in fact there is a way in Xen to do that correctly. It schould be enough > to > use ring[XEN_FLEX_ARRAY_DIM], which will do the right thing. > > So I'll write a Xen patch first, after all. Perfect! I went to go look, and yes, this is good: /* Define a variable length array (depends on compiler). */ #if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 199901L #define XEN_FLEX_ARRAY_DIM #elif defined(__GNUC__) #define XEN_FLEX_ARRAY_DIM 0 #else #define XEN_FLEX_ARRAY_DIM 1 /* variable size */ #endif Be careful, of course, going from [1] to [], if anything is using sizeof() on the structure. Thanks for fixing this! -Kees -- Kees Cook

Re: [PATCH] ALSA: xen-front: refactor deprecated strncpy

; "security hole" For xen_snd_front_alsa_init(), "card" is already zero-initialized in snd_card_new(). For new_pcm_instance(), "pcm" is already zero-initialized in _snd_pcm_new(). So things look good to me! Reviewed-by: Kees Cook -- Kees Cook

Re: [PATCH][next] xen: privcmd: Replace zero-length array with flex-array member and use __counted_by

his results in no differences in binary output. > > Signed-off-by: Gustavo A. R. Silva Looks right to me. I can see the allocation: size = struct_size(kioreq, ports, ioeventfd->vcpus); kioreq = kzalloc(size, GFP_KERNEL); if (!kioreq) return ERR

[PATCH 00/32] Introduce flexible array struct memcpy() helpers

s. Also available here: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=flexcpy/next-20220502 -Kees [1] https://lwn.net/Articles/864521/ Kees Cook (32): netlink: Avoid memcpy() across flexible array boundary Introduce flexible array struct memcpy() helpers flex_array: Add Kunit

[PATCH 02/32] Introduce flexible array struct memcpy() helpers

] https://www.open-std.org/jtc1/sc22/wg14/www/docs/n1990.htm Cc: "Gustavo A. R. Silva" Cc: Keith Packard Cc: Francis Laniel Cc: Daniel Axtens Cc: Dan Williams Cc: Vincenzo Frascino Cc: Guenter Roeck Cc: Daniel Vetter Cc: Tadeusz Struk Signed-off-by: Kees Cook --- include/linux/

[PATCH 11/32] nl80211: Use mem_to_flex_dup() with struct cfg80211_cqm_config

" Cc: Jakub Kicinski Cc: Paolo Abeni Cc: linux-wirel...@vger.kernel.org Cc: net...@vger.kernel.org Cc: Eric Dumazet Signed-off-by: Kees Cook --- net/wireless/core.h| 4 ++-- net/wireless/nl80211.c | 15 --- 2 files changed, 6 insertions(+), 13 deletions(-) diff --git a/ne

[PATCH 14/32] af_unix: Use mem_to_flex_dup() with struct unix_address

umazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: Kuniyuki Iwashima Cc: Alexei Starovoitov Cc: Cong Wang Cc: Al Viro Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- include/net/af_unix.h | 14 -- net/unix/af_unix.c| 7 ++- 2 files changed, 14 insertions(+), 7 deletion

[PATCH 01/32] netlink: Avoid memcpy() across flexible array boundary

mus Villemoes Link: https://lore.kernel.org/lkml/d7251d92-150b-5346-6237-52afc154b...@rasmusvillemoes.dk Cc: "David S. Miller" Cc: Jakub Kicinski Cc: Rich Felker Cc: Eric Dumazet Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- include/uapi/linux/netlink.h | 1 + net/netlink/af_netlin

[PATCH 20/32] ASoC: sigmadsp: Use mem_to_flex_dup() with struct sigmadsp_data

" Cc: Liam Girdwood Cc: Mark Brown Cc: Jaroslav Kysela Cc: Takashi Iwai Cc: alsa-de...@alsa-project.org Signed-off-by: Kees Cook --- sound/soc/codecs/sigmadsp.c | 11 --- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/sound/soc/codecs/sigmadsp.c b/sound/soc/codecs/

[PATCH 07/32] iwlwifi: calib: Use mem_to_flex_dup() with struct iwl_calib_result

er" Cc: Jakub Kicinski Cc: Paolo Abeni Cc: Gregory Greenman Cc: Eric Dumazet Cc: linux-wirel...@vger.kernel.org Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/net/wireless/intel/iwlwifi/dvm/calib.c | 15 +++ 1 file changed, 7 insertions(+), 8 deletions(-) d

[PATCH 03/32] flex_array: Add Kunit tests

Add tests for the new flexible array structure helpers. These can be run with: make ARCH=um mrproper ./tools/testing/kunit/kunit.py config ./tools/testing/kunit/kunit.py run flex_array Cc: David Gow Cc: kunit-...@googlegroups.com Signed-off-by: Kees Cook --- lib/Kconfig.debug | 12

[PATCH 04/32] fortify: Add run-time WARN for cross-field memcpy()

ish to make these checks stop any overflows, they can use a big hammer and set the sysctl panic_on_warn=1. Cc: Nathan Chancellor Cc: Nick Desaulniers Cc: Tom Rix Cc: linux-harden...@vger.kernel.org Cc: l...@lists.linux.dev Signed-off-by: Kees Cook --- include/linux/fortify-string.h | 70 +

[PATCH 06/32] iwlwifi: calib: Prepare to use mem_to_flex_dup()

dy Lavr Cc: linux-wirel...@vger.kernel.org Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/net/wireless/intel/iwlwifi/dvm/agn.h | 2 +- drivers/net/wireless/intel/iwlwifi/dvm/calib.c | 10 +- drivers/net/wireless/intel/iwlwifi/dvm/ucode.c | 8 3 files changed, 10 i

[PATCH 12/32] cfg80211: Use mem_to_flex_dup() with struct cfg80211_bss_ies

" Cc: Jakub Kicinski Cc: Paolo Abeni Cc: Eric Dumazet Cc: linux-wirel...@vger.kernel.org Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- include/net/cfg80211.h | 4 ++-- net/wireless/scan.c| 21 ++--- 2 files changed, 8 insertions(+), 17 deletions(-) di

[PATCH 27/32] KEYS: Use mem_to_flex_dup() with struct user_key_payload

: James Morris Cc: "Serge E. Hallyn" Cc: keyri...@vger.kernel.org Cc: linux-security-mod...@vger.kernel.org Signed-off-by: Kees Cook --- include/keys/user-type.h | 4 ++-- security/keys/user_defined.c | 7 ++- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/include

[PATCH 28/32] selinux: Use mem_to_flex_dup() with xfrm and sidtab

sidtab_str_cache Cc: Steffen Klassert Cc: Herbert Xu Cc: "David S. Miller" Cc: Paul Moore Cc: Stephen Smalley Cc: Eric Paris Cc: Nick Desaulniers Cc: Xiu Jianfeng Cc: "Christian Göttsche" Cc: net...@vger.kernel.org Cc: seli...@vger.kernel.org Signed-off-by: Kees Cook --- inclu

[PATCH 10/32] wcn36xx: Use mem_to_flex_dup() with struct wcn36xx_hal_ind_msg

David S. Miller" Cc: Eric Dumazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: wcn3...@lists.infradead.org Cc: linux-wirel...@vger.kernel.org Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/net/wireless/ath/wcn36xx/smd.c | 8 ++-- drivers/net/wireless/ath/wcn36xx/smd.h |

[PATCH 09/32] p54: Use mem_to_flex_dup() with struct p54_cal_database

: "David S. Miller" Cc: Eric Dumazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: linux-wirel...@vger.kernel.org Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/net/wireless/intersil/p54/eeprom.c | 8 ++-- drivers/net/wireless/intersil/p54/p54.h| 4 ++-- 2 files

[PATCH 18/32] firewire: Use __mem_to_flex_dup() with struct iso_interrupt_event

...@lists.sourceforge.net Signed-off-by: Kees Cook --- drivers/firewire/core-cdev.c | 7 ++- include/uapi/linux/firewire-cdev.h | 4 ++-- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/drivers/firewire/core-cdev.c b/drivers/firewire/core-cdev.c index c9fe5903725a..7e884c61e12e

[PATCH 16/32] 802/mrp: Use mem_to_flex_dup() with struct mrp_attr

umazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: Yang Yingliang Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- include/net/mrp.h | 4 ++-- net/802/mrp.c | 9 +++-- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/include/net/mrp.h b/include/net/mrp.h index 1c

[PATCH 22/32] atags_proc: Use mem_to_flex_dup() with struct buffer

: Andrew Morton Cc: Muchun Song Cc: linux-arm-ker...@lists.infradead.org Signed-off-by: Kees Cook --- arch/arm/kernel/atags_proc.c | 12 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/arch/arm/kernel/atags_proc.c b/arch/arm/kernel/atags_proc.c index 3ec2afe78423

[PATCH 21/32] soc: qcom: apr: Use mem_to_flex_dup() with struct apr_rx_buf

: linux-arm-...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/soc/qcom/apr.c | 12 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/drivers/soc/qcom/apr.c b/drivers/soc/qcom/apr.c index 3caabd873322..6cf6f6df276e 100644 --- a/drivers/soc/qcom/apr.c +++ b/drivers/soc/qcom

[PATCH 29/32] xtensa: Use mem_to_flex_dup() with struct property

Herring Cc: Frank Rowand Cc: Guenter Roeck Cc: linux-xte...@linux-xtensa.org Cc: devicet...@vger.kernel.org Signed-off-by: Kees Cook --- arch/xtensa/platforms/xtfpga/setup.c | 9 +++-- include/linux/of.h | 3 ++- 2 files changed, 5 insertions(+), 7 deletions(-) diff --git

[PATCH 15/32] 802/garp: Use mem_to_flex_dup() with struct garp_attr

umazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: Hulk Robot Cc: Yang Yingliang Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- include/net/garp.h | 4 ++-- net/802/garp.c | 9 +++-- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/include/net/garp.h b/include/net/ga

[PATCH 08/32] iwlwifi: mvm: Use mem_to_flex_dup() with struct ieee80211_key_conf

vid S. Miller" Cc: Jakub Kicinski Cc: Paolo Abeni Cc: Johannes Berg Cc: Gregory Greenman Cc: Eric Dumazet Cc: linux-wirel...@vger.kernel.org Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/net/wireless/intel/iwlwifi/mvm/sta.c | 8 ++-- include/net/

Re: [PATCH 01/32] netlink: Avoid memcpy() across flexible array boundary

On Tue, May 03, 2022 at 10:31:05PM -0500, Gustavo A. R. Silva wrote: > On Tue, May 03, 2022 at 06:44:10PM -0700, Kees Cook wrote: > [...] > > diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c > > index 1b5a9c2e1c29..09346aee1022 100644 > > --- a/net/netlin

[PATCH 05/32] brcmfmac: Use mem_to_flex_dup() with struct brcmf_fweh_queue_item

: Hante Meuleman Cc: Kalle Valo Cc: "David S. Miller" Cc: Eric Dumazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: linux-wirel...@vger.kernel.org Cc: brcm80211-dev-list@broadcom.com Cc: sha-cyfmac-dev-l...@infineon.com Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- .../ne

[PATCH 19/32] afs: Use mem_to_flex_dup() with struct afs_acl

-...@lists.infradead.org Signed-off-by: Kees Cook --- fs/afs/internal.h | 4 ++-- fs/afs/xattr.c| 7 ++- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/fs/afs/internal.h b/fs/afs/internal.h index 7a72e9c60423..83014d20b6b3 100644 --- a/fs/afs/internal.h +++ b/fs/afs

[PATCH 13/32] mac80211: Use mem_to_flex_dup() with several structs

fils_discovery_data struct unsol_bcast_probe_resp_data Cc: Johannes Berg Cc: "David S. Miller" Cc: Eric Dumazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: linux-wirel...@vger.kernel.org Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- net/mac80211/cfg.c | 22 ++---

[PATCH 17/32] net/flow_offload: Use mem_to_flex_dup() with struct flow_action_cookie

umazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: Baowen Zheng Cc: Eli Cohen Cc: Louis Peens Cc: Simon Horman Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- include/net/flow_offload.h | 4 ++-- net/core/flow_offload.c| 7 ++- 2 files changed, 4 insertions(+), 7 deletions(-) di

[PATCH 24/32] IB/hfi1: Use mem_to_flex_dup() for struct tid_rb_node

Cc: Leon Romanovsky Cc: linux-r...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/infiniband/hw/hfi1/user_exp_rcv.c | 7 ++- drivers/infiniband/hw/hfi1/user_exp_rcv.h | 4 ++-- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/drivers/infiniband/hw/hfi1/user_exp_rcv.c b

[PATCH 31/32] xenbus: Use mem_to_flex_dup() with struct read_buffer

: Stefano Stabellini Cc: xen-devel@lists.xenproject.org Signed-off-by: Kees Cook --- drivers/xen/xenbus/xenbus_dev_frontend.c | 12 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/drivers/xen/xenbus/xenbus_dev_frontend.c b/drivers/xen/xenbus/xenbus_dev_frontend.c index

[PATCH 26/32] ima: Use mem_to_flex_dup() with struct modsig

: James Morris Cc: "Serge E. Hallyn" Cc: linux-integr...@vger.kernel.org Cc: linux-security-mod...@vger.kernel.org Signed-off-by: Kees Cook --- security/integrity/ima/ima_modsig.c | 12 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/security/integrity/ima/ima_m

[PATCH 30/32] usb: gadget: f_fs: Use mem_to_flex_dup() with struct ffs_buffer

: Eugeniu Rosca Cc: John Keeping Cc: Jens Axboe Cc: Udipto Goswami Cc: Andrew Gabbasov Cc: linux-...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/usb/gadget/function/f_fs.c | 11 --- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/drivers/usb/gadget/function

[PATCH 32/32] esas2r: Use __mem_to_flex() with struct atto_ioctl

explicitly. Cc: Bradley Grove Cc: "James E.J. Bottomley" Cc: "Martin K. Petersen" Cc: linux-s...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/scsi/esas2r/atioctl.h | 1 + drivers/scsi/esas2r/esas2r_ioctl.c | 11 +++ 2 files changed, 8 insertions(+), 4 deleti

[PATCH 25/32] Drivers: hv: utils: Use mem_to_flex_dup() with struct cn_msg

Zhang Cc: Stephen Hemminger Cc: Wei Liu Cc: Dexuan Cui Cc: linux-hyp...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/hv/hv_utils_transport.c | 7 ++- include/uapi/linux/connector.h | 4 ++-- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/drivers/hv/hv_utils_tra

[PATCH 23/32] Bluetooth: Use mem_to_flex_dup() with struct hci_op_configure_data_path

: Luiz Augusto von Dentz Cc: "David S. Miller" Cc: Eric Dumazet Cc: Jakub Kicinski Cc: Paolo Abeni Cc: linux-blueto...@vger.kernel.org Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- include/net/bluetooth/hci.h | 4 ++-- net/bluetooth/hci_request.c | 9 ++--- 2 files

Re: [PATCH 10/32] wcn36xx: Use mem_to_flex_dup() with struct wcn36xx_hal_ind_msg

On Wed, May 04, 2022 at 08:42:46AM +0300, Kalle Valo wrote: > Kees Cook writes: > > > As part of the work to perform bounds checking on all memcpy() uses, > > replace the open-coded a deserialization of bytes out of memory into a > > trailing flexible array by using

Re: [PATCH 12/32] cfg80211: Use mem_to_flex_dup() with struct cfg80211_bss_ies

On Wed, May 04, 2022 at 09:28:46AM +0200, Johannes Berg wrote: > On Tue, 2022-05-03 at 18:44 -0700, Kees Cook wrote: > > > > @@ -2277,7 +2274,7 @@ cfg80211_update_notlisted_nontrans(struct wiphy > > *wiphy, > > size_t ielen = len - off

Re: [PATCH 02/32] Introduce flexible array struct memcpy() helpers

On Wed, May 04, 2022 at 09:25:56AM +0200, Johannes Berg wrote: > On Tue, 2022-05-03 at 18:44 -0700, Kees Cook wrote: > > > > For example, using the most complicated helper, mem_to_flex_dup(): > > > > /* Flexible array struct with members identified.

Re: [PATCH 03/32] flex_array: Add Kunit tests

On Wed, May 04, 2022 at 11:00:38AM +0800, David Gow wrote: > On Wed, May 4, 2022 at 9:47 AM Kees Cook wrote: > > > > Add tests for the new flexible array structure helpers. These can be run > > with: > > > > make ARCH=um mrproper > > ./tools/tes

Re: [PATCH 28/32] selinux: Use mem_to_flex_dup() with xfrm and sidtab

On Wed, May 04, 2022 at 11:14:42PM -0400, Paul Moore wrote: > On Wed, May 4, 2022 at 7:34 PM Gustavo A. R. Silva > wrote: > > > > Hi Paul, > > > > On Wed, May 04, 2022 at 06:57:28PM -0400, Paul Moore wrote: > > > On Tue, May 3, 2022 at 9:57 PM Kees Cook

Re: [PATCH 02/32] Introduce flexible array struct memcpy() helpers

> Of course, we could also end up with people writing a wrapping macro > that sets the variable to NULL before invoking the underlying macro... I hope it won't come to that! :) -- Kees Cook

Re: [PATCH 02/32] Introduce flexible array struct memcpy() helpers

On Thu, May 05, 2022 at 03:16:19PM +0200, Johannes Berg wrote: > On Wed, 2022-05-04 at 08:38 -0700, Kees Cook wrote: > > > > It seemed like requiring a structure be rearranged to take advantage of > > the "automatic layout introspection" wasn't very friendly. O

Re: [PATCH 19/32] afs: Use mem_to_flex_dup() with struct afs_acl

On Thu, May 12, 2022 at 10:41:05PM +0100, David Howells wrote: > > Kees Cook wrote: > > > struct afs_acl { > > - u32 size; > > - u8 data[]; > > + DECLARE_FLEX_ARRAY_ELEMENTS_COUNT(u32, size); > > + DECLARE_FLEX_ARRAY_ELEMENTS(u8, data); &

[PATCH 80/82] xen-netback: Refactor intentional wrap-around test

lo Abeni Cc: xen-devel@lists.xenproject.org Cc: net...@vger.kernel.org Signed-off-by: Kees Cook --- drivers/net/xen-netback/hash.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/xen-netback/hash.c b/drivers/net/xen-netback/hash.c index ff96f22648ef..69b03b4feba9 100644 --- a/drivers

Re: [PATCH 80/82] xen-netback: Refactor intentional wrap-around test

On Tue, Jan 23, 2024 at 08:55:44AM +0100, Jan Beulich wrote: > On 23.01.2024 01:27, Kees Cook wrote: > > --- a/drivers/net/xen-netback/hash.c > > +++ b/drivers/net/xen-netback/hash.c > > @@ -345,7 +345,7 @@ u32 xenvif_set_hash_mapping(struct xenvif *vif, u

[PATCH] xen/gntalloc: Replace UAPI 1-element array

Tyshchenko Cc: Gustavo A. R. Silva Cc: xen-devel@lists.xenproject.org Signed-off-by: Kees Cook --- drivers/xen/gntalloc.c | 2 +- include/uapi/xen/gntalloc.h | 5 - 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/drivers/xen/gntalloc.c b/drivers/xen/gntalloc.c index 26ffb8755ffb

Re: [PATCH] xen/efi: refactor deprecated strncpy

ince we're not really writing a string? But since this is all hard-coded, it doesn't matter. :) Reviewed-by: Kees Cook -Kees > > A suitable replacement is `strscpy` [2] due to the fact that it guarantees > NUL-termination on the destination buffer while being functionally the >

Re: [PATCH][next] xen/xenbus: Add __counted_by for struct read_buffer and use struct_size()

rray member. > > This code was found with the help of Coccinelle, and audited and > fixed manually. > > Signed-off-by: Gustavo A. R. Silva Looks good. There are going to be lots of 1-byte flex array members... Reviewed-by: Kees Cook -- Kees Cook

Re: [PATCH v1 5/9] KVM: x86: Add new hypercall to lock control registers

> pin (i.e. mark as read-only). > > > > > > These register flags should already be pinned by Linux guests, but once > > > compromised, this self-protection mechanism could be disabled, which is > > > not the case with this dedicated hypercall. > > >

[PATCH] xen/mcelog: Add __nonstring annotations for unterminated strings

;not a C string" and thereby eliminate the warning. Link: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117178 [1] Cc: Juergen Gross Cc: Stefano Stabellini Cc: Oleksandr Tyshchenko Cc: xen-devel@lists.xenproject.org Signed-off-by: Kees Cook --- include/xen/interface/xen-mca.h | 2 +- 1 file c