lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 5 Jul 2017 14:56:01 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Arnd Bergmann <arnd@...db.de>
Cc:     Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        Kees Cook <keescook@...omium.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Jean Delvare <jdelvare@...e.de>
Subject: Re: [GIT PULL] gcc-plugins updates for v4.13-rc1

On Wed, Jul 5, 2017 at 2:48 PM, Arnd Bergmann <arnd@...db.de> wrote:
>
> This particular example should be handled by
> scripts/gcc-plugins/structleak_plugin.c, right?

.. probably. But we have a ton of other uses that just pass in
"result" pointers (not structs), which admittedly don't have the
padding issue, but do have the exact same issue otherwise.

We have those random "initialize to zero by hand", and I wouldn't
actually worry about most of the common cases. KASAN will find them
anyway.

It tends to be the random odd ioctl-like things that nobody finds
because it's only uninitialized for some silly error case that never
triggers (or some unusual driver that needs to be loaded).

                 Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ