| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 26 Jul 2017 10:10:33 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Kees Cook <keescook@...omium.org>
Cc: Andrew Morton <akpm@...ux-foundation.org>,
Daniel Micay <danielmicay@...il.com>,
Dan Williams <dan.j.williams@...el.com>,
Mika Westerberg <mika.westerberg@...ux.intel.com>,
Al Viro <viro@...iv.linux.org.uk>,
David Howells <dhowells@...hat.com>,
Heikki Krogerus <heikki.krogerus@...ux.intel.com>,
Bjorn Helgaas <bhelgaas@...gle.com>,
Arnd Bergmann <arnd@...db.de>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Mauro Carvalho Chehab <mchehab@...nel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] fortify: Use WARN instead of BUG for now
On Tue, Jul 25, 2017 at 8:50 PM, Kees Cook <keescook@...omium.org> wrote:
> +
> +void fortify_read_overflow(const char *func)
> {
> - pr_emerg("detected buffer overflow in %s\n", name);
> - BUG();
> + WARN(1, "detected read beyond size of object passed as 1st parameter in %s\n", func);
> }
Side note: have you actually checked the code generation of this all?
In particular, do you have any reason to use the out-of-line
functions? Our WARN() code isn't horrible, and isn't likely to be
noticeably worse than your own explicit out-of-lining. And you'd get
the "unlikely()" for free, so you'll possibly get smaller code that
runs better too.
And it would even *look* better. This:
if (p_size < size)
fortify_read_overflow(__func__);
would become
WARN(p_size < size, "kmemdup size overflow");
or something.
Linus
Powered by blists - more mailing lists