| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <202206230924.A8A4D005@keescook>
Date: Thu, 23 Jun 2022 09:26:00 -0700
From: Kees Cook <keescook@...omium.org>
To: "Gustavo A. R. Silva" <gustavoars@...nel.org>
Cc: "Martin K. Petersen" <martin.petersen@...cle.com>,
linux-scsi@...r.kernel.org, linux-kernel@...r.kernel.org,
Adaptec OEM Raid Solutions <aacraid@...rosemi.com>,
"James E.J. Bottomley" <jejb@...ux.ibm.com>,
linux-hardening@...r.kernel.org
Subject: Re: [PATCH 0/8] scsi: aacraid: Replace one-element arrays with
flexible-array members
On Mon, Mar 14, 2022 at 11:22:23PM -0500, Gustavo A. R. Silva wrote:
> On Tue, Mar 15, 2022 at 12:02:13AM -0400, Martin K. Petersen wrote:
> >
> > Gustavo,
> >
> > > Friendly ping: who can review or comment on this series, please?
> >
> > I'm afraid I don't have any hardware to test it on and the generated
> > output differs substantially from the original code.
>
> Yeah; this series requires careful review from the people that
> knows the code better.
>
> It took me a day of work to go through all the places that needed
> to be changed due to the flexible array transformation. However,
> due to the kind of changes, it'd be great to have a second opinion
> or at least someone that could take a look at the changes.
If the int/size_t changes are separated from the array size change, it's
easier to see the array size change is a binary no-op. (i.e. diffoscope
shows no executable changes.)
I'd recommend splitting the int/size_t changes from the array size
changes.
--
Kees Cook
Powered by blists - more mailing lists