lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <202309291643.BF67044DA@keescook> Date: Fri, 29 Sep 2023 16:43:53 -0700 From: Kees Cook <keescook@...omium.org> To: Song Liu <song@...nel.org> Cc: Jens Axboe <axboe@...nel.dk>, linux-raid@...r.kernel.org, Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, Tom Rix <trix@...hat.com>, linux-kernel@...r.kernel.org, llvm@...ts.linux.dev, linux-hardening@...r.kernel.org Subject: Re: [PATCH] md/md-linear: Annotate struct linear_conf with __counted_by On Fri, Sep 29, 2023 at 04:40:13PM -0700, Song Liu wrote: > On Fri, Sep 29, 2023 at 12:21 PM Kees Cook <keescook@...omium.org> wrote: > > > > On Fri, 15 Sep 2023 13:03:28 -0700, Kees Cook wrote: > > > Prepare for the coming implementation by GCC and Clang of the __counted_by > > > attribute. Flexible array members annotated with __counted_by can have > > > their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS > > > (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family > > > functions). > > > > > > As found with Coccinelle[1], add __counted_by for struct linear_conf. > > > Additionally, since the element count member must be set before accessing > > > the annotated flexible array member, move its initialization earlier. > > > > > > [...] > > > > Applied to for-next/hardening, thanks! > > > > [1/1] md/md-linear: Annotate struct linear_conf with __counted_by > > https://git.kernel.org/kees/c/9add7681e09b > > Hmm.. > > Jens pulled this into his for-next branch and for-6.7/block branch > earlier today: > > https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git/commit/?h=for-next&id=e887544d7620f1d3cef017e45df7bc625182caff > > Do we need to do anything about this (drop one of them)? Whoops! Sorry, I hadn't seen it picked up. I'll drop it from my tree. Thanks! -Kees -- Kees Cook
Powered by blists - more mailing lists