| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 21 Dec 2023 18:50:35 +0000
From: Mark Brown <broonie@...nel.org>
To: Paul Moore <paul@...l-moore.com>
Cc: Aishwarya TCV <aishwarya.tcv@....com>,
linux-security-module@...r.kernel.org, selinux@...r.kernel.org,
Casey Schaufler <casey@...aufler-ca.com>,
John Johansen <john.johansen@...onical.com>,
Mickaël Salaün <mic@...ikod.net>,
Kees Cook <keescook@...omium.org>,
"Gustavo A. R. Silva" <gustavoars@...nel.org>,
linux-hardening@...r.kernel.org
Subject: Re: [RFC PATCH 3/3] lsm: consolidate buffer size handling into
lsm_fill_user_ctx()
On Thu, Dec 21, 2023 at 10:21:04AM -0500, Paul Moore wrote:
> On Thu, Dec 21, 2023 at 8:01 AM Mark Brown <broonie@...nel.org> wrote:
> > On Wed, Dec 20, 2023 at 08:40:24PM -0500, Paul Moore wrote:
> > > Suggestions on how to annotate the struct, or the code doing the
> > > memcpy() are welcome.
> > You're looking for a __counted_by() annotation here I think.
> Can you verify and submit a patch for that? I'm asking because my
> build/toolchain configuration never produced these warnings/errors
> during my testing.
Huh, actually it's not __counted_by() since this shows up with
arm64/gcc-10 (and some other arches) which doesn't have that. I'll
submit the __counted_by() patch anyway since it's clearly a good
annotation but it doesn't actually shut the warning up in this case.
Adding the hardening people, and I'll have a further look.
You can reproduce with
tuxmake -r docker -k defconfig -a arm64 -t gcc-10
using https://www.tuxmake.org/
Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)
Powered by blists - more mailing lists