lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 2 Feb 2024 17:08:48 +0100
From: Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
To: Kees Cook <keescook@...omium.org>
Cc: Marco Elver <elver@...gle.com>, linux-hardening@...r.kernel.org, 
	Justin Stitt <justinstitt@...gle.com>, Miguel Ojeda <ojeda@...nel.org>, 
	Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, 
	Peter Zijlstra <peterz@...radead.org>, Hao Luo <haoluo@...gle.com>, 
	Przemek Kitszel <przemyslaw.kitszel@...el.com>, Fangrui Song <maskray@...gle.com>, 
	Masahiro Yamada <masahiroy@...nel.org>, Nicolas Schier <nicolas@...sle.eu>, 
	Bill Wendling <morbo@...gle.com>, Andrey Konovalov <andreyknvl@...il.com>, 
	Jonathan Corbet <corbet@....net>, x86@...nel.org, linux-kernel@...r.kernel.org, 
	linux-kbuild@...r.kernel.org, llvm@...ts.linux.dev, linux-doc@...r.kernel.org, 
	netdev@...r.kernel.org, linux-crypto@...r.kernel.org, 
	kasan-dev@...glegroups.com, linux-acpi@...r.kernel.org
Subject: Re: [PATCH v2 2/6] ubsan: Reintroduce signed and unsigned overflow sanitizers

On Fri, Feb 2, 2024 at 1:17 PM Kees Cook <keescook@...omium.org> wrote:
>
> Perhaps I should hold off on bringing the unsigned sanitizer back? I was
> hoping to work in parallel with the signed sanitizer, but maybe this
> isn't the right approach?

If you can do anything to keep it in-tree, I think it would be nice so
that others can easily use it to test the tooling and to start to
clean up cases. A per-subsystem opt-in like Marco says could be a way,
and you could perhaps do one very small subsystem or similar to see
how it would look like.

Something that could also help would be to split the cases even
further (say, only overflows and not underflows), but is that a
possibility with the current tooling?

Thanks for working on this, Kees!

Cheers,
Miguel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ