| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <f3e5b44f-9944-474c-9850-39e91b0ae7ea@kernel.org> Date: Wed, 8 Oct 2025 08:27:25 +0200 From: Hans Verkuil <hverkuil+cisco@...nel.org> To: Kees Cook <kees@...nel.org>, Luis Chamberlain <mcgrof@...nel.org> Cc: Malcolm Priestley <tvboxspy@...il.com>, Mauro Carvalho Chehab <mchehab@...nel.org>, Uwe Kleine-König <u.kleine-koenig@...gutronix.de>, Rusty Russell <rusty@...tcorp.com.au>, Petr Pavlu <petr.pavlu@...e.com>, Daniel Gomez <da.gomez@...nel.org>, Sami Tolvanen <samitolvanen@...gle.com>, linux-kernel@...r.kernel.org, linux-media@...r.kernel.org, linux-modules@...r.kernel.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH 0/3] module: Add compile-time check for embedded NUL characters On 08/10/2025 05:59, Kees Cook wrote: > Hi, > > A long time ago we had an issue with embedded NUL bytes in MODULE_INFO > strings[1]. While this stands out pretty strongly when you look at the > code, and we can't do anything about a binary module that just plain lies, > we never actually implemented the trivial compile-time check needed to > detect it. > > Add this check (and fix 2 instances of needless trailing semicolons that > this change exposed). > > Note that these patches were produced as part of another LLM exercise. > This time I wanted to try "what happens if I ask an LLM to go read > a specific LWN article and write a patch based on a discussion?" It > pretty effortlessly chose and implemented a suggested solution, tested > the change, and fixed new build warnings in the process. > > Since this was a relatively short session, here's an overview of the > prompts involved as I guided it through a clean change and tried to see > how it would reason about static_assert vs _Static_assert. (It wanted > to use what was most common, not what was the current style -- we may > want to update the comment above the static_assert macro to suggest > using _Static_assert directly these days...) > > I want to fix a weakness in the module info strings. Read about it > here: https://lwn.net/Articles/82305/ > > Since it's only "info" that we need to check, can you reduce the checks > to just that instead of all the other stuff? > > I think the change to the comment is redundent, and that should be > in a commit log instead. Let's just keep the change to the static assert. > > Is "static_assert" the idiomatic way to use a static assert in this > code base? I've seen _Static_assert used sometimes. > > What's the difference between the two? > > Does Linux use C11 by default now? > > Then let's not use the wrapper any more. > > Do an "allmodconfig all -s" build to verify this works for all modules > in the kernel. > > > Thanks! > > -Kees > > [1] https://lwn.net/Articles/82305/ > > Kees Cook (3): > media: dvb-usb-v2: lmedm04: Fix firmware macro definitions > media: radio: si470x: Fix DRIVER_AUTHOR macro definition > module: Add compile-time check for embedded NUL characters I reviewed the two media patches. Feel free to take this series. If you prefer that I take the two media patches, then let me know but it makes more sense in this case that you take all three. Regards, Hans > > include/linux/moduleparam.h | 3 +++ > drivers/media/radio/si470x/radio-si470x-i2c.c | 2 +- > drivers/media/usb/dvb-usb-v2/lmedm04.c | 12 ++++++------ > 3 files changed, 10 insertions(+), 7 deletions(-) >
Powered by blists - more mailing lists