lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20091001091751.5e7c1782@infradead.org>
Date:	Thu, 1 Oct 2009 09:17:51 +0200
From:	Arjan van de Ven <arjan@...radead.org>
To:	Andrew Morton <akpm@...ux-foundation.org>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] floppy: Add an extra bound check on ioctl arguments

On Wed, 30 Sep 2009 16:13:16 -0700
Andrew Morton <akpm@...ux-foundation.org> wrote:

> On Wed, 30 Sep 2009 13:17:09 +0200
> Arjan van de Ven <arjan@...radead.org> wrote:
> 
> > gcc is not convinced that the floppy.c ioctl has sufficient bound
> > checks,
> 
> gad.  You said "floppy" and "ioctl" in the same sentence.  Where
> angels fear to tread.

I have to admit I was very much not looking forward to working on this
warning, and made sure to wear protective clothing and that my
immunizations were up to date.
> 
> It would be useful if you were to quote the gcc output in the
> changelog please. 


In function ‘copy_from_user’,
    inlined from ‘fd_copyin’ at drivers/block/floppy.c:3080,
    inlined from ‘fd_ioctl’ at drivers/block/floppy.c:3503:
/home/arjan/linux/arch/x86/include/asm/uaccess_32.h:211:
warning: call to ‘copy_from_user_overflow’ declared with attribute
warning: copy_from_user buffer size is not provably correct

> I assume that you're using some magical new gcc
> option or something?

Not so much a new option, as using an option that has been there for a
while, and has been used extensively in userspace, just not yet in the
kernel. The patches are in the -tip tree, but if you want to take a
peek I can send them to you as well... they find some "interesting"
stuff.


-- 
Arjan van de Ven 	Intel Open Source Technology Centre
For development, discussion and tips for power savings, 
visit http://www.lesswatts.org
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ