lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4C6C3910.80800@codeaurora.org>
Date:	Wed, 18 Aug 2010 12:48:32 -0700
From:	Stephen Boyd <sboyd@...eaurora.org>
To:	Arnd Bergmann <arnd@...db.de>
CC:	linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
	Russell King <linux@....linux.org.uk>
Subject: Re: [PATCH v2] ARM: uaccess: Implement strict user copy checks

On 08/18/2010 05:28 AM, Arnd Bergmann wrote:
> On Wednesday 18 August 2010, Stephen Boyd wrote:
>>
>> I'm unsure what needs to be done for the follow up patch. Shouldn't
>> it be multiple patches sent to each arch maintainer to fix the
>> wording?
>
> No, that will just result in half of them applying it, best make
> a single patch and send it to linux-arch@...r.kernel.org for review.
>
> It's probably best to move the config option to lib/Kconfig.debug
> so it only appears once, and make it depend on DEBUG_USER_COPY_CHECKS,
> which is then unconditionally defined by the architectures that want it.

Ok.

So the only sticking point now is that x86, parisc, and arm use warnings 
and errors but s390 only uses warnings. I guess I'll reword it to be:

	Enabling this option turns a certain set of sanity checks for
	user copy operations into compile time warnings/errors.

	The copy_from_user() etc checks are there to help test if there
	are sufficient security checks on the length argument of the
	copy operation, by having gcc prove that the argument is
	within bounds.

	If unsure, or if you run an older (pre 4.4) gcc where this
	option is a no-op, say N.

or I'll add a patch to make s390 trigger an error when this is enabled?

-- 
Sent by an employee of the Qualcomm Innovation Center, Inc.
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ