lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20100824150655.GB2160@osiris.boeblingen.de.ibm.com>
Date:	Tue, 24 Aug 2010 17:06:55 +0200
From:	Heiko Carstens <heiko.carstens@...ibm.com>
To:	Arnd Bergmann <arnd@...db.de>
Cc:	Stephen Boyd <sboyd@...eaurora.org>,
	Martin Schwidefsky <schwidefsky@...ibm.com>,
	linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
	Russell King <linux@....linux.org.uk>
Subject: Re: [PATCH v2] ARM: uaccess: Implement strict user copy checks

On Thu, Aug 19, 2010 at 01:09:15PM +0200, Arnd Bergmann wrote:
> On Wednesday 18 August 2010, Stephen Boyd wrote:
> > So the only sticking point now is that x86, parisc, and arm use warnings 
> > and errors but s390 only uses warnings. I guess I'll reword it to be:
> > 
> >         Enabling this option turns a certain set of sanity checks for
> >         user copy operations into compile time warnings/errors.
> > 
> >         The copy_from_user() etc checks are there to help test if there
> >         are sufficient security checks on the length argument of the
> >         copy operation, by having gcc prove that the argument is
> >         within bounds.
> > 
> >         If unsure, or if you run an older (pre 4.4) gcc where this
> >         option is a no-op, say N.
> > 
> > or I'll add a patch to make s390 trigger an error when this is enabled?
> 
> (Taking Martin and Heiko on Cc for s390)
> 
> I'd strongly suggest making the behavior the same for everyone. It should
> be fairly easy to make sure none of these warnings ever triggers
> on s390, because most of the Linux device driver code does not get build
> there anyway.

Please don't do that. An s390 allyesconfig still triggers 45 warnings and
I'm currently not willing to "patch" working code just to get rid of these
warnings which are most likely all false positives.
That's the reason why we currently don't error out and only generate
warnings.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ