| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160829175928.xtqneqhkq5xb5cju@treble>
Date: Mon, 29 Aug 2016 12:59:28 -0500
From: Josh Poimboeuf <jpoimboe@...hat.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Kees Cook <keescook@...omium.org>,
Thomas Gleixner <tglx@...utronix.de>,
Ingo Molnar <mingo@...nel.org>,
"H . Peter Anvin" <hpa@...or.com>,
"x86@...nel.org" <x86@...nel.org>,
LKML <linux-kernel@...r.kernel.org>,
Andy Lutomirski <luto@...capital.net>,
Steven Rostedt <rostedt@...dmis.org>,
Brian Gerst <brgerst@...il.com>,
Peter Zijlstra <peterz@...radead.org>,
Frederic Weisbecker <fweisbec@...il.com>,
Byungchul Park <byungchul.park@....com>,
Nilay Vaish <nilayvaish@...il.com>
Subject: Re: [PATCH v2] mm/usercopy: get rid of
CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
On Mon, Aug 29, 2016 at 12:08:13PM -0500, Josh Poimboeuf wrote:
> On Mon, Aug 29, 2016 at 08:36:46AM -0700, Linus Torvalds wrote:
> > On Mon, Aug 29, 2016 at 7:48 AM, Josh Poimboeuf <jpoimboe@...hat.com> wrote:
> > >
> > > So I *think* your patch fixes the wrong problem. That's probably at
> > > least somewhat my fault because I misunderstood the issue before and may
> > > have described it wrong at some point.
> > >
> > > AFAICT, gcc isn't doing anything wrong, and the false positives are
> > > "intentional".
> > >
> > > There are in fact two static warnings (which are being silenced for new
> > > versions of gcc):
> >
> > [ snip snip details ]
> >
> > Ok.
> >
> > Color me convinced, I never even looked at the two different cases, I
> > thought it was just one issue.
> >
> > Let's just remove the spurious false positive warning then, in order
> > to re-instate the *actual* warning that right now is disabled entirely
> > due to the unrelated false positives.
> >
> > Thanks for looking into this. Would you happen to also have a patch
> > that can be applied? Hint hint..
>
> How about something like this? I can split it up if needed...
>
> ---
>
> From: Josh Poimboeuf <jpoimboe@...hat.com>
> Subject: [PATCH v2] mm/usercopy: get rid of CONFIG_DEBUG_STRICT_USER_COPY_CHECKS
...and that failed to build on tile and parisc. Here's the fix:
----
diff --git a/arch/parisc/include/asm/uaccess.h b/arch/parisc/include/asm/uaccess.h
index 736c0c1..e915048 100644
--- a/arch/parisc/include/asm/uaccess.h
+++ b/arch/parisc/include/asm/uaccess.h
@@ -225,7 +225,7 @@ static inline unsigned long __must_check copy_from_user(void *to,
if (likely(sz == -1 || sz >= n))
ret = __copy_from_user(to, from, n);
- else (!__builtin_constant_p(n))
+ else if (!__builtin_constant_p(n))
copy_user_overflow(sz, n);
else
__bad_copy_user();
diff --git a/arch/tile/include/asm/uaccess.h b/arch/tile/include/asm/uaccess.h
index c664300..4416f09 100644
--- a/arch/tile/include/asm/uaccess.h
+++ b/arch/tile/include/asm/uaccess.h
@@ -433,7 +433,7 @@ static inline unsigned long __must_check copy_from_user(void *to,
if (likely(sz == -1 || sz >= n))
n = _copy_from_user(to, from, n);
else if (!__builtin_constant_p(n))
- copy_user_overflow();
+ copy_user_overflow(sz, n);
else
__bad_copy_user();
Powered by blists - more mailing lists