lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 26 Jun 2018 13:21:35 -0700
From:   Joe Perches <joe@...ches.com>
To:     Kees Cook <keescook@...omium.org>, linux-kernel@...r.kernel.org
Cc:     "Gustavo A. R. Silva" <gustavo@...eddedor.com>,
        Masahiro Yamada <yamada.masahiro@...ionext.com>,
        Michal Marek <michal.lkml@...kovi.net>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Palmer Dabbelt <palmer@...belt.com>,
        Matt Redfearn <matt.redfearn@...s.com>,
        Sebastian Andrzej Siewior <bigeasy@...utronix.de>,
        David Airlie <airlied@...ux.ie>, linux-kbuild@...r.kernel.org,
        intel-gfx@...ts.freedesktop.org, dri-devel@...ts.freedesktop.org,
        Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [RFC][PATCH] Makefile: globally enable VLA warning

On Tue, 2018-06-26 at 10:40 -0700, Kees Cook wrote:
> This is the patch I've got prepared now that fixes for all VLAs have been
> sent to maintainers (some are still under review/adjustment, but there
> aren't any unexplored cases left). My intention would be to have this land
> at the end of the next merge window after all the pending VLA patches
> have landed. I just wanted to get any feedback here, since it touches
> a couple areas in the process and I didn't want anyone to be surprised. :)
[]
> diff --git a/Makefile b/Makefile
[]
> @@ -778,6 +778,9 @@ NOSTDINC_FLAGS += -nostdinc -isystem $(shell $(CC) -print-file-name=include)
>  # warn about C99 declaration after statement
>  KBUILD_CFLAGS += $(call cc-option,-Wdeclaration-after-statement,)
>  
> +# VLAs should not be used anywhere in the kernel
> +KBUILD_CFLAGS += $(call cc-option,-Wvla)

I'd probably spell out what a VLA is here.
# VLAs (Variable Length Arrays) should not be used anywhere in the kernel

Beyond that, seems sensible, thanks.

Powered by blists - more mailing lists