lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20200311181120.4fb51c72@canb.auug.org.au>
Date:   Wed, 11 Mar 2020 18:11:20 +1100
From:   Stephen Rothwell <sfr@...b.auug.org.au>
To:     Andrew Morton <akpm@...ux-foundation.org>,
        Jonathan Corbet <corbet@....net>
Cc:     Linux Next Mailing List <linux-next@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Nitin Gote <nitin.r.gote@...el.com>,
        Kees Cook <keescook@...omium.org>
Subject: linux-next: manual merge of the akpm-current tree with the jc_docs
 tree

Hi all,

Today's linux-next merge of the akpm-current tree got a conflict in:

  Documentation/process/deprecated.rst

between commit:

  d8401f504b49 ("docs: deprecated.rst: Add %p to the list")
  76136e028d3b ("docs: deprecated.rst: Clean up fall-through details")
  7929b9836ed0 ("docs: Remove :c:func: from process/deprecated.rst")

from the jc_docs tree and commit:

  eacc9a8c9c2d ("Documentation/checkpatch: prefer stracpy/strscpy over strcpy/strlcpy/strncpy.")

from the akpm-current tree.

I fixed it up (see below) and can carry the fix as necessary. This
is now fixed as far as linux-next is concerned, but any non trivial
conflicts should be mentioned to your upstream maintainer when your tree
is submitted for merging.  You may also want to consider cooperating
with the maintainer of the conflicting tree to minimise any particularly
complex conflicts.

-- 
Cheers,
Stephen Rothwell

diff --cc Documentation/process/deprecated.rst
index e924d3197761,a0ffdc8daef3..000000000000
--- a/Documentation/process/deprecated.rst
+++ b/Documentation/process/deprecated.rst
@@@ -93,44 -93,22 +93,44 @@@ will be NUL terminated. This can lead t
  and other misbehavior due to the missing termination. It also NUL-pads the
  destination buffer if the source contents are shorter than the destination
  buffer size, which may be a needless performance penalty for callers using
- only NUL-terminated strings. The safe replacement is strscpy().
- (Users of strscpy() still needing NUL-padding should instead
- use strscpy_pad().)
+ only NUL-terminated strings. In this case, the safe replacement is
+ stracpy() or strscpy(). If, however, the destination buffer still needs
+ NUL-padding, the safe replacement is stracpy_pad().
  
 -If a caller is using non-NUL-terminated strings, :c:func:`strncpy()` can
 +If a caller is using non-NUL-terminated strings, strncpy()() can
  still be used, but destinations should be marked with the `__nonstring
  <https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html>`_
  attribute to avoid future compiler warnings.
  
  strlcpy()
  ---------
 -:c:func:`strlcpy` reads the entire source buffer first, possibly exceeding
 +strlcpy() reads the entire source buffer first, possibly exceeding
  the given limit of bytes to copy. This is inefficient and can lead to
  linear read overflows if a source string is not NUL-terminated. The
- safe replacement is strscpy().
+ safe replacement is stracpy() or strscpy().
  
 +%p format specifier
 +-------------------
 +Traditionally, using "%p" in format strings would lead to regular address
 +exposure flaws in dmesg, proc, sysfs, etc. Instead of leaving these to
 +be exploitable, all "%p" uses in the kernel are being printed as a hashed
 +value, rendering them unusable for addressing. New uses of "%p" should not
 +be added to the kernel. For text addresses, using "%pS" is likely better,
 +as it produces the more useful symbol name instead. For nearly everything
 +else, just do not add "%p" at all.
 +
 +Paraphrasing Linus's current `guidance <https://lore.kernel.org/lkml/CA+55aFwQEd_d40g4mUCSsVRZzrFPUJt74vc6PPpb675hYNXcKw@mail.gmail.com/>`_:
 +
 +- If the hashed "%p" value is pointless, ask yourself whether the pointer
 +  itself is important. Maybe it should be removed entirely?
 +- If you really think the true pointer value is important, why is some
 +  system state or user privilege level considered "special"? If you think
 +  you can justify it (in comments and commit log) well enough to stand
 +  up to Linus's scrutiny, maybe you can use "%px", along with making sure
 +  you have sensible permissions.
 +
 +And finally, know that a toggle for "%p" hashing will `not be accepted <https://lore.kernel.org/lkml/CA+55aFwieC1-nAs+NFq9RTwaR8ef9hWa4MjNBWL41F-8wM49eA@mail.gmail.com/>`_.
 +
  Variable Length Arrays (VLAs)
  -----------------------------
  Using stack VLAs produces much worse machine code than statically

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ