| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.DEB.2.22.394.2010150822260.184556@www.lameter.com>
Date: Thu, 15 Oct 2020 08:23:33 +0000 (UTC)
From: Christopher Lameter <cl@...ux.com>
To: Kees Cook <keescook@...omium.org>
cc: Andrew Morton <akpm@...ux-foundation.org>,
Vlastimil Babka <vbabka@...e.cz>,
Waiman Long <longman@...hat.com>,
Marco Elver <elver@...gle.com>,
Pekka Enberg <penberg@...nel.org>,
David Rientjes <rientjes@...gle.com>,
Joonsoo Kim <iamjoonsoo.kim@....com>,
Roman Gushchin <guro@...com>, linux-kernel@...r.kernel.org,
linux-doc@...r.kernel.org, linux-mm@...ck.org
Subject: Re: [PATCH v3 0/3] Actually fix freelist pointer vs redzoning
On Wed, 14 Oct 2020, Kees Cook wrote:
> Note on patch 2: Christopher NAKed it, but I actually think this is a
> reasonable thing to add -- the "too small" check is only made when built
> with CONFIG_DEBUG_VM, so it *is* actually possible for someone to trip
> over this directly, even if it would never make it into a released
> kernel. I see no reason to just leave this foot-gun in place, though, so
> we might as well just fix it too. (Which seems to be what Longman was
> similarly supporting, IIUC.)
Well then remove the duplication of checks. The NAK was there because it
seems that you were not aware of the existing checks.
> Anyway, if patch 2 stays NAKed, that's fine. It's entirely separable,
> and the other 2 can land. :)
Just deal with the old checks too and it will be fine.
Powered by blists - more mailing lists