| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CABCJKucu1_Z1K7iFvo0_pratvVrG6SBDRnJuYZh-hVTYtukvFw@mail.gmail.com>
Date: Mon, 25 Jan 2021 12:40:22 -0800
From: Sami Tolvanen <samitolvanen@...gle.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Jiri Slaby <jirislaby@...nel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] n_tty: fix redirected_tty_write checks after write_iter conversion
On Mon, Jan 25, 2021 at 12:08 PM Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
>
> On Mon, Jan 25, 2021 at 12:03 PM Sami Tolvanen <samitolvanen@...gle.com> wrote:
> >
> > Neither, I noticed this because the conflicting function declarations
> > broke Clang's Control Flow Integrity checking.
>
> Ahh, interesting. Is that automated somewhere, or are you running your
> own special checks? It sounds like a useful thing.
I’m running a continuous integration script locally, which tests a few
basic kernel configurations with CFI to ensure they compile and boot.
We’re using CFI in Android kernels, so this helps catch issues before
they reach stable kernels.
> I was thinking that maybe I should make some sparse-based cross-file
> checker, but it sounds like -fsanitize=cfi (or whatever it is you do)
> catches it.
That might still be useful, because CFI only adds runtime checking.
It’s primarily a mitigation against code reuse attacks, but it does
find these types of issues occasionally.
Sami
Powered by blists - more mailing lists