| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 04 Oct 2022 07:39:53 -0700
From: Kees Cook <keescook@...omium.org>
To: "Jason A. Donenfeld" <Jason@...c4.com>
CC: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
linux-kernel@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>
Subject: Re: [PATCH v3 1/2] minmax: sanity check constant bounds when clamping
On October 4, 2022 6:41:48 AM PDT, "Jason A. Donenfeld" <Jason@...c4.com> wrote:
>On Mon, Sep 26, 2022 at 8:26 PM Kees Cook <keescook@...omium.org> wrote:
>>
>> On Mon, Sep 26, 2022 at 03:34:34PM +0200, Jason A. Donenfeld wrote:
>> > The clamp family of functions only makes sense if hi>=lo. If hi and lo
>> > are compile-time constants, then raise a build error. Doing so has
>> > already caught buggy code. This also introduces the infrastructure to
>> > improve the clamping function in subsequent commits.
>> >
>> > Cc: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
>> > Cc: Andrew Morton <akpm@...ux-foundation.org>
>> > Cc: Kees Cook <keescook@...omium.org>
>> > Signed-off-by: Jason A. Donenfeld <Jason@...c4.com>
>>
>> Reviewed-by: Kees Cook <keescook@...omium.org>
>
>Wondering - did you ever queue this up for 6.1? I assume the plan is
>to hold off on 2/2 for the time being, but this 1/2 is good to have
>either way.
Since it produced at least one warning, there may be others in weird archs/configs, so I wanted it to bake in -next after the merge window for 6.1 closes. It's a good feature, but I didn't want to risk new build warnings so close to the merge. :)
--
Kees Cook
Powered by blists - more mailing lists