lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <202310081402.F4DBC2B@keescook>
Date:   Sun, 8 Oct 2023 14:02:28 -0700
From:   Kees Cook <keescook@...omium.org>
To:     Hans Verkuil <hverkuil-cisco@...all.nl>
Cc:     Mauro Carvalho Chehab <mchehab@...nel.org>,
        lijian <lijian@...ong.com>, linux-media@...r.kernel.org,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Tom Rix <trix@...hat.com>, linux-kernel@...r.kernel.org,
        llvm@...ts.linux.dev, linux-hardening@...r.kernel.org
Subject: Re: [PATCH] media: v4l2-event: Annotate struct v4l2_subscribed_event
 with __counted_by

On Sat, Oct 07, 2023 at 11:21:26AM +0200, Hans Verkuil wrote:
> On 06/10/2023 22:28, Kees Cook wrote:
> > On Fri, 22 Sep 2023 10:49:52 -0700, Kees Cook wrote:
> >> Prepare for the coming implementation by GCC and Clang of the __counted_by
> >> attribute. Flexible array members annotated with __counted_by can have
> >> their accesses bounds-checked at run-time checking via CONFIG_UBSAN_BOUNDS
> >> (for array indexing) and CONFIG_FORTIFY_SOURCE (for strcpy/memcpy-family
> >> functions).
> >>
> >> As found with Coccinelle[1], add __counted_by for struct v4l2_subscribed_event.
> >> Additionally, since the element count member must be set before accessing
> >> the annotated flexible array member, move its initialization earlier.
> >>
> >> [...]
> > 
> > Since this is a trivial change and it's been 2 week without further
> > discussion, I'll snag this patch.
> 
> Ah, I picked this up for media as well. Same for the other patch.
> You should have gotten an email from patchwork on Oct 3 that it was accepted.
> 
> I think I should be more pro-active and reply when I pick up patches from
> non-media developers instead of relying on patchwork. It seems that it is
> easy to miss emails from patchwork.

Ah! Thanks for reminding me. I'll drop them from the hardening tree. :)

-Kees

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ