From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
To: Kees Cook <keescook@chromium.org>
Cc: linux-kernel@vger.kernel.org, Andy Shevchenko <andy@kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Nick Desaulniers <ndesaulniers@google.com>,
Andy Lavr <andy.lavr@gmail.com>,
Nathan Chancellor <nathan@kernel.org>,
Alexey Dobriyan <adobriyan@gmail.com>,
Stephen Rothwell <sfr@canb.auug.org.au>,
Bartosz Golaszewski <bgolaszewski@baylibre.com>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-wireless@vger.kernel.org, netdev@vger.kernel.org,
dri-devel@lists.freedesktop.org, linux-staging@lists.linux.dev,
linux-block@vger.kernel.org, linux-kbuild@vger.kernel.org,
clang-built-linux@googlegroups.com,
Rasmus Villemoes <linux@rasmusvillemoes.dk>,
linux-hardening@vger.kernel.org
Subject: Re: [PATCH v2 26/63] lib/string: Move helper functions out of string.c
Date: Wed, 18 Aug 2021 12:35:58 +0300 [thread overview]
Message-ID: <YRzUfib7a/APXztH@smile.fi.intel.com> (raw)
In-Reply-To: <20210818060533.3569517-27-keescook@chromium.org>
On Tue, Aug 17, 2021 at 11:04:56PM -0700, Kees Cook wrote:
> The core functions of string.c are those that may be implemented by
> per-architecture functions, or overloaded by FORTIFY_SOURCE. As a
> result, it needs to be built with __NO_FORTIFY. Without this, macros
> will collide with function declarations. This was accidentally working
> due to -ffreestanding (on some architectures). Make this deterministic
> by explicitly setting __NO_FORTIFY and move all the helper functions
> into string_helpers.c so that they gain the fortification coverage they
> had been missing.
No objections
Acked-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
> Cc: Andy Shevchenko <andy@kernel.org>
> Cc: Andrew Morton <akpm@linux-foundation.org>
> Cc: Nick Desaulniers <ndesaulniers@google.com>
> Cc: Andy Lavr <andy.lavr@gmail.com>
> Cc: Nathan Chancellor <nathan@kernel.org>
> Cc: Alexey Dobriyan <adobriyan@gmail.com>
> Cc: Stephen Rothwell <sfr@canb.auug.org.au>
> Cc: Bartosz Golaszewski <bgolaszewski@baylibre.com>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> ---
> arch/arm/boot/compressed/string.c | 1 +
> arch/s390/lib/string.c | 3 +
> arch/x86/boot/compressed/misc.h | 2 +
> arch/x86/boot/compressed/pgtable_64.c | 2 +
> arch/x86/lib/string_32.c | 1 +
> lib/string.c | 210 +-------------------------
> lib/string_helpers.c | 193 +++++++++++++++++++++++
> 7 files changed, 208 insertions(+), 204 deletions(-)
>
> diff --git a/arch/arm/boot/compressed/string.c b/arch/arm/boot/compressed/string.c
> index 8c0fa276d994..fcc678fce045 100644
> --- a/arch/arm/boot/compressed/string.c
> +++ b/arch/arm/boot/compressed/string.c
> @@ -5,6 +5,7 @@
> * Small subset of simple string routines
> */
>
> +#define __NO_FORTIFY
> #include <linux/string.h>
>
> /*
> diff --git a/arch/s390/lib/string.c b/arch/s390/lib/string.c
> index cfcdf76d6a95..392fb9f4f4db 100644
> --- a/arch/s390/lib/string.c
> +++ b/arch/s390/lib/string.c
> @@ -8,6 +8,9 @@
> */
>
> #define IN_ARCH_STRING_C 1
> +#ifndef __NO_FORTIFY
> +# define __NO_FORTIFY
> +#endif
>
> #include <linux/types.h>
> #include <linux/string.h>
> diff --git a/arch/x86/boot/compressed/misc.h b/arch/x86/boot/compressed/misc.h
> index 31139256859f..49bde196da9b 100644
> --- a/arch/x86/boot/compressed/misc.h
> +++ b/arch/x86/boot/compressed/misc.h
> @@ -14,6 +14,8 @@
> #undef CONFIG_KASAN
> #undef CONFIG_KASAN_GENERIC
>
> +#define __NO_FORTIFY
> +
> /* cpu_feature_enabled() cannot be used this early */
> #define USE_EARLY_PGTABLE_L5
>
> diff --git a/arch/x86/boot/compressed/pgtable_64.c b/arch/x86/boot/compressed/pgtable_64.c
> index 2a78746f5a4c..a1733319a22a 100644
> --- a/arch/x86/boot/compressed/pgtable_64.c
> +++ b/arch/x86/boot/compressed/pgtable_64.c
> @@ -1,3 +1,5 @@
> +// SPDX-License-Identifier: GPL-2.0
> +#include "misc.h"
> #include <linux/efi.h>
> #include <asm/e820/types.h>
> #include <asm/processor.h>
> diff --git a/arch/x86/lib/string_32.c b/arch/x86/lib/string_32.c
> index d15fdae9656e..53b3f202267c 100644
> --- a/arch/x86/lib/string_32.c
> +++ b/arch/x86/lib/string_32.c
> @@ -11,6 +11,7 @@
> * strings.
> */
>
> +#define __NO_FORTIFY
> #include <linux/string.h>
> #include <linux/export.h>
>
> diff --git a/lib/string.c b/lib/string.c
> index 4fec38fc6e58..4e111d9dd6d5 100644
> --- a/lib/string.c
> +++ b/lib/string.c
> @@ -6,20 +6,15 @@
> */
>
> /*
> - * stupid library routines.. The optimized versions should generally be found
> - * as inline code in <asm-xx/string.h>
> + * This file should be used only for "library" routines that may have
> + * alternative implementations on specific architectures (generally
> + * found in <asm-xx/string.h>), or get overloaded by FORTIFY_SOURCE.
> + * (Specifically, this file is built with __NO_FORTIFY.)
> *
> - * These are buggy as well..
> - *
> - * * Fri Jun 25 1999, Ingo Oeser <ioe@informatik.tu-chemnitz.de>
> - * - Added strsep() which will replace strtok() soon (because strsep() is
> - * reentrant and should be faster). Use only strsep() in new code, please.
> - *
> - * * Sat Feb 09 2002, Jason Thomas <jason@topic.com.au>,
> - * Matthew Hawkins <matt@mh.dropbear.id.au>
> - * - Kissed strtok() goodbye
> + * Other helper functions should live in string_helpers.c.
> */
>
> +#define __NO_FORTIFY
> #include <linux/types.h>
> #include <linux/string.h>
> #include <linux/ctype.h>
> @@ -254,40 +249,6 @@ ssize_t strscpy(char *dest, const char *src, size_t count)
> EXPORT_SYMBOL(strscpy);
> #endif
>
> -/**
> - * strscpy_pad() - Copy a C-string into a sized buffer
> - * @dest: Where to copy the string to
> - * @src: Where to copy the string from
> - * @count: Size of destination buffer
> - *
> - * Copy the string, or as much of it as fits, into the dest buffer. The
> - * behavior is undefined if the string buffers overlap. The destination
> - * buffer is always %NUL terminated, unless it's zero-sized.
> - *
> - * If the source string is shorter than the destination buffer, zeros
> - * the tail of the destination buffer.
> - *
> - * For full explanation of why you may want to consider using the
> - * 'strscpy' functions please see the function docstring for strscpy().
> - *
> - * Returns:
> - * * The number of characters copied (not including the trailing %NUL)
> - * * -E2BIG if count is 0 or @src was truncated.
> - */
> -ssize_t strscpy_pad(char *dest, const char *src, size_t count)
> -{
> - ssize_t written;
> -
> - written = strscpy(dest, src, count);
> - if (written < 0 || written == count - 1)
> - return written;
> -
> - memset(dest + written + 1, 0, count - written - 1);
> -
> - return written;
> -}
> -EXPORT_SYMBOL(strscpy_pad);
> -
> /**
> * stpcpy - copy a string from src to dest returning a pointer to the new end
> * of dest, including src's %NUL-terminator. May overrun dest.
> @@ -530,46 +491,6 @@ char *strnchr(const char *s, size_t count, int c)
> EXPORT_SYMBOL(strnchr);
> #endif
>
> -/**
> - * skip_spaces - Removes leading whitespace from @str.
> - * @str: The string to be stripped.
> - *
> - * Returns a pointer to the first non-whitespace character in @str.
> - */
> -char *skip_spaces(const char *str)
> -{
> - while (isspace(*str))
> - ++str;
> - return (char *)str;
> -}
> -EXPORT_SYMBOL(skip_spaces);
> -
> -/**
> - * strim - Removes leading and trailing whitespace from @s.
> - * @s: The string to be stripped.
> - *
> - * Note that the first trailing whitespace is replaced with a %NUL-terminator
> - * in the given string @s. Returns a pointer to the first non-whitespace
> - * character in @s.
> - */
> -char *strim(char *s)
> -{
> - size_t size;
> - char *end;
> -
> - size = strlen(s);
> - if (!size)
> - return s;
> -
> - end = s + size - 1;
> - while (end >= s && isspace(*end))
> - end--;
> - *(end + 1) = '\0';
> -
> - return skip_spaces(s);
> -}
> -EXPORT_SYMBOL(strim);
> -
> #ifndef __HAVE_ARCH_STRLEN
> /**
> * strlen - Find the length of a string
> @@ -704,101 +625,6 @@ char *strsep(char **s, const char *ct)
> EXPORT_SYMBOL(strsep);
> #endif
>
> -/**
> - * sysfs_streq - return true if strings are equal, modulo trailing newline
> - * @s1: one string
> - * @s2: another string
> - *
> - * This routine returns true iff two strings are equal, treating both
> - * NUL and newline-then-NUL as equivalent string terminations. It's
> - * geared for use with sysfs input strings, which generally terminate
> - * with newlines but are compared against values without newlines.
> - */
> -bool sysfs_streq(const char *s1, const char *s2)
> -{
> - while (*s1 && *s1 == *s2) {
> - s1++;
> - s2++;
> - }
> -
> - if (*s1 == *s2)
> - return true;
> - if (!*s1 && *s2 == '\n' && !s2[1])
> - return true;
> - if (*s1 == '\n' && !s1[1] && !*s2)
> - return true;
> - return false;
> -}
> -EXPORT_SYMBOL(sysfs_streq);
> -
> -/**
> - * match_string - matches given string in an array
> - * @array: array of strings
> - * @n: number of strings in the array or -1 for NULL terminated arrays
> - * @string: string to match with
> - *
> - * This routine will look for a string in an array of strings up to the
> - * n-th element in the array or until the first NULL element.
> - *
> - * Historically the value of -1 for @n, was used to search in arrays that
> - * are NULL terminated. However, the function does not make a distinction
> - * when finishing the search: either @n elements have been compared OR
> - * the first NULL element was found.
> - *
> - * Return:
> - * index of a @string in the @array if matches, or %-EINVAL otherwise.
> - */
> -int match_string(const char * const *array, size_t n, const char *string)
> -{
> - int index;
> - const char *item;
> -
> - for (index = 0; index < n; index++) {
> - item = array[index];
> - if (!item)
> - break;
> - if (!strcmp(item, string))
> - return index;
> - }
> -
> - return -EINVAL;
> -}
> -EXPORT_SYMBOL(match_string);
> -
> -/**
> - * __sysfs_match_string - matches given string in an array
> - * @array: array of strings
> - * @n: number of strings in the array or -1 for NULL terminated arrays
> - * @str: string to match with
> - *
> - * Returns index of @str in the @array or -EINVAL, just like match_string().
> - * Uses sysfs_streq instead of strcmp for matching.
> - *
> - * This routine will look for a string in an array of strings up to the
> - * n-th element in the array or until the first NULL element.
> - *
> - * Historically the value of -1 for @n, was used to search in arrays that
> - * are NULL terminated. However, the function does not make a distinction
> - * when finishing the search: either @n elements have been compared OR
> - * the first NULL element was found.
> - */
> -int __sysfs_match_string(const char * const *array, size_t n, const char *str)
> -{
> - const char *item;
> - int index;
> -
> - for (index = 0; index < n; index++) {
> - item = array[index];
> - if (!item)
> - break;
> - if (sysfs_streq(item, str))
> - return index;
> - }
> -
> - return -EINVAL;
> -}
> -EXPORT_SYMBOL(__sysfs_match_string);
> -
> #ifndef __HAVE_ARCH_MEMSET
> /**
> * memset - Fill a region of memory with the given value
> @@ -1221,27 +1047,3 @@ void *memchr_inv(const void *start, int c, size_t bytes)
> return check_bytes8(start, value, bytes % 8);
> }
> EXPORT_SYMBOL(memchr_inv);
> -
> -/**
> - * strreplace - Replace all occurrences of character in string.
> - * @s: The string to operate on.
> - * @old: The character being replaced.
> - * @new: The character @old is replaced with.
> - *
> - * Returns pointer to the nul byte at the end of @s.
> - */
> -char *strreplace(char *s, char old, char new)
> -{
> - for (; *s; ++s)
> - if (*s == old)
> - *s = new;
> - return s;
> -}
> -EXPORT_SYMBOL(strreplace);
> -
> -void fortify_panic(const char *name)
> -{
> - pr_emerg("detected buffer overflow in %s\n", name);
> - BUG();
> -}
> -EXPORT_SYMBOL(fortify_panic);
> diff --git a/lib/string_helpers.c b/lib/string_helpers.c
> index 3806a52ce697..bde13612c25d 100644
> --- a/lib/string_helpers.c
> +++ b/lib/string_helpers.c
> @@ -696,3 +696,196 @@ void kfree_strarray(char **array, size_t n)
> kfree(array);
> }
> EXPORT_SYMBOL_GPL(kfree_strarray);
> +
> +/**
> + * strscpy_pad() - Copy a C-string into a sized buffer
> + * @dest: Where to copy the string to
> + * @src: Where to copy the string from
> + * @count: Size of destination buffer
> + *
> + * Copy the string, or as much of it as fits, into the dest buffer. The
> + * behavior is undefined if the string buffers overlap. The destination
> + * buffer is always %NUL terminated, unless it's zero-sized.
> + *
> + * If the source string is shorter than the destination buffer, zeros
> + * the tail of the destination buffer.
> + *
> + * For full explanation of why you may want to consider using the
> + * 'strscpy' functions please see the function docstring for strscpy().
> + *
> + * Returns:
> + * * The number of characters copied (not including the trailing %NUL)
> + * * -E2BIG if count is 0 or @src was truncated.
> + */
> +ssize_t strscpy_pad(char *dest, const char *src, size_t count)
> +{
> + ssize_t written;
> +
> + written = strscpy(dest, src, count);
> + if (written < 0 || written == count - 1)
> + return written;
> +
> + memset(dest + written + 1, 0, count - written - 1);
> +
> + return written;
> +}
> +EXPORT_SYMBOL(strscpy_pad);
> +
> +/**
> + * skip_spaces - Removes leading whitespace from @str.
> + * @str: The string to be stripped.
> + *
> + * Returns a pointer to the first non-whitespace character in @str.
> + */
> +char *skip_spaces(const char *str)
> +{
> + while (isspace(*str))
> + ++str;
> + return (char *)str;
> +}
> +EXPORT_SYMBOL(skip_spaces);
> +
> +/**
> + * strim - Removes leading and trailing whitespace from @s.
> + * @s: The string to be stripped.
> + *
> + * Note that the first trailing whitespace is replaced with a %NUL-terminator
> + * in the given string @s. Returns a pointer to the first non-whitespace
> + * character in @s.
> + */
> +char *strim(char *s)
> +{
> + size_t size;
> + char *end;
> +
> + size = strlen(s);
> + if (!size)
> + return s;
> +
> + end = s + size - 1;
> + while (end >= s && isspace(*end))
> + end--;
> + *(end + 1) = '\0';
> +
> + return skip_spaces(s);
> +}
> +EXPORT_SYMBOL(strim);
> +
> +/**
> + * sysfs_streq - return true if strings are equal, modulo trailing newline
> + * @s1: one string
> + * @s2: another string
> + *
> + * This routine returns true iff two strings are equal, treating both
> + * NUL and newline-then-NUL as equivalent string terminations. It's
> + * geared for use with sysfs input strings, which generally terminate
> + * with newlines but are compared against values without newlines.
> + */
> +bool sysfs_streq(const char *s1, const char *s2)
> +{
> + while (*s1 && *s1 == *s2) {
> + s1++;
> + s2++;
> + }
> +
> + if (*s1 == *s2)
> + return true;
> + if (!*s1 && *s2 == '\n' && !s2[1])
> + return true;
> + if (*s1 == '\n' && !s1[1] && !*s2)
> + return true;
> + return false;
> +}
> +EXPORT_SYMBOL(sysfs_streq);
> +
> +/**
> + * match_string - matches given string in an array
> + * @array: array of strings
> + * @n: number of strings in the array or -1 for NULL terminated arrays
> + * @string: string to match with
> + *
> + * This routine will look for a string in an array of strings up to the
> + * n-th element in the array or until the first NULL element.
> + *
> + * Historically the value of -1 for @n, was used to search in arrays that
> + * are NULL terminated. However, the function does not make a distinction
> + * when finishing the search: either @n elements have been compared OR
> + * the first NULL element was found.
> + *
> + * Return:
> + * index of a @string in the @array if matches, or %-EINVAL otherwise.
> + */
> +int match_string(const char * const *array, size_t n, const char *string)
> +{
> + int index;
> + const char *item;
> +
> + for (index = 0; index < n; index++) {
> + item = array[index];
> + if (!item)
> + break;
> + if (!strcmp(item, string))
> + return index;
> + }
> +
> + return -EINVAL;
> +}
> +EXPORT_SYMBOL(match_string);
> +
> +/**
> + * __sysfs_match_string - matches given string in an array
> + * @array: array of strings
> + * @n: number of strings in the array or -1 for NULL terminated arrays
> + * @str: string to match with
> + *
> + * Returns index of @str in the @array or -EINVAL, just like match_string().
> + * Uses sysfs_streq instead of strcmp for matching.
> + *
> + * This routine will look for a string in an array of strings up to the
> + * n-th element in the array or until the first NULL element.
> + *
> + * Historically the value of -1 for @n, was used to search in arrays that
> + * are NULL terminated. However, the function does not make a distinction
> + * when finishing the search: either @n elements have been compared OR
> + * the first NULL element was found.
> + */
> +int __sysfs_match_string(const char * const *array, size_t n, const char *str)
> +{
> + const char *item;
> + int index;
> +
> + for (index = 0; index < n; index++) {
> + item = array[index];
> + if (!item)
> + break;
> + if (sysfs_streq(item, str))
> + return index;
> + }
> +
> + return -EINVAL;
> +}
> +EXPORT_SYMBOL(__sysfs_match_string);
> +
> +/**
> + * strreplace - Replace all occurrences of character in string.
> + * @s: The string to operate on.
> + * @old: The character being replaced.
> + * @new: The character @old is replaced with.
> + *
> + * Returns pointer to the nul byte at the end of @s.
> + */
> +char *strreplace(char *s, char old, char new)
> +{
> + for (; *s; ++s)
> + if (*s == old)
> + *s = new;
> + return s;
> +}
> +EXPORT_SYMBOL(strreplace);
> +
> +void fortify_panic(const char *name)
> +{
> + pr_emerg("detected buffer overflow in %s\n", name);
> + BUG();
> +}
> +EXPORT_SYMBOL(fortify_panic);
> --
> 2.30.2
>
--
With Best Regards,
Andy Shevchenko
next prev parent reply other threads:[~2021-08-18 9:37 UTC|newest]
Thread overview: 116+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-08-18 6:04 [PATCH v2 00/63] Introduce strict memcpy() bounds checking Kees Cook
2021-08-18 6:04 ` [PATCH v2 01/63] ipw2x00: Avoid field-overflowing memcpy() Kees Cook
2021-08-18 6:04 ` [PATCH v2 02/63] net/mlx5e: " Kees Cook
2021-08-18 6:04 ` [PATCH v2 03/63] rpmsg: glink: Replace strncpy() with strscpy_pad() Kees Cook
2021-08-18 6:04 ` [PATCH v2 04/63] pcmcia: ray_cs: Split memcpy() to avoid bounds check warning Kees Cook
2021-08-18 6:04 ` [PATCH v2 05/63] stddef: Introduce struct_group() helper macro Kees Cook
2021-08-18 22:35 ` Dan Williams
2021-08-18 6:04 ` [PATCH v2 06/63] cxl/core: Replace unions with struct_group() Kees Cook
2021-08-18 22:36 ` Dan Williams
2021-08-18 6:04 ` [PATCH v2 07/63] skbuff: Switch structure bounds to struct_group() Kees Cook
2021-09-01 13:46 ` Jason A. Donenfeld
2021-08-18 6:04 ` [PATCH v2 08/63] bnxt_en: Use struct_group_attr() for memcpy() region Kees Cook
2021-08-18 6:04 ` [PATCH v2 09/63] mwl8k: Use struct_group() " Kees Cook
2021-08-18 6:04 ` [PATCH v2 10/63] libertas: " Kees Cook
2021-08-18 6:04 ` [PATCH v2 11/63] libertas_tf: " Kees Cook
2021-08-18 6:04 ` [PATCH v2 12/63] thermal: intel: int340x_thermal: " Kees Cook
2021-11-23 13:19 ` Rafael J. Wysocki
2021-11-23 23:53 ` Srinivas Pandruvada
2021-11-24 13:33 ` Rafael J. Wysocki
2021-08-18 6:04 ` [PATCH v2 13/63] iommu/amd: " Kees Cook
2021-08-18 11:34 ` Joerg Roedel
2021-08-18 6:04 ` [PATCH v2 14/63] cxgb3: " Kees Cook
2021-08-18 6:04 ` [PATCH v2 15/63] intersil: " Kees Cook
2021-08-18 6:04 ` [PATCH v2 16/63] cxgb4: " Kees Cook
2021-08-18 6:04 ` [PATCH v2 17/63] bnx2x: " Kees Cook
2021-08-18 6:04 ` [PATCH v2 18/63] drm/amd/pm: " Kees Cook
2021-08-18 11:42 ` Lazar, Lijo
2021-08-18 23:59 ` Kees Cook
2021-08-19 5:03 ` Lazar, Lijo
2021-08-19 19:58 ` Kees Cook
2021-08-18 6:04 ` [PATCH v2 19/63] staging: wlan-ng: " Kees Cook
2021-08-18 6:04 ` [PATCH v2 20/63] drm/mga/mga_ioc32: " Kees Cook
2021-08-18 6:04 ` [PATCH v2 21/63] net/mlx5e: " Kees Cook
2021-08-18 6:04 ` [PATCH v2 22/63] HID: cp2112: " Kees Cook
2021-08-20 13:01 ` Jiri Kosina
2021-08-20 15:48 ` Kees Cook
2021-08-18 6:04 ` [PATCH v2 23/63] media: omap3isp: " Kees Cook
2021-08-18 6:04 ` [PATCH v2 24/63] sata_fsl: " Kees Cook
2021-08-18 6:04 ` [PATCH v2 25/63] compiler_types.h: Remove __compiletime_object_size() Kees Cook
2021-08-18 13:02 ` Miguel Ojeda
2021-08-18 6:04 ` [PATCH v2 26/63] lib/string: Move helper functions out of string.c Kees Cook
2021-08-18 9:35 ` Andy Shevchenko [this message]
2021-08-18 6:04 ` [PATCH v2 27/63] fortify: Move remaining fortify helpers into fortify-string.h Kees Cook
2021-08-18 19:05 ` Francis Laniel
2021-08-18 6:04 ` [PATCH v2 28/63] fortify: Explicitly disable Clang support Kees Cook
2021-08-18 6:04 ` [PATCH v2 29/63] fortify: Fix dropped strcpy() compile-time write overflow check Kees Cook
2021-08-18 6:05 ` [PATCH v2 30/63] fortify: Prepare to improve strnlen() and strlen() warnings Kees Cook
2021-08-18 6:05 ` [PATCH v2 31/63] fortify: Allow strlen() and strnlen() to pass compile-time known lengths Kees Cook
2021-08-18 6:05 ` [PATCH v2 32/63] fortify: Add compile-time FORTIFY_SOURCE tests Kees Cook
2021-08-18 6:05 ` [PATCH v2 33/63] lib: Introduce CONFIG_TEST_MEMCPY Kees Cook
2021-08-18 6:05 ` [PATCH v2 34/63] fortify: Detect struct member overflows in memcpy() at compile-time Kees Cook
2021-08-18 6:05 ` [PATCH v2 35/63] fortify: Detect struct member overflows in memmove() " Kees Cook
2021-08-18 6:05 ` [PATCH v2 36/63] scsi: ibmvscsi: Avoid multi-field memset() overflow by aiming at srp Kees Cook
2021-08-18 6:05 ` [PATCH v2 37/63] string.h: Introduce memset_after() for wiping trailing members/padding Kees Cook
2021-08-18 6:05 ` [PATCH v2 38/63] xfrm: Use memset_after() to clear padding Kees Cook
2021-08-18 6:05 ` [PATCH v2 39/63] ipv6: Use memset_after() to zero rt6_info Kees Cook
2021-08-18 6:05 ` [PATCH v2 40/63] netfilter: conntrack: Use memset_startat() to zero struct nf_conn Kees Cook
2021-08-18 6:05 ` [PATCH v2 41/63] net: 802: Use memset_startat() to clear struct fields Kees Cook
2021-08-18 6:05 ` [PATCH v2 42/63] net: dccp: Use memset_startat() for TP zeroing Kees Cook
2021-08-18 6:05 ` [PATCH v2 43/63] net: qede: Use memset_startat() for counters Kees Cook
2021-08-18 6:05 ` [PATCH v2 44/63] mac80211: Use memset_after() to clear tx status Kees Cook
2021-08-18 7:08 ` Johannes Berg
2021-08-18 8:06 ` Johannes Berg
2021-08-18 9:05 ` Kees Cook
2021-08-18 6:05 ` [PATCH v2 45/63] ath11k: Use memset_startat() for clearing queue descriptors Kees Cook
2021-08-19 13:19 ` Kalle Valo
2021-08-19 16:25 ` Kees Cook
2021-08-21 10:17 ` Kalle Valo
2021-08-22 8:11 ` Kees Cook
2021-08-18 6:05 ` [PATCH v2 46/63] iw_cxgb4: Use memset_startat() for cpl_t5_pass_accept_rpl Kees Cook
2021-08-18 6:05 ` [PATCH v2 47/63] intel_th: msu: Use memset_startat() for clearing hw header Kees Cook
2021-08-24 7:38 ` Alexander Shishkin
2021-08-18 6:05 ` [PATCH v2 48/63] IB/mthca: Use memset_startat() for clearing mpt_entry Kees Cook
2021-08-18 6:05 ` [PATCH v2 49/63] btrfs: Use memset_startat() to clear end of struct Kees Cook
2021-08-18 6:35 ` Nikolay Borisov
2021-08-18 9:28 ` David Sterba
2021-08-18 6:05 ` [PATCH v2 50/63] tracing: Use memset_startat() to zero struct trace_iterator Kees Cook
2021-08-18 13:33 ` Steven Rostedt
2021-08-18 16:21 ` Kees Cook
2021-08-18 6:05 ` [PATCH v2 51/63] drbd: Use struct_group() to zero algs Kees Cook
2021-08-18 6:05 ` [PATCH v2 52/63] cm4000_cs: Use struct_group() to zero struct cm4000_dev region Kees Cook
2021-08-18 6:05 ` [PATCH v2 53/63] KVM: x86: Use struct_group() to zero decode cache Kees Cook
2021-08-18 15:11 ` Sean Christopherson
2021-08-18 16:23 ` Kees Cook
2021-08-18 22:53 ` Sean Christopherson
2021-08-18 23:06 ` Kees Cook
2021-08-18 6:05 ` [PATCH v2 54/63] dm integrity: Use struct_group() to zero struct journal_sector Kees Cook
2021-08-18 6:05 ` [PATCH v2 55/63] HID: roccat: Use struct_group() to zero kone_mouse_event Kees Cook
2021-08-20 13:02 ` Jiri Kosina
[not found] ` <CAJr-aD=6-g7VRw2Hw0dhs+RrtA=Tago5r6Dukfw_gGPB0YYKOQ@mail.gmail.com>
2021-08-20 15:27 ` Jiri Kosina
2021-08-20 15:49 ` Kees Cook
2021-08-20 15:57 ` Kees Cook
2021-08-20 16:11 ` Jiri Kosina
2021-08-18 6:05 ` [PATCH v2 56/63] RDMA/mlx5: Use struct_group() to zero struct mlx5_ib_mr Kees Cook
2021-08-19 12:27 ` Jason Gunthorpe
2021-08-19 16:19 ` Kees Cook
2021-08-19 16:47 ` Jason Gunthorpe
2021-08-19 18:14 ` Kees Cook
2021-08-20 12:34 ` Jason Gunthorpe
2021-08-20 15:56 ` Kees Cook
2021-08-18 6:05 ` [PATCH v2 57/63] powerpc/signal32: Use struct_group() to zero spe regs Kees Cook
2021-08-20 7:49 ` Michael Ellerman
2021-08-20 7:53 ` Christophe Leroy
2021-08-20 12:13 ` Michael Ellerman
2021-08-20 15:55 ` Kees Cook
2021-08-23 4:55 ` Michael Ellerman
2021-08-18 6:05 ` [PATCH v2 58/63] ethtool: stats: Use struct_group() to clear all stats at once Kees Cook
2021-08-18 6:05 ` [PATCH v2 59/63] can: flexcan: Use struct_group() to zero struct flexcan_regs regions Kees Cook
2021-08-18 6:26 ` Marc Kleine-Budde
2021-08-18 6:05 ` [PATCH v2 60/63] net/af_iucv: Use struct_group() to zero struct iucv_sock region Kees Cook
2021-09-09 6:14 ` Karsten Graul
2021-08-18 6:05 ` [PATCH v2 61/63] powerpc: Split memset() to avoid multi-field overflow Kees Cook
2021-08-18 6:42 ` Christophe Leroy
2021-08-18 22:30 ` Kees Cook
2021-08-18 6:05 ` [PATCH v2 62/63] fortify: Detect struct member overflows in memset() at compile-time Kees Cook
2021-08-18 6:05 ` [PATCH v2 63/63] fortify: Work around Clang inlining bugs Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YRzUfib7a/APXztH@smile.fi.intel.com \
--to=andriy.shevchenko@linux.intel.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=andy.lavr@gmail.com \
--cc=andy@kernel.org \
--cc=bgolaszewski@baylibre.com \
--cc=clang-built-linux@googlegroups.com \
--cc=dri-devel@lists.freedesktop.org \
--cc=gregkh@linuxfoundation.org \
--cc=gustavoars@kernel.org \
--cc=keescook@chromium.org \
--cc=linux-block@vger.kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-staging@lists.linux.dev \
--cc=linux-wireless@vger.kernel.org \
--cc=linux@rasmusvillemoes.dk \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=netdev@vger.kernel.org \
--cc=sfr@canb.auug.org.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).