linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] mm/usercopy: Use memory range to be accessed for wraparound check
@ 2018-11-14  0:51 Isaac J. Manjarres
  2018-11-14 10:35 ` William Kucharski
  2018-11-14 23:32 ` Kees Cook
  0 siblings, 2 replies; 10+ messages in thread
From: Isaac J. Manjarres @ 2018-11-14  0:51 UTC (permalink / raw)
  To: keescook, crecklin
  Cc: Isaac J. Manjarres, linux-mm, linux-kernel, psodagud, tsoni, stable

Currently, when checking to see if accessing n bytes starting at
address "ptr" will cause a wraparound in the memory addresses,
the check in check_bogus_address() adds an extra byte, which is
incorrect, as the range of addresses that will be accessed is
[ptr, ptr + (n - 1)].

This can lead to incorrectly detecting a wraparound in the
memory address, when trying to read 4 KB from memory that is
mapped to the the last possible page in the virtual address
space, when in fact, accessing that range of memory would not
cause a wraparound to occur.

Use the memory range that will actually be accessed when
considering if accessing a certain amount of bytes will cause
the memory address to wrap around.

Change-Id: I2563a5988e41122727ede17180f365e999b953e6
Fixes: f5509cc18daa ("mm: Hardened usercopy")
Co-Developed-by: Prasad Sodagudi <psodagud@codeaurora.org>
Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org>
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
Cc: stable@vger.kernel.org
---
 mm/usercopy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/usercopy.c b/mm/usercopy.c
index 852eb4e..0293645 100644
--- a/mm/usercopy.c
+++ b/mm/usercopy.c
@@ -151,7 +151,7 @@ static inline void check_bogus_address(const unsigned long ptr, unsigned long n,
 				       bool to_user)
 {
 	/* Reject if object wraps past end of memory. */
-	if (ptr + n < ptr)
+	if (ptr + (n - 1) < ptr)
 		usercopy_abort("wrapped address", NULL, to_user, 0, ptr + n);
 
 	/* Reject if NULL or ZERO-allocation. */
-- 
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] mm/usercopy: Use memory range to be accessed for wraparound check
  2018-11-14  0:51 [PATCH] mm/usercopy: Use memory range to be accessed for wraparound check Isaac J. Manjarres
@ 2018-11-14 10:35 ` William Kucharski
  2018-11-14 11:09   ` David Laight
  2018-11-14 23:27   ` Kees Cook
  2018-11-14 23:32 ` Kees Cook
  1 sibling, 2 replies; 10+ messages in thread
From: William Kucharski @ 2018-11-14 10:35 UTC (permalink / raw)
  To: Isaac J. Manjarres
  Cc: Kees Cook, crecklin, linux-mm, linux-kernel, psodagud, tsoni, stable



> On Nov 13, 2018, at 5:51 PM, Isaac J. Manjarres <isaacm@codeaurora.org> wrote:
> 
> diff --git a/mm/usercopy.c b/mm/usercopy.c
> index 852eb4e..0293645 100644
> --- a/mm/usercopy.c
> +++ b/mm/usercopy.c
> @@ -151,7 +151,7 @@ static inline void check_bogus_address(const unsigned long ptr, unsigned long n,
> 				       bool to_user)
> {
> 	/* Reject if object wraps past end of memory. */
> -	if (ptr + n < ptr)
> +	if (ptr + (n - 1) < ptr)
> 		usercopy_abort("wrapped address", NULL, to_user, 0, ptr + n);

I'm being paranoid, but is it possible this routine could ever be passed "n" set to zero?

If so, it will erroneously abort indicating a wrapped address as (n - 1) wraps to ULONG_MAX.

Easily fixed via:

	if ((n != 0) && (ptr + (n - 1) < ptr))

William Kucharski

^ permalink raw reply	[flat|nested] 10+ messages in thread

* RE: [PATCH] mm/usercopy: Use memory range to be accessed for wraparound check
  2018-11-14 10:35 ` William Kucharski
@ 2018-11-14 11:09   ` David Laight
  2018-11-14 11:46     ` William Kucharski
  2018-11-14 23:27   ` Kees Cook
  1 sibling, 1 reply; 10+ messages in thread
From: David Laight @ 2018-11-14 11:09 UTC (permalink / raw)
  To: 'William Kucharski', Isaac J. Manjarres
  Cc: Kees Cook, crecklin, linux-mm, linux-kernel, psodagud, tsoni, stable

From: William Kucharski
> Sent: 14 November 2018 10:35
> 
> > On Nov 13, 2018, at 5:51 PM, Isaac J. Manjarres <isaacm@codeaurora.org> wrote:
> >
> > diff --git a/mm/usercopy.c b/mm/usercopy.c
> > index 852eb4e..0293645 100644
> > --- a/mm/usercopy.c
> > +++ b/mm/usercopy.c
> > @@ -151,7 +151,7 @@ static inline void check_bogus_address(const unsigned long ptr, unsigned long n,
> > 				       bool to_user)
> > {
> > 	/* Reject if object wraps past end of memory. */
> > -	if (ptr + n < ptr)
> > +	if (ptr + (n - 1) < ptr)
> > 		usercopy_abort("wrapped address", NULL, to_user, 0, ptr + n);
> 
> I'm being paranoid, but is it possible this routine could ever be passed "n" set to zero?
> 
> If so, it will erroneously abort indicating a wrapped address as (n - 1) wraps to ULONG_MAX.
> 
> Easily fixed via:
> 
> 	if ((n != 0) && (ptr + (n - 1) < ptr))

Ugg... you don't want a double test.

I'd guess that a length of zero is likely, but a usercopy that includes
the highest address is going to be invalid because it is a kernel address
(on most archs, and probably illegal on others).
What you really want to do is add 'ptr + len' and check the carry flag.

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)


^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] mm/usercopy: Use memory range to be accessed for wraparound check
  2018-11-14 11:09   ` David Laight
@ 2018-11-14 11:46     ` William Kucharski
  2018-11-14 17:32       ` isaacm
  0 siblings, 1 reply; 10+ messages in thread
From: William Kucharski @ 2018-11-14 11:46 UTC (permalink / raw)
  To: David Laight
  Cc: Isaac J. Manjarres, Kees Cook, crecklin, linux-mm, linux-kernel,
	psodagud, tsoni, stable



> On Nov 14, 2018, at 4:09 AM, David Laight <David.Laight@ACULAB.COM> wrote:
> 
> From: William Kucharski
>> Sent: 14 November 2018 10:35
>> 
>>> On Nov 13, 2018, at 5:51 PM, Isaac J. Manjarres <isaacm@codeaurora.org> wrote:
>>> 
>>> diff --git a/mm/usercopy.c b/mm/usercopy.c
>>> index 852eb4e..0293645 100644
>>> --- a/mm/usercopy.c
>>> +++ b/mm/usercopy.c
>>> @@ -151,7 +151,7 @@ static inline void check_bogus_address(const unsigned long ptr, unsigned long n,
>>> 				       bool to_user)
>>> {
>>> 	/* Reject if object wraps past end of memory. */
>>> -	if (ptr + n < ptr)
>>> +	if (ptr + (n - 1) < ptr)
>>> 		usercopy_abort("wrapped address", NULL, to_user, 0, ptr + n);
>> 
>> I'm being paranoid, but is it possible this routine could ever be passed "n" set to zero?
>> 
>> If so, it will erroneously abort indicating a wrapped address as (n - 1) wraps to ULONG_MAX.
>> 
>> Easily fixed via:
>> 
>> 	if ((n != 0) && (ptr + (n - 1) < ptr))
> 
> Ugg... you don't want a double test.
> 
> I'd guess that a length of zero is likely, but a usercopy that includes
> the highest address is going to be invalid because it is a kernel address
> (on most archs, and probably illegal on others).
> What you really want to do is add 'ptr + len' and check the carry flag.

The extra test is only a few extra instructions, but I understand the concern. (Though I don't
know how you'd access the carry flag from C in a machine-independent way. Also, for the
calculation to be correct you still need to check 'ptr + (len - 1)' for the wrap.)

You could also theoretically call gcc's __builtin_uadd_overflow() if you want to get carried away.

As I mentioned, I was just being paranoid, but the passed zero length issue stood out to me.

    William Kucharski

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] mm/usercopy: Use memory range to be accessed for wraparound check
  2018-11-14 11:46     ` William Kucharski
@ 2018-11-14 17:32       ` isaacm
  2018-11-14 22:50         ` William Kucharski
  0 siblings, 1 reply; 10+ messages in thread
From: isaacm @ 2018-11-14 17:32 UTC (permalink / raw)
  To: William Kucharski
  Cc: David Laight, Kees Cook, crecklin, linux-mm, linux-kernel,
	psodagud, tsoni, stable

On 2018-11-14 03:46, William Kucharski wrote:
>> On Nov 14, 2018, at 4:09 AM, David Laight <David.Laight@ACULAB.COM> 
>> wrote:
>> 
>> From: William Kucharski
>>> Sent: 14 November 2018 10:35
>>> 
>>>> On Nov 13, 2018, at 5:51 PM, Isaac J. Manjarres 
>>>> <isaacm@codeaurora.org> wrote:
>>>> 
>>>> diff --git a/mm/usercopy.c b/mm/usercopy.c
>>>> index 852eb4e..0293645 100644
>>>> --- a/mm/usercopy.c
>>>> +++ b/mm/usercopy.c
>>>> @@ -151,7 +151,7 @@ static inline void check_bogus_address(const 
>>>> unsigned long ptr, unsigned long n,
>>>> 				       bool to_user)
>>>> {
>>>> 	/* Reject if object wraps past end of memory. */
>>>> -	if (ptr + n < ptr)
>>>> +	if (ptr + (n - 1) < ptr)
>>>> 		usercopy_abort("wrapped address", NULL, to_user, 0, ptr + n);
>>> 
>>> I'm being paranoid, but is it possible this routine could ever be 
>>> passed "n" set to zero?
>>> 
>>> If so, it will erroneously abort indicating a wrapped address as (n - 
>>> 1) wraps to ULONG_MAX.
>>> 
>>> Easily fixed via:
>>> 
>>> 	if ((n != 0) && (ptr + (n - 1) < ptr))
>> 
>> Ugg... you don't want a double test.
>> 
>> I'd guess that a length of zero is likely, but a usercopy that 
>> includes
>> the highest address is going to be invalid because it is a kernel 
>> address
>> (on most archs, and probably illegal on others).
>> What you really want to do is add 'ptr + len' and check the carry 
>> flag.
> 
> The extra test is only a few extra instructions, but I understand the
> concern. (Though I don't
> know how you'd access the carry flag from C in a machine-independent
> way. Also, for the
> calculation to be correct you still need to check 'ptr + (len - 1)'
> for the wrap.)
> 
> You could also theoretically call gcc's __builtin_uadd_overflow() if
> you want to get carried away.
> 
> As I mentioned, I was just being paranoid, but the passed zero length
> issue stood out to me.
> 
>     William Kucharski

Hi William,

Thank you and David for your feedback. The check_bogus_address() routine 
is only invoked from one place in the kernel, which is 
__check_object_size(). Before invoking check_bogus_address, 
__check_object_size ensures that n is non-zero, so it is not possible to 
call this routine with n being 0. Therefore, we shouldn't run into the 
scenario you described. Also, in the case where we are copying a page's 
contents into a kernel space buffer and will not have that buffer 
interacting with userspace at all, this change to that check should 
still be valid, correct?

Thanks,
Isaac Manjarres

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] mm/usercopy: Use memory range to be accessed for wraparound check
  2018-11-14 17:32       ` isaacm
@ 2018-11-14 22:50         ` William Kucharski
  0 siblings, 0 replies; 10+ messages in thread
From: William Kucharski @ 2018-11-14 22:50 UTC (permalink / raw)
  To: Isaac J. Manjarres
  Cc: David Laight, Kees Cook, crecklin, linux-mm, linux-kernel,
	psodagud, tsoni, stable



> On Nov 14, 2018, at 10:32 AM, isaacm@codeaurora.org wrote:
> 
> Thank you and David for your feedback. The check_bogus_address() routine is only invoked from one place in the kernel, which is __check_object_size(). Before invoking check_bogus_address, __check_object_size ensures that n is non-zero, so it is not possible to call this routine with n being 0. Therefore, we shouldn't run into the scenario you described. Also, in the case where we are copying a page's contents into a kernel space buffer and will not have that buffer interacting with userspace at all, this change to that check should still be valid, correct?

Having fixed more than one bug resulting from a "only called in one place" routine later being called elsewhere,
I am wary, but ultimately it's likely not worth the performance hit of a check or BUG_ON().

It's a generic math check for overflow, so it should work with any address.

Reviewed-by: William Kucharski <william.kucharski@oracle.com>

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] mm/usercopy: Use memory range to be accessed for wraparound check
  2018-11-14 10:35 ` William Kucharski
  2018-11-14 11:09   ` David Laight
@ 2018-11-14 23:27   ` Kees Cook
  1 sibling, 0 replies; 10+ messages in thread
From: Kees Cook @ 2018-11-14 23:27 UTC (permalink / raw)
  To: William Kucharski
  Cc: Isaac J. Manjarres, Chris von Recklinghausen, Linux-MM, LKML,
	Sodagudi Prasad, tsoni, # 3.4.x

On Wed, Nov 14, 2018 at 4:35 AM, William Kucharski
<william.kucharski@oracle.com> wrote:
>
>
>> On Nov 13, 2018, at 5:51 PM, Isaac J. Manjarres <isaacm@codeaurora.org> wrote:
>>
>> diff --git a/mm/usercopy.c b/mm/usercopy.c
>> index 852eb4e..0293645 100644
>> --- a/mm/usercopy.c
>> +++ b/mm/usercopy.c
>> @@ -151,7 +151,7 @@ static inline void check_bogus_address(const unsigned long ptr, unsigned long n,
>>                                      bool to_user)
>> {
>>       /* Reject if object wraps past end of memory. */
>> -     if (ptr + n < ptr)
>> +     if (ptr + (n - 1) < ptr)
>>               usercopy_abort("wrapped address", NULL, to_user, 0, ptr + n);
>
> I'm being paranoid, but is it possible this routine could ever be passed "n" set to zero?

It's a single-use inline, and zero is tested just before getting called:

        /* Skip all tests if size is zero. */
        if (!n)
                return;

        /* Check for invalid addresses. */
        check_bogus_address((const unsigned long)ptr, n, to_user);


>
> If so, it will erroneously abort indicating a wrapped address as (n - 1) wraps to ULONG_MAX.
>
> Easily fixed via:
>
>         if ((n != 0) && (ptr + (n - 1) < ptr))

Agreed. Thanks for noticing this!

-Kees

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] mm/usercopy: Use memory range to be accessed for wraparound check
  2018-11-14  0:51 [PATCH] mm/usercopy: Use memory range to be accessed for wraparound check Isaac J. Manjarres
  2018-11-14 10:35 ` William Kucharski
@ 2018-11-14 23:32 ` Kees Cook
  1 sibling, 0 replies; 10+ messages in thread
From: Kees Cook @ 2018-11-14 23:32 UTC (permalink / raw)
  To: Isaac J. Manjarres
  Cc: Chris von Recklinghausen, Linux-MM, LKML, Sodagudi Prasad, tsoni,
	# 3.4.x

On Tue, Nov 13, 2018 at 6:51 PM, Isaac J. Manjarres
<isaacm@codeaurora.org> wrote:
> Currently, when checking to see if accessing n bytes starting at
> address "ptr" will cause a wraparound in the memory addresses,
> the check in check_bogus_address() adds an extra byte, which is
> incorrect, as the range of addresses that will be accessed is
> [ptr, ptr + (n - 1)].
>
> This can lead to incorrectly detecting a wraparound in the
> memory address, when trying to read 4 KB from memory that is
> mapped to the the last possible page in the virtual address
> space, when in fact, accessing that range of memory would not
> cause a wraparound to occur.

I'm kind of surprised anything is using the -4K memory range -- this
is ERR_PTR() area and I'd expect there to be an explicit unallocated
memory hole here.

>
> Use the memory range that will actually be accessed when
> considering if accessing a certain amount of bytes will cause
> the memory address to wrap around.
>
> Change-Id: I2563a5988e41122727ede17180f365e999b953e6
> Fixes: f5509cc18daa ("mm: Hardened usercopy")
> Co-Developed-by: Prasad Sodagudi <psodagud@codeaurora.org>
> Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org>
> Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
> Cc: stable@vger.kernel.org

Regardless, I'll take it in my tree if akpm doesn't grab it first. :)

Acked-by: Kees Cook <keescook@chromium.org>

-Kees

> ---
>  mm/usercopy.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/mm/usercopy.c b/mm/usercopy.c
> index 852eb4e..0293645 100644
> --- a/mm/usercopy.c
> +++ b/mm/usercopy.c
> @@ -151,7 +151,7 @@ static inline void check_bogus_address(const unsigned long ptr, unsigned long n,
>                                        bool to_user)
>  {
>         /* Reject if object wraps past end of memory. */
> -       if (ptr + n < ptr)
> +       if (ptr + (n - 1) < ptr)
>                 usercopy_abort("wrapped address", NULL, to_user, 0, ptr + n);
>
>         /* Reject if NULL or ZERO-allocation. */
> --
> The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
> a Linux Foundation Collaborative Project
>



-- 
Kees Cook

^ permalink raw reply	[flat|nested] 10+ messages in thread

* Re: [PATCH] mm/usercopy: Use memory range to be accessed for wraparound check
  2019-07-30 17:54 Isaac J. Manjarres
@ 2019-07-31 20:25 ` Kees Cook
  0 siblings, 0 replies; 10+ messages in thread
From: Kees Cook @ 2019-07-31 20:25 UTC (permalink / raw)
  To: Andrew Morton
  Cc: Isaac J. Manjarres, crecklin, linux-mm, linux-kernel, gregkh,
	psodagud, tsoni, eberman, stable

On Tue, Jul 30, 2019 at 10:54:13AM -0700, Isaac J. Manjarres wrote:
> Currently, when checking to see if accessing n bytes starting at
> address "ptr" will cause a wraparound in the memory addresses,
> the check in check_bogus_address() adds an extra byte, which is
> incorrect, as the range of addresses that will be accessed is
> [ptr, ptr + (n - 1)].
> 
> This can lead to incorrectly detecting a wraparound in the
> memory address, when trying to read 4 KB from memory that is
> mapped to the the last possible page in the virtual address
> space, when in fact, accessing that range of memory would not
> cause a wraparound to occur.
> 
> Use the memory range that will actually be accessed when
> considering if accessing a certain amount of bytes will cause
> the memory address to wrap around.
> 
> Fixes: f5509cc18daa ("mm: Hardened usercopy")
> Co-developed-by: Prasad Sodagudi <psodagud@codeaurora.org>
> Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org>
> Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
> Cc: stable@vger.kernel.org
> Reviewed-by: William Kucharski <william.kucharski@oracle.com>
> Acked-by: Kees Cook <keescook@chromium.org>

Ah, thanks for the reminder! (I got surprised by seeing my Ack in this
email -- next time please use "v2" or "RESEND" to jog my memory.) This
got lost last year; my bad.

Andrew, can you take this or should I send it directly to Linus?

-Kees

> ---
>  mm/usercopy.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/mm/usercopy.c b/mm/usercopy.c
> index 2a09796..98e92486 100644
> --- a/mm/usercopy.c
> +++ b/mm/usercopy.c
> @@ -147,7 +147,7 @@ static inline void check_bogus_address(const unsigned long ptr, unsigned long n,
>  				       bool to_user)
>  {
>  	/* Reject if object wraps past end of memory. */
> -	if (ptr + n < ptr)
> +	if (ptr + (n - 1) < ptr)
>  		usercopy_abort("wrapped address", NULL, to_user, 0, ptr + n);
>  
>  	/* Reject if NULL or ZERO-allocation. */
> -- 
> The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
> a Linux Foundation Collaborative Project
> 

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 10+ messages in thread

* [PATCH] mm/usercopy: Use memory range to be accessed for wraparound check
@ 2019-07-30 17:54 Isaac J. Manjarres
  2019-07-31 20:25 ` Kees Cook
  0 siblings, 1 reply; 10+ messages in thread
From: Isaac J. Manjarres @ 2019-07-30 17:54 UTC (permalink / raw)
  To: keescook, crecklin
  Cc: Isaac J. Manjarres, linux-mm, linux-kernel, gregkh, psodagud,
	tsoni, eberman, stable

Currently, when checking to see if accessing n bytes starting at
address "ptr" will cause a wraparound in the memory addresses,
the check in check_bogus_address() adds an extra byte, which is
incorrect, as the range of addresses that will be accessed is
[ptr, ptr + (n - 1)].

This can lead to incorrectly detecting a wraparound in the
memory address, when trying to read 4 KB from memory that is
mapped to the the last possible page in the virtual address
space, when in fact, accessing that range of memory would not
cause a wraparound to occur.

Use the memory range that will actually be accessed when
considering if accessing a certain amount of bytes will cause
the memory address to wrap around.

Fixes: f5509cc18daa ("mm: Hardened usercopy")
Co-developed-by: Prasad Sodagudi <psodagud@codeaurora.org>
Signed-off-by: Prasad Sodagudi <psodagud@codeaurora.org>
Signed-off-by: Isaac J. Manjarres <isaacm@codeaurora.org>
Cc: stable@vger.kernel.org
Reviewed-by: William Kucharski <william.kucharski@oracle.com>
Acked-by: Kees Cook <keescook@chromium.org>
---
 mm/usercopy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/usercopy.c b/mm/usercopy.c
index 2a09796..98e92486 100644
--- a/mm/usercopy.c
+++ b/mm/usercopy.c
@@ -147,7 +147,7 @@ static inline void check_bogus_address(const unsigned long ptr, unsigned long n,
 				       bool to_user)
 {
 	/* Reject if object wraps past end of memory. */
-	if (ptr + n < ptr)
+	if (ptr + (n - 1) < ptr)
 		usercopy_abort("wrapped address", NULL, to_user, 0, ptr + n);
 
 	/* Reject if NULL or ZERO-allocation. */
-- 
The Qualcomm Innovation Center, Inc. is a member of the Code Aurora Forum,
a Linux Foundation Collaborative Project


^ permalink raw reply	[flat|nested] 10+ messages in thread

end of thread, other threads:[~2019-07-31 20:25 UTC | newest]

Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-11-14  0:51 [PATCH] mm/usercopy: Use memory range to be accessed for wraparound check Isaac J. Manjarres
2018-11-14 10:35 ` William Kucharski
2018-11-14 11:09   ` David Laight
2018-11-14 11:46     ` William Kucharski
2018-11-14 17:32       ` isaacm
2018-11-14 22:50         ` William Kucharski
2018-11-14 23:27   ` Kees Cook
2018-11-14 23:32 ` Kees Cook
2019-07-30 17:54 Isaac J. Manjarres
2019-07-31 20:25 ` Kees Cook

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).