From: Kees Cook <keescook@chromium.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Alexander Popov <alex.popov@linux.com>,
Dave Hansen <dave.hansen@linux.intel.com>,
Ingo Molnar <mingo@kernel.org>,
Masahiro Yamada <yamada.masahiro@socionext.com>,
Thomas Gleixner <tglx@linutronix.de>,
Tycho Andersen <tycho@tycho.ws>,
Mark Rutland <mark.rutland@arm.com>,
Laura Abbott <labbott@redhat.com>,
Will Deacon <will.deacon@arm.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
linux-crypto <linux-crypto@vger.kernel.org>
Subject: Re: [GIT PULL] gcc-plugin updates for v4.19-rc1
Date: Wed, 15 Aug 2018 13:56:33 -0700
Message-ID: <CAGXu5j+Yv9Bu4mJPOfkpxrom91kSKaUESHR-Tn1CAJCTTZy_8w@mail.gmail.com> (raw)
In-Reply-To: <CA+55aFy6jNLsywVYdGp83AMrXBo_P-pkjkphPGrO=82SPKCpLQ@mail.gmail.com>
On Wed, Aug 15, 2018 at 1:18 PM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
> I absolutely refuse to take any hardening patches at all that have
> BUG() or panic() or similar machine-killing in it.
Okay, mental model adjusted. :) It was only "strong discouraged" until now.
> I thought VLA's were mostly gone.
Yes. Out of the ~115 instances we counted when we started with v4.16,
we've chipped away at them pretty steadily. Right now there are two
"one-off"s that haven't been picked up by maintainers:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=vla/leftovers
and the remaining series against crypto, for which I am waiting on
further review for Herbert. All the really odd-ball crypto cases have
been handled (and are up for the merge window for v4.19), but there's
still some minor changes that Herbert is examining:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/log/?h=vla/crypto
And after that, there's a single patch to move -Wvla up into the
top-level Makefile:
https://patchwork.kernel.org/patch/10489873/
So, we're basically done, but the timing with the merge window wasn't
great since crypto continues to get tweaked and has taken much longer
than I had expected.
-Kees
--
Kees Cook
Pixel Security
next prev parent reply index
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-13 21:43 Kees Cook
2018-08-15 16:41 ` Linus Torvalds
2018-08-15 18:35 ` Kees Cook
2018-08-15 19:04 ` Linus Torvalds
2018-08-15 19:43 ` Alexander Popov
2018-08-15 19:45 ` Kees Cook
2018-08-15 20:18 ` Linus Torvalds
2018-08-15 20:56 ` Kees Cook [this message]
2018-08-15 21:18 ` Alexander Popov
2018-08-15 21:33 ` Linus Torvalds
2018-08-16 22:18 ` Alexander Popov
2018-08-16 9:51 ` David Laight
Reply instructions:
You may reply publically to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAGXu5j+Yv9Bu4mJPOfkpxrom91kSKaUESHR-Tn1CAJCTTZy_8w@mail.gmail.com \
--to=keescook@chromium.org \
--cc=alex.popov@linux.com \
--cc=dave.hansen@linux.intel.com \
--cc=herbert@gondor.apana.org.au \
--cc=labbott@redhat.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=mingo@kernel.org \
--cc=tglx@linutronix.de \
--cc=torvalds@linux-foundation.org \
--cc=tycho@tycho.ws \
--cc=will.deacon@arm.com \
--cc=yamada.masahiro@socionext.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
LKML Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/lkml/0 lkml/git/0.git
git clone --mirror https://lore.kernel.org/lkml/1 lkml/git/1.git
git clone --mirror https://lore.kernel.org/lkml/2 lkml/git/2.git
git clone --mirror https://lore.kernel.org/lkml/3 lkml/git/3.git
git clone --mirror https://lore.kernel.org/lkml/4 lkml/git/4.git
git clone --mirror https://lore.kernel.org/lkml/5 lkml/git/5.git
git clone --mirror https://lore.kernel.org/lkml/6 lkml/git/6.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 lkml lkml/ https://lore.kernel.org/lkml \
linux-kernel@vger.kernel.org linux-kernel@archiver.kernel.org
public-inbox-index lkml
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.linux-kernel
AGPL code for this site: git clone https://public-inbox.org/ public-inbox