Re: [PATCH 00/17] Enable strict compile-time memcpy() fortify checks

From: Jason Gunthorpe
Date: Tue Dec 14 2021 - 19:27:03 EST

Next message: Michael Ellerman: "Re: [PATCH v5 1/5] powerpc/inst: Refactor ___get_user_instr()"
Previous message: Michael Ellerman: "Re: [PATCH v3 00/22] powerpc: Add KUAP support for BOOKE and 40x"
In reply to: Kees Cook: "[PATCH 16/17] fortify: Detect struct member overflows in memset() at compile-time"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Dec 13, 2021 at 02:33:14PM -0800, Kees Cook wrote:
> Hi,
>
> This is "phase 2" (of several phases) to hardening the kernel against
> memcpy-based buffer overflows. With nearly all compile-time fixes
> landed, the next step is to turn on the warning globally to keep future
> compile-time issues from happening, and let us take the step towards
> run-time checking (and towards a new API for flexible array structures).
>
> This series is based on latest linux-next, and several patches here
> have already been taken by subsystem maintainers but haven't appeared
> in linux-next yet, and are noted below.

I took the RDMA patches to the rdma tree:

> RDMA/mlx5: Use memset_after() to zero struct mlx5_ib_mr
> iw_cxgb4: Use memset_startat() for cpl_t5_pass_accept_rpl
> IB/mthca: Use memset_startat() for clearing mpt_entry

I needed rc5 to come out before I could take the mlx5 patch

Thanks,
Jason

Next message: Michael Ellerman: "Re: [PATCH v5 1/5] powerpc/inst: Refactor ___get_user_instr()"
Previous message: Michael Ellerman: "Re: [PATCH v3 00/22] powerpc: Add KUAP support for BOOKE and 40x"
In reply to: Kees Cook: "[PATCH 16/17] fortify: Detect struct member overflows in memset() at compile-time"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]