From: Jason Gunthorpe <jgg@nvidia.com>
To: Kees Cook <keescook@chromium.org>
Cc: linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH 00/17] Enable strict compile-time memcpy() fortify checks
Date: Tue, 14 Dec 2021 20:26:43 -0400 [thread overview]
Message-ID: <20211215002643.GA1034246@nvidia.com> (raw)
In-Reply-To: <20211213223331.135412-1-keescook@chromium.org>
On Mon, Dec 13, 2021 at 02:33:14PM -0800, Kees Cook wrote:
> Hi,
>
> This is "phase 2" (of several phases) to hardening the kernel against
> memcpy-based buffer overflows. With nearly all compile-time fixes
> landed, the next step is to turn on the warning globally to keep future
> compile-time issues from happening, and let us take the step towards
> run-time checking (and towards a new API for flexible array structures).
>
> This series is based on latest linux-next, and several patches here
> have already been taken by subsystem maintainers but haven't appeared
> in linux-next yet, and are noted below.
I took the RDMA patches to the rdma tree:
> RDMA/mlx5: Use memset_after() to zero struct mlx5_ib_mr
> iw_cxgb4: Use memset_startat() for cpl_t5_pass_accept_rpl
> IB/mthca: Use memset_startat() for clearing mpt_entry
I needed rc5 to come out before I could take the mlx5 patch
Thanks,
Jason
next prev parent reply other threads:[~2021-12-15 0:26 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-12-13 22:33 [PATCH 00/17] Enable strict compile-time memcpy() fortify checks Kees Cook
2021-12-13 22:33 ` [PATCH 01/17] KVM: x86: Replace memset() "optimization" with normal per-field writes Kees Cook
2021-12-13 22:33 ` [PATCH 02/17] net/mlx5e: Avoid field-overflowing memcpy() Kees Cook
2021-12-13 22:33 ` [PATCH 03/17] net/mlx5e: Use struct_group() for memcpy() region Kees Cook
2021-12-13 22:33 ` [PATCH 04/17] media: omap3isp: " Kees Cook
2021-12-13 22:33 ` [PATCH 05/17] sata_fsl: " Kees Cook
2021-12-13 22:33 ` [PATCH 06/17] fortify: Detect struct member overflows in memcpy() at compile-time Kees Cook
2021-12-14 3:56 ` kernel test robot
2021-12-14 8:46 ` kernel test robot
2021-12-14 11:50 ` kernel test robot
2021-12-14 16:32 ` kernel test robot
2021-12-14 19:06 ` kernel test robot
2021-12-16 8:56 ` kernel test robot
2021-12-16 11:08 ` Mark Rutland
2021-12-16 11:21 ` Mark Rutland
2021-12-16 18:00 ` Kees Cook
2021-12-17 13:34 ` Mark Rutland
2021-12-13 22:33 ` [PATCH 07/17] fortify: Detect struct member overflows in memmove() " Kees Cook
2021-12-13 22:33 ` [PATCH 08/17] ath11k: Use memset_startat() for clearing queue descriptors Kees Cook
2021-12-13 22:33 ` Kees Cook
2021-12-14 6:02 ` Kalle Valo
2021-12-14 6:02 ` Kalle Valo
2021-12-14 15:46 ` Kalle Valo
2021-12-14 15:46 ` Kalle Valo
2021-12-14 17:05 ` Kees Cook
2021-12-14 17:05 ` Kees Cook
2021-12-16 13:50 ` Kalle Valo
2021-12-16 13:50 ` Kalle Valo
2021-12-13 22:33 ` [PATCH 09/17] RDMA/mlx5: Use memset_after() to zero struct mlx5_ib_mr Kees Cook
2021-12-13 22:33 ` [PATCH 10/17] drbd: Use struct_group() to zero algs Kees Cook
2021-12-13 22:33 ` [Drbd-dev] " Kees Cook
2021-12-13 22:33 ` [dm-devel] [PATCH 11/17] dm integrity: Use struct_group() to zero struct journal_sector Kees Cook
2021-12-13 22:33 ` Kees Cook
2021-12-13 22:33 ` [PATCH 12/17] iw_cxgb4: Use memset_startat() for cpl_t5_pass_accept_rpl Kees Cook
2021-12-13 22:33 ` [PATCH 13/17] intel_th: msu: Use memset_startat() for clearing hw header Kees Cook
2021-12-13 22:33 ` [PATCH 14/17] IB/mthca: Use memset_startat() for clearing mpt_entry Kees Cook
2021-12-13 22:33 ` [PATCH 15/17] scsi: lpfc: Use struct_group() to initialize struct lpfc_cgn_info Kees Cook
2021-12-13 22:33 ` [PATCH 16/17] fortify: Detect struct member overflows in memset() at compile-time Kees Cook
2021-12-14 12:31 ` kernel test robot
2021-12-13 22:33 ` [PATCH 17/17] fortify: Work around Clang inlining bugs Kees Cook
2021-12-14 13:22 ` kernel test robot
2021-12-14 13:22 ` kernel test robot
2021-12-15 0:26 ` Jason Gunthorpe [this message]
2021-12-17 4:04 ` [PATCH 00/17] Enable strict compile-time memcpy() fortify checks Martin K. Petersen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211215002643.GA1034246@nvidia.com \
--to=jgg@nvidia.com \
--cc=keescook@chromium.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.