Date: Mon, 20 Jan 2020 15:54:22 +1100 From: Daniel Axtens <dja@...ens.net> To: kernel-hardening@...ts.openwall.com, akpm@...ux-foundation.org, keescook@...omium.org Cc: linux-kernel@...r.kernel.org, Daniel Axtens <dja@...ens.net> Subject: [PATCH v2 0/2] FORTIFY_SOURCE: detect intra-object overflow in string functions When the fortify feature was first introduced in commit 6974f0c4555e ("include/linux/string.h: add the option of fortified string.h functions"), Daniel Micay observed: * It should be possible to optionally use __builtin_object_size(x, 1) for some functions (C strings) to detect intra-object overflows (like glibc's _FORTIFY_SOURCE=2), but for now this takes the conservative approach to avoid likely compatibility issues. This patch set: - converts a number of string functions to use __builtin_object_size(x, 1) - adds LKDTM tests for both types of fortified function. This change passes an allyesconfig on powerpc and x86, and an x86 kernel built with it survives running with syz-stress from syzkaller, so it seems safe so far. Daniel Axtens (2): string.h: detect intra-object overflow in fortified string functions lkdtm: tests for FORTIFY_SOURCE drivers/misc/lkdtm/bugs.c | 51 ++++++++++++++++++++++++++++++++++++++ drivers/misc/lkdtm/core.c | 2 ++ drivers/misc/lkdtm/lkdtm.h | 2 ++ include/linux/string.h | 27 ++++++++++++-------- 4 files changed, 71 insertions(+), 11 deletions(-) -- 2.20.1
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.