| #
3d965b33 |
|
07-Apr-2023 |
Kees Cook <keescook@chromium.org> |
fortify: Improve buffer overflow reporting
Improve the reporting of buffer overflows under CONFIG_FORTIFY_SOURCE to
help accelerate debugging efforts. The calculations are all just sitting
in registers anyway, so pass them along to the function to be reported.
For example, before:
detected buffer overflow in memcpy
and after:
memcpy: detected buffer overflow: 4096 byte read of buffer size 1
Link: https://lore.kernel.org/r/20230407192717.636137-10-keescook@chromium.org
Signed-off-by: Kees Cook <keescook@chromium.org>
|
| #
475ddf1f |
|
07-Apr-2023 |
Kees Cook <keescook@chromium.org> |
fortify: Split reporting and avoid passing string pointer
In preparation for KUnit testing and further improvements in fortify
failure reporting, split out the report and encode the function and access
failure (read or write overflow) into a single u8 argument. This mainly
ends up saving a tiny bit of space in the data segment. For a defconfig
with FORTIFY_SOURCE enabled:
$ size gcc/vmlinux.before gcc/vmlinux.after
text data bss dec hex filename
26132309 9760658 2195460 38088427 2452eeb gcc/vmlinux.before
26132386 9748382 2195460 38076228 244ff44 gcc/vmlinux.after
Reviewed-by: Alexander Lobakin <aleksander.lobakin@intel.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
|
| #
9d1f3aa6 |
|
02-Jun-2023 |
Arnd Bergmann <arnd@arndb.de> |
ARM: 9311/1: decompressor: move function prototypes to misc.h
A number of prototypes are missing for the decompressor, some
of them are in the .c files that contain the callers, but are
invisible at the function definition:
arch/arm/boot/compressed/misc.c:129:17: error: no previous prototype for '__div0' [-Werror=missing-prototypes]
arch/arm/boot/compressed/misc.c:138:1: error: no previous prototype for 'decompress_kernel' [-Werror=missing-prototypes]
arch/arm/boot/compressed/misc.c:163:6: error: no previous prototype for 'fortify_panic' [-Werror=missing-prototypes]
arch/arm/boot/compressed/decompress.c:63:5: error: no previous prototype for 'do_decompress' [-Werror=missing-prototypes]
arch/arm/boot/compressed/fdt_check_mem_start.c:63:10: error: no previous prototype for 'fdt_check_mem_start' [-Werror=missing-prototypes]
Move these all to misc.h so they are visible by the callee as well.
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
|
| #
5f8d561f |
|
29-Mar-2018 |
Russell King <rmk+kernel@armlinux.org.uk> |
ARM: decompressor: fix warning introduced in fortify patch
Commit ee333554fed5 ("ARM: 8749/1: Kconfig: Add ARCH_HAS_FORTIFY_SOURCE")
introduced a new warning:
arch/arm/boot/compressed/misc.c: In function 'fortify_panic':
arch/arm/boot/compressed/misc.c:167:1: error: 'noreturn' function does return [-Werror]
The simple solution would be to make 'error' a noreturn function, but
this causes a prototype mismatch as the function is prototyped in
several .c files. So, move the function prototype to a new header.
There are also a couple of variables that are also declared in several
locations. Clean this up while we are here.
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
|