#
3d965b33 |
|
07-Apr-2023 |
Kees Cook <keescook@chromium.org> |
fortify: Improve buffer overflow reporting Improve the reporting of buffer overflows under CONFIG_FORTIFY_SOURCE to help accelerate debugging efforts. The calculations are all just sitting in registers anyway, so pass them along to the function to be reported. For example, before: detected buffer overflow in memcpy and after: memcpy: detected buffer overflow: 4096 byte read of buffer size 1 Link: https://lore.kernel.org/r/20230407192717.636137-10-keescook@chromium.org Signed-off-by: Kees Cook <keescook@chromium.org>
|
#
475ddf1f |
|
07-Apr-2023 |
Kees Cook <keescook@chromium.org> |
fortify: Split reporting and avoid passing string pointer In preparation for KUnit testing and further improvements in fortify failure reporting, split out the report and encode the function and access failure (read or write overflow) into a single u8 argument. This mainly ends up saving a tiny bit of space in the data segment. For a defconfig with FORTIFY_SOURCE enabled: $ size gcc/vmlinux.before gcc/vmlinux.after text data bss dec hex filename 26132309 9760658 2195460 38088427 2452eeb gcc/vmlinux.before 26132386 9748382 2195460 38076228 244ff44 gcc/vmlinux.after Reviewed-by: Alexander Lobakin <aleksander.lobakin@intel.com> Signed-off-by: Kees Cook <keescook@chromium.org>
|
#
9d1f3aa6 |
|
02-Jun-2023 |
Arnd Bergmann <arnd@arndb.de> |
ARM: 9311/1: decompressor: move function prototypes to misc.h A number of prototypes are missing for the decompressor, some of them are in the .c files that contain the callers, but are invisible at the function definition: arch/arm/boot/compressed/misc.c:129:17: error: no previous prototype for '__div0' [-Werror=missing-prototypes] arch/arm/boot/compressed/misc.c:138:1: error: no previous prototype for 'decompress_kernel' [-Werror=missing-prototypes] arch/arm/boot/compressed/misc.c:163:6: error: no previous prototype for 'fortify_panic' [-Werror=missing-prototypes] arch/arm/boot/compressed/decompress.c:63:5: error: no previous prototype for 'do_decompress' [-Werror=missing-prototypes] arch/arm/boot/compressed/fdt_check_mem_start.c:63:10: error: no previous prototype for 'fdt_check_mem_start' [-Werror=missing-prototypes] Move these all to misc.h so they are visible by the callee as well. Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Arnd Bergmann <arnd@arndb.de> Signed-off-by: Russell King (Oracle) <rmk+kernel@armlinux.org.uk>
|
#
5f8d561f |
|
29-Mar-2018 |
Russell King <rmk+kernel@armlinux.org.uk> |
ARM: decompressor: fix warning introduced in fortify patch Commit ee333554fed5 ("ARM: 8749/1: Kconfig: Add ARCH_HAS_FORTIFY_SOURCE") introduced a new warning: arch/arm/boot/compressed/misc.c: In function 'fortify_panic': arch/arm/boot/compressed/misc.c:167:1: error: 'noreturn' function does return [-Werror] The simple solution would be to make 'error' a noreturn function, but this causes a prototype mismatch as the function is prototyped in several .c files. So, move the function prototype to a new header. There are also a couple of variables that are also declared in several locations. Clean this up while we are here. Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
|