1. 27 Jan, 2023 1 commit
    • Kees Cook's avatar
      drm/nouveau/disp: Fix nvif_outp_acquire_dp() argument size · 4076ea24
      Kees Cook authored
      Both Coverity and GCC with -Wstringop-overflow noticed that
      nvif_outp_acquire_dp() accidentally defined its second argument with 1
      additional element:
      
      drivers/gpu/drm/nouveau/dispnv50/disp.c: In function 'nv50_pior_atomic_enable':
      drivers/gpu/drm/nouveau/dispnv50/disp.c:1813:17: error: 'nvif_outp_acquire_dp' accessing 16 bytes in a region of size 15 [-Werror=stringop-overflow=]
       1813 |                 nvif_outp_acquire_dp(&nv_encoder->outp, nv_encoder->dp.dpcd, 0, 0, false, false);
            |                 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      drivers/gpu/drm/nouveau/dispnv50/disp.c:1813:17: note: referencing argument 2 of type 'u8[16]' {aka 'unsigned char[16]'}
      drivers/gpu/drm/nouveau/include/nvif/outp.h:24:5: note: in a call to function 'nvif_outp_acquire_dp'
         24 | int nvif_outp_acquire_dp(struct nvif_outp *, u8 dpcd[16],
            |     ^~~~~~~~~~~~~~~~~~~~
      
      Avoid these warnings by defining the argument size using the matching
      define (DP_RECEIVER_CAP_SIZE, 15) instead of having it be a literal
      (and incorrect) value (16).
      Reported-by: default avatarcoverity-bot <keescook+coverity-bot@chromium.org>
      Addresses-Coverity-ID: 1527269 ("Memory - corruptions")
      Addresses-Coverity-ID: 1527268 ("Memory - corruptions")
      Link: https://lore.kernel.org/lkml/202211100848.FFBA2432@keescook/
      Link: https://lore.kernel.org/lkml/202211100848.F4C2819BB@keescook/
      Fixes: 81344372 ("drm/nouveau/disp: move DP link config into acquire")
      Reviewed-by: default avatarLyude Paul <lyude@redhat.com>
      Cc: Ben Skeggs <bskeggs@redhat.com>
      Cc: Karol Herbst <kherbst@redhat.com>
      Cc: David Airlie <airlied@gmail.com>
      Cc: Daniel Vetter <daniel@ffwll.ch>
      Cc: Dave Airlie <airlied@redhat.com>
      Cc: "Gustavo A. R. Silva" <gustavo@embeddedor.com>
      Cc: dri-devel@lists.freedesktop.org
      Cc: nouveau@lists.freedesktop.org
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Link: https://lore.kernel.org/r/20221127183036.never.139-kees@kernel.org
      4076ea24
  2. 19 Jan, 2023 5 commits
  3. 05 Jan, 2023 2 commits
    • Kees Cook's avatar
      fortify: Use __builtin_dynamic_object_size() when available · 439a1bca
      Kees Cook authored
      Since the commits starting with c37495d6 ("slab: add __alloc_size
      attributes for better bounds checking"), the compilers have runtime
      allocation size hints available in some places. This was immediately
      available to CONFIG_UBSAN_BOUNDS, but CONFIG_FORTIFY_SOURCE needed
      updating to explicitly make use of the hints via the associated
      __builtin_dynamic_object_size() helper. Detect and use the builtin when
      it is available, increasing the accuracy of the mitigation. When runtime
      sizes are not available, __builtin_dynamic_object_size() falls back to
      __builtin_object_size(), leaving the existing bounds checking unchanged.
      
      Additionally update the VMALLOC_LINEAR_OVERFLOW LKDTM test to make the
      hint invisible, otherwise the architectural defense is not exercised
      (the buffer overflow is detected in the memset() rather than when it
      crosses the edge of the allocation).
      
      Cc: Arnd Bergmann <arnd@arndb.de>
      Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
      Cc: Nick Desaulniers <ndesaulniers@google.com>
      Cc: Nathan Chancellor <nathan@kernel.org>
      Cc: Tom Rix <trix@redhat.com>
      Cc: linux-hardening@vger.kernel.org
      Cc: llvm@lists.linux.dev
      Reviewed-by: Miguel Ojeda <ojeda@kernel.org> # include/linux/compiler_attributes.h
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      439a1bca
    • Stephen Rothwell's avatar
      rxrpc: replace zero-lenth array with DECLARE_FLEX_ARRAY() helper · b2ba00c2
      Stephen Rothwell authored
      0-length arrays are deprecated, and cause problems with bounds checking.
      Replace with a flexible array:
      
      In file included from include/linux/string.h:253,
                       from include/linux/bitmap.h:11,
                       from include/linux/cpumask.h:12,
                       from arch/x86/include/asm/paravirt.h:17,
                       from arch/x86/include/asm/cpuid.h:62,
                       from arch/x86/include/asm/processor.h:19,
                       from arch/x86/include/asm/cpufeature.h:5,
                       from arch/x86/include/asm/thread_info.h:53,
                       from include/linux/thread_info.h:60,
                       from arch/x86/include/asm/preempt.h:9,
                       from include/linux/preempt.h:78,
                       from include/linux/percpu.h:6,
                       from include/linux/prandom.h:13,
                       from include/linux/random.h:153,
                       from include/linux/net.h:18,
                       from net/rxrpc/output.c:10:
      In function 'fortify_memcpy_chk',
          inlined from 'rxrpc_fill_out_ack' at net/rxrpc/output.c:158:2:
      include/linux/fortify-string.h:520:25: error: call to '__write_overflow_field' declared with attribute warning: detected write beyond size of field (1st parameter); maybe use struct_group()?  [-Werror=attribute-warning]
        520 |                         __write_overflow_field(p_size_field, size);
            |                         ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      
      Link: https://lore.kernel.org/linux-next/20230105132535.0d65378f@canb.auug.org.au/
      Cc: David Howells <dhowells@redhat.com>
      Cc: Marc Dionne <marc.dionne@auristor.com>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: Eric Dumazet <edumazet@google.com>
      Cc: Jakub Kicinski <kuba@kernel.org>
      Cc: Paolo Abeni <pabeni@redhat.com>
      Cc: linux-afs@lists.infradead.org
      Cc: netdev@vger.kernel.org
      Signed-off-by: default avatarStephen Rothwell <sfr@canb.auug.org.au>
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      b2ba00c2
  4. 01 Jan, 2023 6 commits
  5. 31 Dec, 2022 2 commits
  6. 30 Dec, 2022 19 commits
  7. 29 Dec, 2022 3 commits
    • Linus Torvalds's avatar
      Merge tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm · 2258c2dc
      Linus Torvalds authored
      Pull kvm fixes from Paolo Bonzini:
       "Changes that were posted too late for 6.1, or after the release.
      
        x86:
      
         - several fixes to nested VMX execution controls
      
         - fixes and clarification to the documentation for Xen emulation
      
         - do not unnecessarily release a pmu event with zero period
      
         - MMU fixes
      
         - fix Coverity warning in kvm_hv_flush_tlb()
      
        selftests:
      
         - fixes for the ucall mechanism in selftests
      
         - other fixes mostly related to compilation with clang"
      
      * tag 'for-linus' of git://git.kernel.org/pub/scm/virt/kvm/kvm: (41 commits)
        KVM: selftests: restore special vmmcall code layout needed by the harness
        Documentation: kvm: clarify SRCU locking order
        KVM: x86: fix deadlock for KVM_XEN_EVTCHN_RESET
        KVM: x86/xen: Documentation updates and clarifications
        KVM: x86/xen: Add KVM_XEN_INVALID_GPA and KVM_XEN_INVALID_GFN to uapi
        KVM: x86/xen: Simplify eventfd IOCTLs
        KVM: x86/xen: Fix SRCU/RCU usage in readers of evtchn_ports
        KVM: x86/xen: Use kvm_read_guest_virt() instead of open-coding it badly
        KVM: x86/xen: Fix memory leak in kvm_xen_write_hypercall_page()
        KVM: Delete extra block of "};" in the KVM API documentation
        kvm: x86/mmu: Remove duplicated "be split" in spte.h
        kvm: Remove the unused macro KVM_MMU_READ_{,UN}LOCK()
        MAINTAINERS: adjust entry after renaming the vmx hyperv files
        KVM: selftests: Mark correct page as mapped in virt_map()
        KVM: arm64: selftests: Don't identity map the ucall MMIO hole
        KVM: selftests: document the default implementation of vm_vaddr_populate_bitmap
        KVM: selftests: Use magic value to signal ucall_alloc() failure
        KVM: selftests: Disable "gnu-variable-sized-type-not-at-end" warning
        KVM: selftests: Include lib.mk before consuming $(CC)
        KVM: selftests: Explicitly disable builtins for mem*() overrides
        ...
      2258c2dc
    • Jens Axboe's avatar
      Merge tag 'nvme-6.2-2022-12-29' of git://git.infradead.org/nvme into block-6.2 · 1551ed5a
      Jens Axboe authored
      Pull NVMe fixes from Christoph:
      
      "nvme fixes for Linux 6.2
      
       - fix various problems in handling the Command Supported and Effects log
         (Christoph Hellwig)
       - don't allow unprivileged passthrough of commands that don't transfer
         data but modify logical block content (Christoph Hellwig)
       - add a features and quirks policy document (Christoph Hellwig)
       - fix some really nasty code that was correct but made smatch complain
         (Sagi Grimberg)"
      
      * tag 'nvme-6.2-2022-12-29' of git://git.infradead.org/nvme:
        nvme-auth: fix smatch warning complaints
        nvme: consult the CSE log page for unprivileged passthrough
        nvme: also return I/O command effects from nvme_command_effects
        nvmet: don't defer passthrough commands with trivial effects to the workqueue
        nvmet: set the LBCC bit for commands that modify data
        nvmet: use NVME_CMD_EFFECTS_CSUPP instead of open coding it
        nvme: fix the NVME_CMD_EFFECTS_CSE_MASK definition
        docs, nvme: add a feature and quirk policy document
      1551ed5a
    • Bhaskar Chowdhury's avatar
      kconfig: Add static text for search information in help menu · da8daff9
      Bhaskar Chowdhury authored
      Add few static text to explain how one can bring up the search dialog
      box by pressing the forward slash key anywhere on this interface.
      Signed-off-by: default avatarBhaskar Chowdhury <unixbhaskar@gmail.com>
      Acked-by: default avatarRandy Dunlap <rdunlap@infradead.org>
      Signed-off-by: default avatarMasahiro Yamada <masahiroy@kernel.org>
      da8daff9
  8. 28 Dec, 2022 2 commits