kernel_optimize_test

History

Daniel Axtens 3745488e9d altera-stapl: altera_get_note: prevent write beyond end of 'key' altera_get_note is called from altera_init, where key is kzalloc(33). When the allocation functions are annotated to allow the compiler to see the sizes of objects, and with FORTIFY_SOURCE, we see: In file included from drivers/misc/altera-stapl/altera.c:14:0: In function ‘strlcpy’, inlined from ‘altera_init’ at drivers/misc/altera-stapl/altera.c:2189:5: include/linux/string.h:378:4: error: call to ‘__write_overflow’ declared with attribute error: detected write beyond size of object passed as 1st parameter __write_overflow(); ^~~~~~~~~~~~~~~~~~ That refers to this code in altera_get_note: if (key != NULL) strlcpy(key, &p[note_strings + get_unaligned_be32( &p[note_table + (8 * i)])], length); The error triggers because the length of 'key' is 33, but the copy uses length supplied as the 'length' parameter, which is always 256. Split the size parameter into key_len and val_len, and use the appropriate length depending on what is being copied. Detected by compiler error, only compile-tested. Cc: "Igor M. Liplianin" <liplianin@netup.ru> Signed-off-by: Daniel Axtens <dja@axtens.net> Link: https://lore.kernel.org/r/20200120074344.504-2-dja@axtens.net Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/202002251042.D898E67AC@keescook Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2020-03-03 08:02:57 +01:00
..
altera-stapl	altera-stapl: altera_get_note: prevent write beyond end of 'key'	2020-03-03 08:02:57 +01:00
c2port
cardreader	Char/Misc driver changes for 5.6-rc1	2020-01-29 10:35:54 -08:00
cb710
cxl	misc: cxl: use mmgrab	2020-01-16 14:59:36 +10:00
echo
eeprom	misc: eeprom: at24: support pm_runtime control	2020-01-23 12:52:57 +01:00
genwqe	misc: genwqe: fix compile warnings	2020-01-14 15:06:06 +01:00
habanalabs	habanalabs: patched cb equals user cb in device memset	2020-02-11 11:12:47 +02:00
ibmasm
lis3lv02d
lkdtm	lkdtm/bugs: fix build error in lkdtm_UNSET_SMEP	2020-01-14 15:41:04 +01:00
mei	mei: me: add jasper point DID	2020-01-24 09:33:58 +01:00
mic	Char/Misc driver changes for 5.6-rc1	2020-01-29 10:35:54 -08:00
ocxl	ocxl: Add PCI hotplug dependency to Kconfig	2020-01-23 21:31:18 +11:00
sgi-gru	proc: convert everything to "struct proc_ops"	2020-02-04 03:05:26 +00:00
sgi-xp	netdev: pass the stuck queue to the timeout handler	2019-12-12 21:38:57 -08:00
ti-st	drivers/misc: ti-st: remove redundant assignment to variables i and flags	2020-01-14 15:16:51 +01:00
vmw_vmci	compat_ioctl: remove most of fs/compat_ioctl.c	2019-12-01 13:46:15 -08:00
ad525x_dpot-i2c.c
ad525x_dpot-spi.c
ad525x_dpot.c
ad525x_dpot.h
apds990x.c
apds9802als.c
atmel_tclib.c
atmel-ssc.c
bh1770glc.c
cs5535-mfgpt.c
ds1682.c
dummy-irq.c
enclosure.c	scsi: enclosure: Fix stale device oops with hot replug	2020-01-10 01:38:40 -05:00
fastrpc.c	drm-misc-next for v5.6:	2019-12-17 13:57:54 +01:00
hmc6352.c
hpilo.c
hpilo.h
ibmvmc.c
ibmvmc.h
ics932s401.c
isl29003.c
isl29020.c	misc: isl29020: add missed pm_runtime_disable	2020-01-14 15:06:07 +01:00
Kconfig	misc: Fix Kconfig indentation	2019-11-20 15:09:49 +01:00
kgdbts.c
lattice-ecp3-config.c
Makefile
pch_phub.c
pci_endpoint_test.c
phantom.c
pti.c	Char/Misc driver changes for 5.6-rc1	2020-01-29 10:35:54 -08:00
pvpanic.c	misc: pvpanic: add crash loaded event	2020-01-14 15:07:37 +01:00
qcom-coincell.c
sram-exec.c	drivers/misc: sram-exec: have the callers of set_memory_*() check the return value	2020-01-14 15:06:06 +01:00
sram.c	misc: sram: use devm_platform_ioremap_resource_wc()	2019-11-05 18:32:47 +01:00
sram.h
tifm_7xx1.c
tifm_core.c
tsl2550.c	misc: tsl2550: remove redundant initialization to variable r	2020-01-14 15:16:51 +01:00
vexpress-syscfg.c
vmw_balloon.c	vmw_balloon: Explicitly include linux/io.h for virt_to_phys()	2019-12-10 10:15:48 +01:00
xilinx_sdfec.c	misc: xilinx_sdfec: fix xsdfec_poll()'s return type	2020-01-14 15:16:51 +01:00