Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4285958imu;
        Mon, 14 Jan 2019 19:30:04 -0800 (PST)
X-Google-Smtp-Source: ALg8bN7tQh0+VsOUVjTwWdoRJv5hT9QOy70MFUqu0RSjZRPpNvTDJPUlc18kuwqM9xuPR9kNPZoE
X-Received: by 2002:a17:902:bd86:: with SMTP id q6mr1899985pls.16.1547523004019;
        Mon, 14 Jan 2019 19:30:04 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1547523004; cv=none;
        d=google.com; s=arc-20160816;
        b=eO9b6ixtR6EywlSUmFgPlSwsp5h/fIMvlaRAPm+31rgpDWO2VsGbmHipNaz1pcKW2t
         XaVD3XLmLRLeSS3xIC/qzcGwiZmeua411mAP7EcZU94ggClj+v9q0/MymBzPb4sGLAME
         6N1thWCwH958UdHrqWo2P7I92il0GBpsenCWD+1hDjuAoJg45uECEW+iyKLZZFxIX6kI
         VUIHWpHJrzcsmbv8NP/jlGmEG6wKX0Wz2CIhljZO05gYvEswqpVEbdWBn3z/5mZBN2io
         iy5qyJgukjnvf6bzwy4Jt3caNN0meuY5zczf8ONfeeIO4LeAhizL/RWZ69qL8f2pxSl5
         hTwg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=VGSa3X7AZJA5X5zN3PI40YJySV91wekRZcWeiye72KE=;
        b=jxur4mjgU9rzYXJMNHH3RqnydNYEVaz84ekEo7Y2sOnBTBfUpWoHzp1RBZwaFJlOQH
         1cKwj9WPjQUMPrqH5QDjBvGhbBU+GpA/2ERi+8zHEMhcfqogP5m5dWsSieDS7fM4oTb3
         Fi1SDUh4cPQPLkUGXg/8rCFxQu03MVc7L9OkeOhCGLHSq/+xsYTQm704jbF9YsTLl0L7
         yj4gQlcHujcmXaH4SZtzu4KKO4AxDiV9uIyj0EHsPzfkTHjJu5FbpgJ5IbykpLP3tp7L
         k7X2BkJY2Czlzphsfo02SHp9m2j8IqvI/GbrmnFUVFEcQBsFQhYKqR5M/5rrxONiMb0O
         5J0w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 91si2079915ply.214.2019.01.14.19.29.30;
        Mon, 14 Jan 2019 19:30:04 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727709AbfAODMs (ORCPT <rfc822;sbrunau@gmail.com> + 99 others);
        Mon, 14 Jan 2019 22:12:48 -0500
Received: from wtarreau.pck.nerim.net ([62.212.114.60]:35421 "EHLO 1wt.eu"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1727221AbfAODMs (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 14 Jan 2019 22:12:48 -0500
Received: (from willy@localhost)
        by pcw.home.local (8.15.2/8.15.2/Submit) id x0F3CZGN006430;
        Tue, 15 Jan 2019 04:12:35 +0100
Date:   Tue, 15 Jan 2019 04:12:35 +0100
From:   Willy Tarreau <w@1wt.eu>
To:     Kees Cook <keescook@chromium.org>
Cc:     Silvio Cesare <silvio.cesare@gmail.com>,
        LKML <linux-kernel@vger.kernel.org>,
        Dan Carpenter <dan.carpenter@oracle.com>,
        Will Deacon <will.deacon@arm.com>, Greg KH <greg@kroah.com>
Subject: Re: [PATCH 1/8] lkdtm: change snprintf to scnprintf for possible
 overflow
Message-ID: <20190115031235.GA6416@1wt.eu>
References: <20190112152844.26550-1-w@1wt.eu>
 <CAGXu5jLGkPqA+ZY7aFizpsRj9VvOhUSfixWcLLVHXwsAo3PQyA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CAGXu5jLGkPqA+ZY7aFizpsRj9VvOhUSfixWcLLVHXwsAo3PQyA@mail.gmail.com>
User-Agent: Mutt/1.6.1 (2016-04-27)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Kees,

On Mon, Jan 14, 2019 at 05:02:51PM -0800, Kees Cook wrote:
> On Sat, Jan 12, 2019 at 7:28 AM Willy Tarreau <w@1wt.eu> wrote:
> >
> > From: Silvio Cesare <silvio.cesare@gmail.com>
> >
> > Change snprintf to scnprintf. There are generally two cases where using
> > snprintf causes problems.
> 
> (I didn't find a 0/8 cover letter, so I'm replying here...)

I didn't add one simply because I didn't have more context info than
the one already present in each of these commits (which were all the
same by the way). These ones were first reported by Silvio on the
security list on November 23rd and came to a stall by lack of proper
Cc and subject lines. So I've ran get_maintainers.pl + git log to
adjust all this and sent them with the available context.

> Many of these fixes are just robustness updates (e.g. the lkdtm case
> below is not current a problem: the size of the static array getting
> displayed is less than PAGE_SIZE). It might be worth noting which are
> actually problems (and include the appropriate Cc: and Fixes: lines).

From what I remember from the thread, these are small bugs causing some
memory disclosure when used with debugfs. I've just found the featured
article :

   http://blog.infosectcbr.com.au/2018/11/memory-bugs-in-multiple-linux-kernel.html

> Are these changes going into someone's single tree, or are they
> intended for individual maintainers to pick up?

The goal was to let the maintainers decide based on the commit message.

That's why it's always better when the reporter sends the information
by himself rather than relying on some third party to polish things up
and forward :-/

Cheers,
Willy