| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 11 Oct 2014 15:14:10 +0100 From: Russell King - ARM Linux <linux@....linux.org.uk> To: Nathan Lynch <Nathan_Lynch@...tor.com> Cc: Felipe Balbi <balbi@...com>, Rik van Riel <riel@...hat.com>, "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>, Tony Lindgren <tony@...mide.com>, Linux USB Mailing List <linux-usb@...r.kernel.org>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, josh@...htriplett.org, Rabin Vincent <rabin@....in>, Alan Stern <stern@...land.harvard.edu>, Johannes Weiner <hannes@...xchg.org>, Sasha Levin <sasha.levin@...cle.com>, Andrew Morton <akpm@...ux-foundation.org>, Linux OMAP Mailing List <linux-omap@...r.kernel.org>, Linus Torvalds <torvalds@...ux-foundation.org>, Linux ARM Kernel Mailing List <linux-arm-kernel@...ts.infradead.org> Subject: Re: RCU bug with v3.17-rc3 ? On Fri, Oct 10, 2014 at 08:44:33PM -0500, Nathan Lynch wrote: > On 10/10/2014 11:25 AM, Russell King - ARM Linux wrote: > > We can blacklist these GCC versions quite easily. We already have GCC > > 3.3 blacklisted, and it's trivial to add others. I would want to include > > some proper details about the bug, just like the other existing entries > > we already have in asm-offsets.c, where we name the functions that the > > compiler is known to break where appropriate. > > Before blacklisting anything, it's worth considering that simple version > checks would break existing pre-4.8.3 compilers that have been patched > for PR58854. It looks like Yocto and Buildroot issued releases with > patched 4.8.2 compilers well before the (fixed) 4.8.3 release. I think > the most we can reasonably do without breaking some correctly-behaving > toolchains is to emit a warning. I wish that it was possible to just do the warning thing, but unfortunately evidence is that many people ignore compiler warnings, because they see them appearing from the kernel soo often they have become de-sensitised to them. This is pretty obvious from the various nightly build systems which produce the same warnings for months without any progress on them - some of them can be quite serious (oops-able) where printf format strings are concerned. > > for some time that GCC 4.8.1 and GCC 4.8.2 _can_ lead to filesystem > > corruption, and have sat on their backsides doing nothing about getting > > it blacklisted for something like a year. > > Mea culpa, although I hadn't drawn the connection to FS corruption > reports until now. I have known about the issue for some time, but > figured the prevalence of the fix in downstream projects largely > mitigated the issue. It's the FS corruption which swings it in favour of a #error - even if we have a bunch of compilers around with that version which have the problem fixed, it's /far/ better to #error out. Those people who know definitely that they have a fixed compiler can comment out the test after checking that they do indeed have a fixed version, or are willing to take the risk. What we can't do is have kernels built by people who then run into FS corruption because of this known issue. -- FTTC broadband for 0.8mile line: currently at 9.5Mbps down 400kbps up according to speedtest.net. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists