lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 25 Nov 2020 14:09:29 -0800
From:   Nick Desaulniers <>
To:     Finn Thain <>
Cc:     James Bottomley <>,
        Kees Cook <>,
        "Gustavo A. R. Silva" <>,
        Joe Perches <>,
        Jakub Kicinski <>,,,,,
        linux-wireless <>,,
        dri-devel <>,
        LKML <>,
        Nathan Chancellor <>,,,,,,,,,,,,,,,,,,,,,
        amd-gfx list <>,,,,,,,
        Miguel Ojeda <>,,,,,,
        linux-arm-msm <>,,,,,,,,,,,,,
        Linux ARM <>,,
        "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <>,,,
        Linux Memory Management List <>,
        Network Development <>,,,
        Linux-Renesas <>,,,,
        Jonathan Cameron <>,
        Greg KH <>
Subject: Re: [Intel-wired-lan] [PATCH 000/141] Fix fall-through warnings for Clang

On Wed, Nov 25, 2020 at 1:33 PM Finn Thain <> wrote:
> Or do you think that a codebase can somehow satisfy multiple checkers and
> their divergent interpretations of the language spec?

Have we found any cases yet that are divergent? I don't think so.  It
sounds to me like GCC's cases it warns for is a subset of Clang's.
Having additional coverage with Clang then should ensure coverage for

> > This is not a shiny new warning; it's already on for GCC and has existed
> > in both compilers for multiple releases.
> >
> Perhaps you're referring to the compiler feature that lead to the
> ill-fated, tree-wide /* fallthrough */ patch series.
> When the ink dries on the C23 language spec and the implementations figure
> out how to interpret it then sure, enforce the warning for new code -- the
> cost/benefit analysis is straight forward. However, the case for patching
> existing mature code is another story.

I don't think we need to wait for the ink to dry on the C23 language
spec to understand that implicit fallthrough is an obvious defect of
the C language.  While the kernel is a mature codebase, it's not
immune to bugs.  And its maturity has yet to slow its rapid pace of
~Nick Desaulniers

Powered by blists - more mailing lists