lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LNX.2.23.453.2011250859290.15@nippy.intranet> Date: Wed, 25 Nov 2020 09:24:08 +1100 (AEDT) From: Finn Thain <fthain@...egraphics.com.au> To: Kees Cook <keescook@...omium.org> cc: James Bottomley <James.Bottomley@...senPartnership.com>, "Gustavo A. R. Silva" <gustavoars@...nel.org>, Joe Perches <joe@...ches.com>, Jakub Kicinski <kuba@...nel.org>, alsa-devel@...a-project.org, linux-atm-general@...ts.sourceforge.net, reiserfs-devel@...r.kernel.org, linux-iio@...r.kernel.org, linux-wireless@...r.kernel.org, linux-fbdev@...r.kernel.org, dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org, Nathan Chancellor <natechancellor@...il.com>, linux-ide@...r.kernel.org, dm-devel@...hat.com, keyrings@...r.kernel.org, linux-mtd@...ts.infradead.org, GR-everest-linux-l2@...vell.com, wcn36xx@...ts.infradead.org, samba-technical@...ts.samba.org, linux-i3c@...ts.infradead.org, linux1394-devel@...ts.sourceforge.net, linux-afs@...ts.infradead.org, usb-storage@...ts.one-eyed-alien.net, drbd-dev@...ts.linbit.com, devel@...verdev.osuosl.org, linux-cifs@...r.kernel.org, rds-devel@....oracle.com, Nick Desaulniers <ndesaulniers@...gle.com>, linux-scsi@...r.kernel.org, linux-rdma@...r.kernel.org, oss-drivers@...ronome.com, bridge@...ts.linux-foundation.org, linux-security-module@...r.kernel.org, amd-gfx@...ts.freedesktop.org, linux-stm32@...md-mailman.stormreply.com, cluster-devel@...hat.com, linux-acpi@...r.kernel.org, coreteam@...filter.org, intel-wired-lan@...ts.osuosl.org, linux-input@...r.kernel.org, Miguel Ojeda <ojeda@...nel.org>, tipc-discussion@...ts.sourceforge.net, linux-ext4@...r.kernel.org, linux-media@...r.kernel.org, linux-watchdog@...r.kernel.org, selinux@...r.kernel.org, linux-arm-msm@...r.kernel.org, intel-gfx@...ts.freedesktop.org, linux-geode@...ts.infradead.org, linux-can@...r.kernel.org, linux-block@...r.kernel.org, linux-gpio@...r.kernel.org, op-tee@...ts.trustedfirmware.org, linux-mediatek@...ts.infradead.org, xen-devel@...ts.xenproject.org, nouveau@...ts.freedesktop.org, linux-hams@...r.kernel.org, ceph-devel@...r.kernel.org, virtualization@...ts.linux-foundation.org, linux-arm-kernel@...ts.infradead.org, linux-hwmon@...r.kernel.org, x86@...nel.org, linux-nfs@...r.kernel.org, GR-Linux-NIC-Dev@...vell.com, linux-mm@...ck.org, netdev@...r.kernel.org, linux-decnet-user@...ts.sourceforge.net, linux-mmc@...r.kernel.org, linux-renesas-soc@...r.kernel.org, linux-sctp@...r.kernel.org, linux-usb@...r.kernel.org, netfilter-devel@...r.kernel.org, linux-crypto@...r.kernel.org, patches@...nsource.cirrus.com, linux-integrity@...r.kernel.org, target-devel@...r.kernel.org, linux-hardening@...r.kernel.org, Jonathan Cameron <Jonathan.Cameron@...wei.com>, Greg KH <gregkh@...uxfoundation.org> Subject: Re: [Intel-wired-lan] [PATCH 000/141] Fix fall-through warnings for Clang On Tue, 24 Nov 2020, Kees Cook wrote: > On Mon, Nov 23, 2020 at 08:31:30AM -0800, James Bottomley wrote: > > Really, no ... something which produces no improvement has no value at > > all ... we really shouldn't be wasting maintainer time with it because > > it has a cost to merge. I'm not sure we understand where the balance > > lies in value vs cost to merge but I am confident in the zero value > > case. > > What? We can't measure how many future bugs aren't introduced because > the kernel requires explicit case flow-control statements for all new > code. > These statements are not "missing" unless you presume that code written before the latest de facto language spec was written should somehow be held to that spec. If the 'fallthrough' statement is not part of the latest draft spec then we should ask why not before we embrace it. Being that the kernel still prefers -std=gnu89 you might want to consider what has prevented -std=gnu99 or -std=gnu2x etc. > We already enable -Wimplicit-fallthrough globally, so that's not the > discussion. The issue is that Clang is (correctly) even more strict than > GCC for this, so these are the remaining ones to fix for full Clang > coverage too. > Seems to me you should be patching the compiler. When you have consensus among the language lawyers you'll have more credibility with those being subjected to enforcement.
Powered by blists - more mailing lists