lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <202108171602.159EB2C7EA@keescook>
Date:   Tue, 17 Aug 2021 16:06:19 -0700
From:   Kees Cook <keescook@...omium.org>
To:     "Gustavo A. R. Silva" <gustavo@...eddedor.com>
Cc:     Masahiro Yamada <masahiroy@...nel.org>,
        Nathan Chancellor <nathan@...nel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        clang-built-linux <clang-built-linux@...glegroups.com>,
        linux-hardening@...r.kernel.org
Subject: Re: [PATCH] kbuild: Enable -Wimplicit-fallthrough for clang 14.0.0+

On Tue, Aug 17, 2021 at 04:33:25PM -0500, Gustavo A. R. Silva wrote:
> 
> 
> On 8/17/21 16:17, Masahiro Yamada wrote:
> > On Wed, Aug 18, 2021 at 3:25 AM Nathan Chancellor <nathan@...nel.org> wrote:
> >>
> >> On 8/17/2021 11:03 AM, Kees Cook wrote:
> >>> On Mon, Aug 16, 2021 at 09:55:28PM -0700, Nathan Chancellor wrote:
> >>>> If you/Gustavo would prefer, I can upgrade that check to
> >>>>
> >>>> ifneq ($(call cc-option, -Wunreachable-code-fallthrough),)
> >>>>
> >>>> I was just trying to save a call to the compiler, as that is more expensive
> >>>> than a shell test call.
> >>>
> >>> I prefer the option test -- this means no changes are needed on the
> >>> kernel build side if it ever finds itself backported to earlier versions
> >>> (and it handles the current case of "14" not meaning "absolute latest").
> >>>
> >>> More specifically, I think you want this (untested):
> >>
> >> That should work but since -Wunreachable-code-fallthrough is off by
> >> default, I did not really see a reason to include it in KBUILD_CFLAGS. I
> >> do not have a strong opinion though, your version is smaller than mine
> >> is so we can just go with that. I'll defer to Gustavo on it since he has
> >> put in all of the work cleaning up the warnings.
> > 
> > 
> > 
> > https://github.com/llvm/llvm-project/commit/9ed4a94d6451046a51ef393cd62f00710820a7e8
> > 
> >    did two things:
> > 
> >  (1) Change the -Wimplicit-fallthrough behavior so that it fits
> >       to our use in the kernel
> > 
> >  (2) Add a new option -Wunreachable-code-fallthrough
> >       that works like the previous -Wimplicit-fallthrough of
> >       Clang <= 13.0.0
> > 
> > 
> > They are separate things.
> > 
> > Checking the presence of -Wunreachable-code-fallthrough
> > does not make sense since we are only interested in (1) here.
> > 
> > So, checking the Clang version is sensible and matches
> > the explanation in the comment block.

I thought one of the problems (which is quickly draining away) that
needed to be solved here is that some Clang trunk builds (that report
as version 14) don't yet have support for -Wunreachable-code-fallthrough
since they aren't new enough.

> > # Warn about unmarked fall-throughs in switch statement.
> > # Clang prior to 14.0.0 warned on unreachable fallthroughs with
> > # -Wimplicit-fallthrough, which is unacceptable due to IS_ENABLED().
> > # https://bugs.llvm.org/show_bug.cgi?id=51094
> > ifeq ($(firstword $(sort $(CONFIG_CLANG_VERSION) 140000)),140000)
> > KBUILD_CFLAGS += -Wimplicit-fallthrough
> > endif
> > 
> > The $(sort ...) is alphabetical sort, not numeric sort.
> > It works for us because the minimum Clang version is 10.0.1
> > (that is CONFIG_CLANG_VERSION is always 6-digit)
> > 
> > It will break when Clang version 100.0.0 is released.
> > 
> > But, before that, we will raise the minimum supported clang version,
> > and this conditional will go away.

If a version test is preferred, cool; this is a nice trick. :)

> I like this. :)
> 
> I'm going to make the 0-day robot test it in my tree, first.

Sounds good to me!

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ