lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHk-=widUkzjVMW99L6OZpJc1wDnZbBbnOOzgXOMypOPoV6mjg@mail.gmail.com>
Date:   Sun, 5 Sep 2021 10:36:22 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Kees Cook <keescook@...omium.org>
Cc:     Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Arnd Bergmann <arnd@...db.de>, Daniel Vetter <daniel@...ll.ch>,
        Dan Williams <dan.j.williams@...el.com>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        Keith Packard <keithp@...thp.com>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        linux-hardening@...r.kernel.org
Subject: Re: [GIT PULL] overflow updates for v5.15-rc1

On Sun, Sep 5, 2021 at 12:38 AM Kees Cook <keescook@...omium.org> wrote:
>
> Yeech. Yeah, no, that was not expected at all. I even did test merge builds against your latest tree before sending the Pull Request. This has been in -next for weeks, too.

Sadly, I don't think linux-next checks for warnings.

I really want to enable -Werror at some point, but every time I think
I should, I just end up worrying about another random new compiler (or
a random old one).

We do have -Werror in various configurations (and in some sub-trees).

> What was the build environment?

This is actually just bog-standard gcc-11.2 from F34, and an allmodconfig build.

> Seeing an unexpected "-Wunused-value" in your output makes me think I've got a compiler version blind-spot, with some different default flags.)

There were lots of other ones too, I just pasted a small subset. Thne
full error log was 400+ lines. Most of those lines are just because of
the very verbose warnings.

Three errors due to "-Werror=unused-value", but 17 each of variations on

    error: call to ‘__read_overflow’ declared with attribute error:
detected read beyond size of object (1st parameter)

and

    warning: unsafe xyz() usage lacked '__read_overflow' warning

warnings.

Full 400+ lines (25kB) of errors/warnings messages attached in case
you care about the whole thing and can't easily reproduce.

           Linus

Download attachment "errors" of type "application/octet-stream" (25414 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ