lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun, 5 Sep 2021 11:31:44 -0700 From: Kees Cook <keescook@...omium.org> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: Linux Kernel Mailing List <linux-kernel@...r.kernel.org>, Arnd Bergmann <arnd@...db.de>, Daniel Vetter <daniel@...ll.ch>, Dan Williams <dan.j.williams@...el.com>, Rasmus Villemoes <linux@...musvillemoes.dk>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "Gustavo A. R. Silva" <gustavoars@...nel.org>, Keith Packard <keithp@...thp.com>, Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, linux-hardening@...r.kernel.org Subject: Re: [GIT PULL] overflow updates for v5.15-rc1 On Sun, Sep 05, 2021 at 10:36:22AM -0700, Linus Torvalds wrote: > On Sun, Sep 5, 2021 at 12:38 AM Kees Cook <keescook@...omium.org> wrote: > > > > Yeech. Yeah, no, that was not expected at all. I even did test merge builds against your latest tree before sending the Pull Request. This has been in -next for weeks, too. > > Sadly, I don't think linux-next checks for warnings. Oh, I thought I'd gotten such reports from sfr before, but certainly the 0day bot and others have yelled loudly about new warnings (from earlier iterations of this series in -next). > I really want to enable -Werror at some point, but every time I think > I should, I just end up worrying about another random new compiler (or > a random old one). > > We do have -Werror in various configurations (and in some sub-trees). Yup, I think ppc and drm? > > What was the build environment? > > This is actually just bog-standard gcc-11.2 from F34, and an allmodconfig build. Ah, fun. Yeah, I'm behind on versions, it seems. Default gcc version on latest stable Ubuntu release is 10.3. I will go retest on the devel release. > > Seeing an unexpected "-Wunused-value" in your output makes me think I've got a compiler version blind-spot, with some different default flags.) > > There were lots of other ones too, I just pasted a small subset. Thne > full error log was 400+ lines. Most of those lines are just because of > the very verbose warnings. > > Three errors due to "-Werror=unused-value", but 17 each of variations on > > error: call to ‘__read_overflow’ declared with attribute error: > detected read beyond size of object (1st parameter) > > and > > warning: unsafe xyz() usage lacked '__read_overflow' warning > > warnings. > > Full 400+ lines (25kB) of errors/warnings messages attached in case > you care about the whole thing and can't easily reproduce. Yeah, the tests are designed to freak out if it gets an unexpected warning (since it's trying to check for _expected_ warnings), but regardless, they were not at all supposed to be spewing like this immediately! :P Sorry for the noise; I will get it cleaned up and re-sent. -Kees -- Kees Cook
Powered by blists - more mailing lists