lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <Yv6IQvlfU7BPHrHK@nvidia.com>
Date:   Thu, 18 Aug 2022 15:43:14 -0300
From:   Jason Gunthorpe <jgg@...dia.com>
To:     "Gustavo A. R. Silva" <gustavo@...eddedor.com>
Cc:     "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Kees Cook <keescook@...omium.org>,
        linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] flexible-array transformations in UAPI for 6.0-rc1

On Thu, Aug 18, 2022 at 09:21:54AM -0500, Gustavo A. R. Silva wrote:
> Hi!
> 
> On 8/18/22 07:28, Jason Gunthorpe wrote:
> > On Mon, Aug 01, 2022 at 03:31:28PM -0500, Gustavo A. R. Silva wrote:
> > > The following changes since commit b13baccc3850ca8b8cccbf8ed9912dbaa0fdf7f3:
> > > 
> > >    Linux 5.19-rc2 (2022-06-12 16:11:37 -0700)
> > > 
> > > are available in the Git repository at:
> > > 
> > >    git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git tags/flexible-array-transformations-UAPI-6.0-rc1
> > > 
> > > for you to fetch changes up to 94dfc73e7cf4a31da66b8843f0b9283ddd6b8381:
> > > 
> > >    treewide: uapi: Replace zero-length arrays with flexible-array members (2022-06-28 21:26:05 +0200)
> > > 
> > > ----------------------------------------------------------------
> > > flexible-array transformations in UAPI for 6.0-rc1
> > > 
> > > Hi Linus,
> > > 
> > > Please, pull the following treewide patch that replaces zero-length arrays
> > > with flexible-array members in UAPI. This patch has been baking in
> > > linux-next for 5 weeks now.
> > > 
> > > -fstrict-flex-arrays=3 is coming and we need to land these changes
> > > to prevent issues like these in the short future:
> > > 
> > > ../fs/minix/dir.c:337:3: warning: 'strcpy' will always overflow; destination buffer has size 0,
> > > but the source string has length 2 (including NUL byte) [-Wfortify-source]
> > > 		strcpy(de3->name, ".");
> > > 		^
> > > 
> > > Since these are all [0] to [] changes, the risk to UAPI is nearly zero. If
> > > this breaks anything, we can use a union with a new member name.
> > 
> > This has trobuled the RDMA userspace by creating new compiler warnings..
> > 
> > We discussed this and I thought you agreed not to send these changes?
> 
> Yep; and as I said in that thread, I went and removed all the changes that
> were causing trouble, based on this report by 0-day:
> 
> https://lore.kernel.org/lkml/202206241055.Eh9MKMAE-lkp@intel.com/
> 
> For instance, 0-day reported this warning:

Yes, I took it for granted that the patch wouldn't cause more kernel
warnings :)

So, this is what we ended up doing in userspace:

https://github.com/linux-rdma/rdma-core/pull/1207

So, maybe it is OK.

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ