| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Aug 2022 15:43:14 -0300
From: Jason Gunthorpe <jgg@...dia.com>
To: "Gustavo A. R. Silva" <gustavo@...eddedor.com>
Cc: "Gustavo A. R. Silva" <gustavoars@...nel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>,
Kees Cook <keescook@...omium.org>,
linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] flexible-array transformations in UAPI for 6.0-rc1
On Thu, Aug 18, 2022 at 09:21:54AM -0500, Gustavo A. R. Silva wrote:
> Hi!
>
> On 8/18/22 07:28, Jason Gunthorpe wrote:
> > On Mon, Aug 01, 2022 at 03:31:28PM -0500, Gustavo A. R. Silva wrote:
> > > The following changes since commit b13baccc3850ca8b8cccbf8ed9912dbaa0fdf7f3:
> > >
> > > Linux 5.19-rc2 (2022-06-12 16:11:37 -0700)
> > >
> > > are available in the Git repository at:
> > >
> > > git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git tags/flexible-array-transformations-UAPI-6.0-rc1
> > >
> > > for you to fetch changes up to 94dfc73e7cf4a31da66b8843f0b9283ddd6b8381:
> > >
> > > treewide: uapi: Replace zero-length arrays with flexible-array members (2022-06-28 21:26:05 +0200)
> > >
> > > ----------------------------------------------------------------
> > > flexible-array transformations in UAPI for 6.0-rc1
> > >
> > > Hi Linus,
> > >
> > > Please, pull the following treewide patch that replaces zero-length arrays
> > > with flexible-array members in UAPI. This patch has been baking in
> > > linux-next for 5 weeks now.
> > >
> > > -fstrict-flex-arrays=3 is coming and we need to land these changes
> > > to prevent issues like these in the short future:
> > >
> > > ../fs/minix/dir.c:337:3: warning: 'strcpy' will always overflow; destination buffer has size 0,
> > > but the source string has length 2 (including NUL byte) [-Wfortify-source]
> > > strcpy(de3->name, ".");
> > > ^
> > >
> > > Since these are all [0] to [] changes, the risk to UAPI is nearly zero. If
> > > this breaks anything, we can use a union with a new member name.
> >
> > This has trobuled the RDMA userspace by creating new compiler warnings..
> >
> > We discussed this and I thought you agreed not to send these changes?
>
> Yep; and as I said in that thread, I went and removed all the changes that
> were causing trouble, based on this report by 0-day:
>
> https://lore.kernel.org/lkml/202206241055.Eh9MKMAE-lkp@intel.com/
>
> For instance, 0-day reported this warning:
Yes, I took it for granted that the patch wouldn't cause more kernel
warnings :)
So, this is what we ended up doing in userspace:
https://github.com/linux-rdma/rdma-core/pull/1207
So, maybe it is OK.
Jason
Powered by blists - more mailing lists