lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 20 Sep 2022 20:07:09 -0400
From:   Boris Ostrovsky <boris.ostrovsky@...cle.com>
To:     Kees Cook <keescook@...omium.org>, linux-hardening@...r.kernel.org
Cc:     Juergen Gross <jgross@...e.com>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        xen-devel@...ts.xenproject.org, llvm@...ts.linux.dev,
        Siddhesh Poyarekar <siddhesh@...plt.org>,
        Arnd Bergmann <arnd@...db.de>, Tom Rix <trix@...hat.com>,
        Miguel Ojeda <ojeda@...nel.org>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 1/4] x86/entry: Work around Clang __bdos() bug


On 9/20/22 3:21 PM, Kees Cook wrote:
> After expanding bounds checking to use __builtin_dynamic_object_size(),
> Clang produces a false positive when building with CONFIG_FORTIFY_SOURCE=y
> and CONFIG_UBSAN_BOUNDS=y when operating on an array with a dynamic
> offset. Work around this by using a direct assignment of an empty
> instance. Avoids this warning:
>
> ../include/linux/fortify-string.h:309:4: warning: call to __write_overflow_field declared with 'warn
> ing' attribute: detected write beyond size of field (1st parameter); maybe use struct_group()? [-Wat
> tribute-warning]
>                          __write_overflow_field(p_size_field, size);
>                          ^
>
> which was isolated to the memset() call in xen_load_idt().
>
> Note that this looks very much like another bug that was worked around:
> https://github.com/ClangBuiltLinux/linux/issues/1592
>
> Cc: Juergen Gross <jgross@...e.com>
> Cc: Boris Ostrovsky <boris.ostrovsky@...cle.com>
> Cc: Nathan Chancellor <nathan@...nel.org>
> Cc: Nick Desaulniers <ndesaulniers@...gle.com>
> Cc: xen-devel@...ts.xenproject.org
> Cc: llvm@...ts.linux.dev
> Signed-off-by: Kees Cook <keescook@...omium.org>


Reviewed-by: Boris Ostrovsky <boris.ostrovsky@...cle.com>


Powered by blists - more mailing lists