| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 17 Mar 2023 22:01:12 +0100
From: Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Kees Cook <keescook@...omium.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Jens Axboe <axboe@...nel.dk>,
Nathan Chancellor <nathan@...nel.org>,
"linux-block@...r.kernel.org" <linux-block@...r.kernel.org>,
clang-built-linux <llvm@...ts.linux.dev>,
linux-hardening@...r.kernel.org
Subject: Re: [GIT PULL] Block fixes for 6.3-rc3
On Fri, Mar 17, 2023 at 9:51 PM Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
>
> Yeah, I see what it's doing.
Yeah, sorry, I saw your later email after sending that one.
> Yeah, but clang really should have generated a proper third iteration,
> which calls that "out of bounds" case, and then returns, instead fo
> falling off the end.
>
> I do think that on the kernel side, the fix is to just change
>
> } while (type++ != SIZE_DEFAULT_FFMT);
>
> to
>
> } while (++type != SIZE_DEFAULT_FFMT);
>
> but I would *really* like clang to be fixed to not silently generate
> code that does insane things and would be basically impossible to
> debug if it ever triggers.
Not sure how easy is for them to realize that they should do a 3rd
iteration. But perhaps it would be possible that Clang/LLVM does a
similar check to objtool and at least emit a warning about similar
situations that would help developers diagnose this (since it should
have way more information about what happened than objtool).
Cheers,
Miguel
Powered by blists - more mailing lists