lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <8B2F4001-01FC-4554-B6E0-1E75E9CE473B@kernel.org>
Date:   Thu, 27 Apr 2023 17:43:15 -0700
From:   Kees Cook <kees@...nel.org>
To:     Karol Herbst <kherbst@...hat.com>, Lyude Paul <lyude@...hat.com>
CC:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Kees Cook <keescook@...omium.org>,
        Ben Skeggs <bskeggs@...hat.com>,
        David Airlie <airlied@...il.com>,
        Daniel Vetter <daniel@...ll.ch>,
        dri-devel <dri-devel@...ts.freedesktop.org>,
        nouveau@...ts.freedesktop.org, linux-hardening@...r.kernel.org,
        gustavo@...eddedor.com, qing.zhao@...cle.com
Subject: Re: Disabling -Warray-bounds for gcc-13 too

On April 27, 2023 3:50:06 PM PDT, Karol Herbst <kherbst@...hat.com> wrote:
>On Fri, Apr 28, 2023 at 12:46 AM Lyude Paul <lyude@...hat.com> wrote:
>>
>> Hey Linus, Kees. Responses below
>>
>> On Sun, 2023-04-23 at 13:23 -0700, Kees Cook wrote:
>> > On April 23, 2023 10:36:24 AM PDT, Linus Torvalds <torvalds@...ux-foundation.org> wrote:
>> > > Kees,
>> > >  I made the mistake of upgrading my M2 Macbook Air to Fedora-38, and
>> > > in the process I got gcc-13 which is not WERROR-clean because we only
>> > > limited the 'array-bounds' warning to gcc-11 and gcc-12. But gcc-13
>> > > has all the same issues.
>> > >
>> > > And I want to be able to do my arm64 builds with WERROR on still...
>> > >
>> > > I guess it never made much sense to hope it was going to go away
>> > > without having a confirmation, so I just changed it to be gcc-11+.
>> >
>> > Yeah, that's fine. GCC 13 released without having a fix for at least one (hopefully last) known array-bounds vs jump threading bug:
>> > https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109071
>> >
>> > > And one of them is from you.
>> > >
>> > > In particular, commit 4076ea2419cf ("drm/nouveau/disp: Fix
>> > > nvif_outp_acquire_dp() argument size") cannot possibly be right, It
>> > > changes
>> > >
>> > > nvif_outp_acquire_dp(struct nvif_outp *outp, u8 dpcd[16],
>> > >
>> > > to
>> > >
>> > > nvif_outp_acquire_dp(struct nvif_outp *outp, u8 dpcd[DP_RECEIVER_CAP_SIZE],
>> > >
>> > > and then does
>> > >
>> > >        memcpy(args.dp.dpcd, dpcd, sizeof(args.dp.dpcd));
>> > >
>> > > where that 'args.dp.dpcd' is a 16-byte array, and DP_RECEIVER_CAP_SIZE is 15.
>> >
>> > Yeah, it was an incomplete fix. I sent the other half here, but it fell through the cracks:
>> > https://lore.kernel.org/lkml/20230204184307.never.825-kees@kernel.org/
>>
>> Thanks for bringing this to our attention, yeah this definitely just looks
>> like it got missed somewhere down the line. It looks like Karol responded
>> already so I assume the patch is in the pipeline now, but let me know if
>> there's anything else you need.
>>
>
>uhm, I didn't push anything, but I can push it through drm-misct asap,
>just wanted to ask if somebody wants to pick a quicker route. But I
>guess not?

If you can pick it up, that would be great. There's no rush. :)



-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ