lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 2 Feb 2024 10:29:43 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Arnd Bergmann <arnd@...db.de>
Cc: "Gustavo A. R. Silva" <gustavoars@...nel.org>, Kees Cook <keescook@...omium.org>, 
	linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] Enable -Wstringop-overflow globally

On Thu, 1 Feb 2024 at 23:53, Arnd Bergmann <arnd@...db.de> wrote:
>
> I did a creduce pass on this warning when it first showed up
> and opened a gcc bug report as well as a driver workaround:
>
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113214
> https://lore.kernel.org/lkml/20240103114819.2913937-1-arnd@kernel.org/#r

Ugh. The fact that *that* patch to the Xe driver makes a difference to
the compiler actually only makes me even less happy about this.

The "&a[b]" -> "a+b" transformation is _literally_ just syntactic.
They are EXACTLY the same expression, and any compiler person or
sanitizer person who treats them differently is just completely
incompetent and bonkers.

That transformation should have been done fairly early in the
compiler, later passes shouldn't see any kind of difference. At most
you might have a sanity check at that point to say that "a" should be
a pointer (because _technically_ it could be 'b' that is the pointer
expression, but at that point I understand why a compiler would say
"you're doing some silly sh*t" and give a warning)

So while I think your driver workaround is fine - and I personally
actually generally prefer the simpler pointer addition syntax - I do
not think it's fine at all that the compiler then warns for one and
not the other.

It's just a sign of some serious confusion in some part of the
compiler. And yes, I suspect Pinski is right in that bugzilla entry
that it's a sanitizer that causes this, and that's mainly because I
hope to $DEITY that no _core_ C compiler person would ever make that
mistake.

             Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ