| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <21D2A2BB-F442-480D-8B66-229E8C4A63D3@toblux.com> Date: Wed, 2 Oct 2024 11:18:57 +0200 From: Thorsten Blum <thorsten.blum@...lux.com> To: Kees Cook <kees@...nel.org> Cc: Jan Hendrik Farr <kernel@...rr.cc>, kent.overstreet@...ux.dev, regressions@...ts.linux.dev, linux-bcachefs@...r.kernel.org, linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org, ardb@...nel.org, morbo@...gle.com Subject: Re: [REGRESSION][BISECTED] erroneous buffer overflow detected in bch2_xattr_validate On 28. Sep 2024, at 22:34, Kees Cook <kees@...nel.org> wrote: > [...] > > Sorry, I've been out of commission with covid. Globally disabling this > macro for clang is not the right solution (way too big a hammer). > > Until Bill has a fix, we can revert commit > 86e92eeeb23741a072fe7532db663250ff2e726a, as the problem is limited to > certain situations where 'counted_by' is in use. I already encountered two other related __counted_by() issues [1][2] that are now being reverted. Would it be an option to disable it globally, but only for Clang < v19 (where it looks like it'll be fixed)? Otherwise adding __counted_by() might be a slippery slope for a long time and the edge cases don't seem to be that rare anymore. Thanks, Thorsten [1] https://lore.kernel.org/all/20240909162725.1805-2-thorsten.blum@toblux.com/ [2] https://lore.kernel.org/all/20240923213809.235128-2-thorsten.blum@linux.dev/
Powered by blists - more mailing lists