lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <202504210909.D4EAB689@keescook>
Date: Mon, 21 Apr 2025 09:39:07 -0700
From: Kees Cook <kees@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Guenter Roeck <linux@...ck-us.net>, linux-kernel@...r.kernel.org,
	linux-acpi@...r.kernel.org, linux-hardening@...r.kernel.org,
	Arnd Bergmann <arnd@...db.de>
Subject: Re: [PATCH] gcc-15: acpi: sprinkle random '__nonstring' crumbles
 around

On Sun, Apr 20, 2025 at 09:33:19PM -0700, Linus Torvalds wrote:
> On Sun, 20 Apr 2025 at 18:52, Kees Cook <kees@...nel.org> wrote:
> >
> > Can you please revert this mess and use what has already been planned
> > for this warning? It is, once again, really frustrating when you update
> > to unreleased compiler versions. :(
> 
> Ehh. Kees, that's the compiler in F42.
> Really. It's not some "unreleased compiler version".
> It's the main compiler in one of the biggest Linux distributions, out now.

Fine, perhaps I'm nitpicking the fact. F42 made an unreleased compiler
their default, so it is technically "released".

> Why do you think I made the change? Because the kernel DID NOT BUILD
> without those changes.

Yes, I understand that, but you didn't coordinate with anyone. You
didn't search lore for the warning strings, you didn't even check -next
where you've now created merge conflicts. You put insufficiently tested
patches into the tree at the last minute and cut an rc release that broke
for everyone using GCC <15. You mercilessly flame maintainers for much
much less.

Why make compiler version upgrades a surprise? I'm hardly the only person
who was working to make the GCC 15 transition smooth. This made more
work for people, wasted your time to recreate existing patches, and broke
the build. I am hardly being unreasonable in asking you to do better.

-- 
Kees Cook

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ