[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAGXu5j+=WqBwLu3L8Um=5jfT=KOZX-GP0Nn1A9b8VZrYgiE+8Q@mail.gmail.com>
Date: Tue, 25 Jul 2017 17:38:11 -0700
From: Kees Cook <keescook@...omium.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: kernel test robot <xiaolong.ye@...el.com>,
Ananth N Mavinakayanahalli <ananth@...ux.vnet.ibm.com>,
Anil S Keshavamurthy <anil.s.keshavamurthy@...el.com>,
Masami Hiramatsu <mhiramat@...nel.org>,
Daniel Micay <danielmicay@...il.com>,
Arnd Bergmann <arnd@...db.de>,
Mark Rutland <mark.rutland@....com>,
Daniel Axtens <dja@...ens.net>,
Rasmus Villemoes <linux@...musvillemoes.dk>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Chris Metcalf <cmetcalf@...hip.com>,
Thomas Gleixner <tglx@...utronix.de>,
"H. Peter Anvin" <hpa@...or.com>, Ingo Molnar <mingo@...e.hu>,
Andrew Morton <akpm@...ux-foundation.org>,
LKML <linux-kernel@...r.kernel.org>, LKP <lkp@...org>,
Joe Perches <joe@...ches.com>
Subject: Re: [lkp-robot] [include/linux/string.h] 6974f0c455: kernel_BUG_at_lib/string.c
On Tue, Jul 25, 2017 at 5:11 PM, Linus Torvalds
<torvalds@...ux-foundation.org> wrote:
> On Tue, Jul 25, 2017 at 4:35 PM, Kees Cook <keescook@...omium.org> wrote:
>>
>> In this case, there isn't a sensible way to continue.
>
> Kees, stop this idiocy already.
>
> These have been FALSE POSITIVES. They haven't actually been bugs in
> the code, they have been bugs in the *checking* code.
>
> In two years, when this code is actually trusted, that would be one thing.
Okay, fair enough. As long as there is a time horizon where this can
operate as an actual runtime protection, I can accept that.
> But right now, it's a f*cking disgrace that you are in denial about
> the fact that it's the *checking* that is broken, not the code, and
> are making excuses for shit.
I'm not in denial about that -- I think we just have very different
perspectives on this. I sent a bunch of patches to fix all the places
where there were false positives being found before this landed; I'm
not making excuses and I'm obviously interested in fixing it.
> So get rid of the BUG(), and get rid of the excuses.
I'll get it fixed up.
> We *know* this code is likely to find these kinds of "not really a
> bug, but the checker code does something we didn't used to do"
> situations.
Yup, agreed. We've already fixed a bunch of these, and while this
checking would catch some actual security vulnerabilities from the
past, I can see your point about its "newness" being too great a risk.
-Kees
--
Kees Cook
Pixel Security
Powered by blists - more mailing lists