lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 3 Sep 2018 14:34:27 +0200
From:   Andrey Konovalov <>
To:     Al Viro <>
Cc:     Luc Van Oostenryck <>,
        Catalin Marinas <>,
        Will Deacon <>,
        Mark Rutland <>,
        Robin Murphy <>,
        Kees Cook <>,
        Kate Stewart <>,
        Greg Kroah-Hartman <>,
        Andrew Morton <>,
        Ingo Molnar <>,
        "Kirill A . Shutemov" <>,
        Shuah Khan <>,
        Linux ARM <>,,
        Linux Memory Management List <>,,,
        LKML <>,
        Dmitry Vyukov <>,
        Kostya Serebryany <>,
        Evgeniy Stepanov <>,
        Lee Smith <>,
        Ramana Radhakrishnan <>,
        Jacob Bramley <>,
        Ruben Ayrapetyan <>,
        Chintan Pandya <>
Subject: Re: [PATCH v6 11/11] arm64: annotate user pointers casts detected by sparse

On Fri, Aug 31, 2018 at 3:42 PM, Al Viro <> wrote:
> On Fri, Aug 31, 2018 at 10:11:24AM +0200, Luc Van Oostenryck wrote:
>> On Thu, Aug 30, 2018 at 01:41:16PM +0200, Andrey Konovalov wrote:
>> > This patch adds __force annotations for __user pointers casts detected by
>> > sparse with the -Wcast-from-as flag enabled (added in [1]).
>> >
>> > [1]
>> Hi,
>> It would be nice to have some explanation for why these added __force
>> are useful.

I'll add this in the next version, thanks!

>         It would be even more useful if that series would either deal with
> the noise for real ("that's what we intend here, that's what we intend there,
> here's a primitive for such-and-such kind of cases, here we actually
> ought to pass __user pointer instead of unsigned long", etc.) or left it
> unmasked.
>         As it is, __force says only one thing: "I know the code is doing
> the right thing here".  That belongs in primitives, and I do *not* mean the
> #define cast_to_ulong(x) ((__force unsigned long)(x))
> kind.
>         Folks, if you don't want to deal with that - leave the warnings be.
> They do carry more information than "someone has slapped __force in that place".
> Al, very annoyed by that kind of information-hiding crap...

This patch only adds __force to hide the reports I've looked at and
decided that the code does the right thing. The cases where this is
not the case are handled by the previous patches in the patchset. I'll
this to the patch description as well. Is that OK?

Powered by blists - more mailing lists