lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAK8P3a2L4DsaSU5H7ZPQxSNUc1=Nw5yAfVjDYe1y86T0s0kK4w@mail.gmail.com>
Date:   Sat, 3 Nov 2018 16:46:12 +0100
From:   Arnd Bergmann <arnd@...db.de>
To:     Changbin Du <changbin.du@...il.com>
Cc:     Andrew Morton <akpm@...ux-foundation.org>,
        Masahiro Yamada <yamada.masahiro@...ionext.com>,
        Al Viro <viro@...iv.linux.org.uk>,
        Marc Zyngier <marc.zyngier@....com>,
        Alex Bennée <alex.bennee@...aro.org>,
        Dave Martin <Dave.Martin@....com>,
        Kees Cook <keescook@...omium.org>,
        "Levin, Alexander (Sasha Levin)" <alexander.levin@...izon.com>,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] copy_{to,from}_user(): fix compile-time sanity checks
 with gcc -Og

On 11/3/18, Changbin Du <changbin.du@...il.com> wrote:
> On Fri, Nov 02, 2018 at 04:56:58PM +0100, Arnd Bergmann wrote:
>> When CONFIG_CC_OPTIMIZE_FOR_DEBUGGING is set, we get countless warnings
>> like
>>
>> In function 'check_copy_size',
>>     inlined from 'copy_from_user' at include/linux/uaccess.h:146:6,
>>     inlined from '__copy_siginfo_from_user' at kernel/signal.c:3032:6:
>> include/linux/thread_info.h:147:4: error: call to '__bad_copy_to' declared
>> with attribute error: copy destination size is too small
>>
>> It seems that constant propagation doesn't work well enough to make
>> this code reliable, so turn it off for that configuration.
>>
> This is caused by __compiletime_warning() and fixed by below change
> already. Could you try the latest kbuild tree?
>
> --- a/include/linux/compiler-gcc.h
> +++ b/include/linux/compiler-gcc.h
> @@ -86,8 +86,10 @@
>  #define __compiletime_object_size(obj) __builtin_object_size(obj, 0)
>
>  #ifndef __CHECKER__
> +#ifndef CONFIG_CC_OPTIMIZE_FOR_DEBUGGING
>  #define __compiletime_warning(message) __attribute__((warning(message)))
>  #define __compiletime_error(message) __attribute__((error(message)))
> +#endif

Right, that works as well, but my version is a bit less invasive as it
only disables the __compiletime_error in the one file that introduced
the regression, and not all of them. I have built hundreds of randconfig
builds and found no other problem with __compiletime_error(), though
I did find a bunch of (correct) section mismatch warnings and
false-positive -Wformat-overflow= warnings with
CONFIG_CC_OPTIMIZE_FOR_DEBUGGING (patches pending).

I also got some link errors for which I already posted patches.

       Arnd

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ