lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190405143926.wmrkjsazlheeg6qs@treble>
Date:   Fri, 5 Apr 2019 09:39:26 -0500
From:   Josh Poimboeuf <jpoimboe@...hat.com>
To:     Luis Ressel <aranea@...ah.de>
Cc:     Peter Zijlstra <peterz@...radead.org>,
        open list <linux-kernel@...r.kernel.org>,
        stable@...r.kernel.org
Subject: Re: [PATCH] objtool: Don't use -Werror

On Fri, Apr 05, 2019 at 04:24:43PM +0200, Luis Ressel wrote:
> On Fri, Apr 05, 2019 at 07:39:09AM -0500, Josh Poimboeuf wrote:
> > What version of libelf are you using?  AFAIK, the non-elfutils version
> > of libelf is buggy and has been unmaintained for 10 years.
> 
> I'm using libelf 0.8.13, which is indeed 10y old, abandoned and rather
> suboptimal (elfutils OTOH is nonportable, and I haven't gotten around
> yet to fixing its incompatibilities with the musl libc).

If you can't use the elfutils version, I'd recommend just disabling all
the features which rely on objtool.  Because some of the libelf-related
bugs I've seen are pretty bad, and we rely on objtool for some pretty
fundamental things like ORC oops stack traces and live patching.

In fact I think we probably need a patch to fail the build if the
10-year-old libelf is used, as I've gotten several bug reports there and
the answer is always the same ("don't use old libelf").

> I can accept that you might not be interested in fixing issues related
> to libelf, but using -Werror is a more general problem which just
> happens to be triggered by my particular setup.

Hm, I would actually argue the reverse.  Warnings are generally bad and
-Werror is useful for ensuring that we don't have any.  For warnings
that don't provide value, we just disable those individual warnings.

-- 
Josh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ