lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 20 May 2020 09:24:04 +0800
From:   Philip Li <philip.li@...el.com>
To:     Nick Desaulniers <ndesaulniers@...gle.com>
Cc:     Masahiro Yamada <masahiroy@...nel.org>,
        Borislav Petkov <bp@...en8.de>, lkp <lkp@...el.com>,
        Christoph Hellwig <hch@....de>,
        "kbuild-all@...ts.01.org" <kbuild-all@...ts.01.org>,
        clang-built-linux <clang-built-linux@...glegroups.com>,
        LKML <linux-kernel@...r.kernel.org>,
        "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <x86@...nel.org>,
        Benjamin Thiel <b.thiel@...teo.de>,
        Nathan Chancellor <natechancellor@...il.com>
Subject: Re: [tip:x86/mm 1/23] arch/x86/mm/init.c:75:6: warning: no previous
 prototype for function 'x86_has_pat_wp'

On Tue, May 19, 2020 at 06:07:14PM -0700, Nick Desaulniers wrote:
> On Tue, May 19, 2020 at 5:53 PM Philip Li <philip.li@...el.com> wrote:
> >
> > On Tue, May 19, 2020 at 05:26:18PM -0700, Nick Desaulniers wrote:
> > > I think having in the top of the warning that this is a W=1 build will
> > > make it more obvious.
> > >
> > > I get that -Wmissing-prototypes can be noisy, but it's trivial to fix.
> > > I do worry what other warnings lurk in W=1 though...
> > with some monitoring, so far, issue like unused-but-set-variable is quite
> > helpful. We will keep monitor for other issues and feedbacks.
> 
> Hey, I'm always happy to see more warnings turned on.  In our
> experience, we had to get a sense of how many instances of a newly
> enabled warning there are, and estimate how much time it would take to
> fix them all.  It's further complicated by the fix going into
> different maintainers' trees and reaching mainline at different points
> in time, while regressions continue to sneak in until the warning is
> enabled.
thanks and agree all the thinking here. For the 0-day ci side, we will
be very careful, since the mechanism for us is to notify newly introduced
problems from developer's patch, this can allow relatively min effort
to solve the new problems.

The other consideration is we test a lot of developer's tree and mailing
list before they are upstream, we also hope such shift left testing can
expose these warnings in new patches before maintainer's trees. Of course,
there're extra reports due to W=1 against stable or mainline, while the
number is small comparing to developer and mailing list part.

> 
> It may be time to consider "promoting" some warnings from W=1 to be on
> by default.  But that takes careful manual review and estimation of
> the work involved.  Turning on W=1 may be blasting people with a lot
> of new warnings, but if developers treat them with the same respect as
> the default enabled ones for Kbuild then I'm not complaining.
> -- 
> Thanks,
> ~Nick Desaulniers

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ