lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20200821195712.GB1475504@rani.riverdale.lan>
Date:   Fri, 21 Aug 2020 15:57:12 -0400
From:   Arvind Sankar <nivedita@...m.mit.edu>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     Arvind Sankar <nivedita@...m.mit.edu>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Dávid Bolvanský <david.bolvansky@...il.com>,
        Eli Friedman <efriedma@...cinc.com>,
        "H. Peter Anvin" <hpa@...or.com>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,
        Michal Marek <michal.lkml@...kovi.net>,
        Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Kees Cook <keescook@...omium.org>,
        Tony Luck <tony.luck@...el.com>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Michael Ellerman <mpe@...erman.id.au>,
        Joe Perches <joe@...ches.com>,
        Joel Fernandes <joel@...lfernandes.org>,
        Daniel Axtens <dja@...ens.net>,
        Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
        Alexandru Ardelean <alexandru.ardelean@...log.com>,
        Yury Norov <yury.norov@...il.com>,
        "maintainer:X86 ARCHITECTURE (32-BIT AND 64-BIT)" <x86@...nel.org>,
        Ard Biesheuvel <ardb@...nel.org>,
        "Paul E . McKenney" <paulmck@...nel.org>,
        Daniel Kiper <daniel.kiper@...cle.com>,
        Bruce Ashfield <bruce.ashfield@...il.com>,
        Marco Elver <elver@...gle.com>,
        Vamshi K Sthambamkadi <vamshi.k.sthambamkadi@...il.com>
Subject: Re: [PATCH 0/4] -ffreestanding/-fno-builtin-* patches

On Fri, Aug 21, 2020 at 10:54:57AM -0700, Linus Torvalds wrote:
> On Fri, Aug 21, 2020 at 10:29 AM Arvind Sankar <nivedita@...m.mit.edu> wrote:
> >
> > This one is slightly different from the previous one. The first case is
> > really a call to __builtin_free().
> 
> No, the first case is a disgrace and a compiler bug.
> 
> We've had a situation where gcc complained about a static function
> called "free()", without any header file inclusion, and then
> complained about it not matching its idea of what "free()" is.
> 
> Which is pure and utter garbage.
> 
> It's like you have a local variable "int free", and the compiler says
> "hey, this doesn't match the prototype that I know this name should
> have". It's BS. You just saw the user not just *use* that name, but
> *define* it, and do it in a scope where the complaint is irrelevant
> and stupid, and when we hadn't even included the header that would
> have resulted in conflicts.
> 
> IOW, it's an example of a compiler that thinks "it knows better".
> 
> It's a broken compiler. And it's an example of the kind of breakage
> that compilers absolutely shouldn't do.

That's -Wbuiltin-declaration-mismatch, and can be turned off, and it
won't warn if you have -fno-builtin-free. I don't completely agree with
you, though warning for static functions is a bit overzealous. For an
external function, especially something more obscure like stpcpy(), I
appreciate the warning.

> 
> The second example is from clang doesn't something horribly horribly stupid.

Calm down man :)

> 
> > This one is turning something that wasn't a function call into
> > __builtin_bzero(), and I would hope that no-builtin-bzero would stop it
> > as well. OTOH, the compiler is free to turn it into memset(), just like
> > it could for structure/array initializers.
> 
> The whole "the compiler is free to do X" argument is pure BS. Stop
> repeating that bogus argument.
> 
> Of COURSE a compiler can do whatever the hell it wants.
> 
> That doesn't change the fact that certain things are broken beyond
> words and utterly stupid, and a compiler that does them is a *BAD*
> compiler.
> 
> Turning four stores into a memset() is garbage. Just admit it, instead
> of trying to say that it's allowed.
> 

Look, four stores into memset(), yeah that's a bit weird. I didn't think
you meant "four" literally. But in any case, that has nothing to do with
the topic at hand. It would be just as bad if it was a 16-byte structure
being initialized with an out-of-line memset() call.

But coming back to the actual topic: it is fine if the compiler turns
four stores into __builtin_memset(). A size-16 or -32 __builtin_memset()
will get inlined anyway. There's a lot of garbage here if you look
closely: check out what gcc does to initialize a 7-character array with
zeros at -Os.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ