lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 22 Nov 2020 23:10:40 +0100
From:   Sam Ravnborg <sam@...nborg.org>
To:     James Bottomley <James.Bottomley@...senpartnership.com>
Cc:     Kees Cook <keescook@...omium.org>,
        Jakub Kicinski <kuba@...nel.org>, alsa-devel@...a-project.org,
        linux-atm-general@...ts.sourceforge.net,
        reiserfs-devel@...r.kernel.org, linux-iio@...r.kernel.org,
        linux-wireless@...r.kernel.org, linux-fbdev@...r.kernel.org,
        dri-devel@...ts.freedesktop.org, linux-kernel@...r.kernel.org,
        Nathan Chancellor <natechancellor@...il.com>,
        linux-ide@...r.kernel.org, dm-devel@...hat.com,
        keyrings@...r.kernel.org, linux-mtd@...ts.infradead.org,
        GR-everest-linux-l2@...vell.com, wcn36xx@...ts.infradead.org,
        samba-technical@...ts.samba.org, linux-i3c@...ts.infradead.org,
        linux1394-devel@...ts.sourceforge.net,
        linux-afs@...ts.infradead.org,
        usb-storage@...ts.one-eyed-alien.net, drbd-dev@...ts.linbit.com,
        devel@...verdev.osuosl.org, linux-cifs@...r.kernel.org,
        rds-devel@....oracle.com,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        linux-scsi@...r.kernel.org, linux-rdma@...r.kernel.org,
        oss-drivers@...ronome.com, bridge@...ts.linux-foundation.org,
        linux-security-module@...r.kernel.org,
        amd-gfx@...ts.freedesktop.org,
        linux-stm32@...md-mailman.stormreply.com, cluster-devel@...hat.com,
        linux-acpi@...r.kernel.org, coreteam@...filter.org,
        intel-wired-lan@...ts.osuosl.org, linux-input@...r.kernel.org,
        Miguel Ojeda <ojeda@...nel.org>,
        tipc-discussion@...ts.sourceforge.net, linux-ext4@...r.kernel.org,
        linux-media@...r.kernel.org, linux-watchdog@...r.kernel.org,
        selinux@...r.kernel.org, linux-arm-msm@...r.kernel.org,
        intel-gfx@...ts.freedesktop.org, linux-geode@...ts.infradead.org,
        linux-can@...r.kernel.org, linux-block@...r.kernel.org,
        linux-gpio@...r.kernel.org, op-tee@...ts.trustedfirmware.org,
        linux-mediatek@...ts.infradead.org, xen-devel@...ts.xenproject.org,
        nouveau@...ts.freedesktop.org, linux-hams@...r.kernel.org,
        ceph-devel@...r.kernel.org,
        virtualization@...ts.linux-foundation.org,
        target-devel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        linux-hwmon@...r.kernel.org, x86@...nel.org,
        linux-nfs@...r.kernel.org, GR-Linux-NIC-Dev@...vell.com,
        linux-mm@...ck.org, netdev@...r.kernel.org,
        linux-decnet-user@...ts.sourceforge.net, linux-mmc@...r.kernel.org,
        "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        linux-renesas-soc@...r.kernel.org, linux-sctp@...r.kernel.org,
        linux-usb@...r.kernel.org, netfilter-devel@...r.kernel.org,
        linux-crypto@...r.kernel.org, patches@...nsource.cirrus.com,
        Joe Perches <joe@...ches.com>, linux-integrity@...r.kernel.org,
        linux-hardening@...r.kernel.org
Subject: Re: [PATCH 000/141] Fix fall-through warnings for Clang

Hi James.

> > > If none of the 140 patches here fix a real bug, and there is no
> > > change to machine code then it sounds to me like a W=2 kind of a
> > > warning.
> > 
> > FWIW, this series has found at least one bug so far:
> > https://lore.kernel.org/lkml/CAFCwf11izHF=g1mGry1fE5kvFFFrxzhPSM6qKAO8gxSp=Kr_CQ@mail.gmail.com/
> 
> 
> Well, it's a problem in an error leg, sure, but it's not a really
> compelling reason for a 141 patch series, is it?  All that fixing this
> error will do is get the driver to print "oh dear there's a problem"
> under four more conditions than it previously did.

You are asking the wrong question here.

Yuo should ask  how many hours could have been saved by all the bugs
people have been fighting with and then fixed *before* the code
hit the kernel at all.

My personal experience is that I, more than once, have had errors
related to a missing break in my code. So this warnings is IMO a win.

And if we are only ~100 patches to have it globally enabled then it is a
no-brainer in my book.

	Sam

Powered by blists - more mailing lists