lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YCOQMIjZUGWqvHgA@hirez.programming.kicks-ass.net>
Date:   Wed, 10 Feb 2021 08:50:08 +0100
From:   Peter Zijlstra <peterz@...radead.org>
To:     Kees Cook <keescook@...omium.org>
Cc:     Andrey Ryabinin <ryabinin.a.a@...il.com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        linux-kernel@...r.kernel.org, linux-next@...r.kernel.org,
        Josh Poimboeuf <jpoimboe@...hat.com>,
        Randy Dunlap <rdunlap@...radead.org>,
        Stephen Rothwell <sfr@...b.auug.org.au>,
        Dmitry Vyukov <dvyukov@...gle.com>,
        Alexander Viro <viro@...iv.linux.org.uk>
Subject: Re: [PATCH] ubsan: remove overflow checks

On Tue, Feb 09, 2021 at 04:19:03PM -0800, Kees Cook wrote:
> On Wed, Feb 10, 2021 at 02:23:48AM +0300, Andrey Ryabinin wrote:
> > Since GCC 8.0 -fsanitize=signed-integer-overflow doesn't work with -fwrapv.
> > -fwrapv makes signed overflows defines and GCC essentially disables
> > ubsan checks. On GCC < 8.0 -fwrapv doesn't have influence on
> > -fsanitize=signed-integer-overflow setting, so it kinda works
> > but generates false-positves and violates uaccess rules:
> > 
> > lib/iov_iter.o: warning: objtool: iovec_from_user()+0x22d: call to __ubsan_handle_add_overflow() with UACCESS enabled
> > 
> > Disable signed overflow checks to avoid these problems.
> > Remove unsigned overflow checks as well.
> > Unsigned overflow appeared as side effect of the commit
> >  cdf8a76fda4a ("ubsan: move cc-option tests into Kconfig"),
> > but it never worked (kernel doesn't boot). And unsigned overflows
> > are allowed by C standard, so it just pointless.
> > 
> > Signed-off-by: Andrey Ryabinin <ryabinin.a.a@...il.com>
> 
> NAK, please don't remove the entire thing. I want this to work again
> with -fwrapv, and it's not entirely broken under Clang. But the feature
> shouldn't be removed from the kernel.
> 
> I'd prefer Peter's fix instead.

But what do you want it to do? This is UBsan, there's no UB.

If you want signed overflow warnings, call it something else. But I'll
still hate it :-)

FWIW:

Acked-by: Peter Zijlstra (Intel) <peterz@...radead.org>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ