lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5c856f36-69a7-e274-f72a-c3aef195adeb@kernel.org>
Date:   Mon, 16 Aug 2021 21:55:28 -0700
From:   Nathan Chancellor <nathan@...nel.org>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        Kees Cook <keescook@...omium.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Linux Kbuild mailing list <linux-kbuild@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        clang-built-linux <clang-built-linux@...glegroups.com>
Subject: Re: [PATCH] kbuild: Enable -Wimplicit-fallthrough for clang 14.0.0+

On 8/16/2021 9:37 PM, Linus Torvalds wrote:
> On Mon, Aug 16, 2021 at 6:20 PM Nathan Chancellor <nathan@...nel.org> wrote:
>>
>> Additionally, there should be some time for the CI systems to update
>> their clang-14 builds, as the recent 0day report shows.
> 
> What?
> 
> No, the 0day report shows that the patch is buggy, and that the
> 
>    ifeq ($(shell test $(CONFIG_CLANG_VERSION) -ge 140000; echo $$?),0)
> 
> clearly doesn't work at all, since the flag is enabled on those
> systems with old clang versions.
> 
> Alternatively, the test works, but the 140000 version is not enough.

So technically speaking, the 140000 is not enough at this very moment 
for the fact that there are certain systems that test with clang-14 
builds that do not have my clang patch in it yet; however, those systems 
do update clang regularly (the 0day version is just seven hours old at 
the time of writing this) so they will have a version that contains my 
patch shortly, making the check work just fine. We have done this in the 
past with checks that are gated on clang versions that are in 
development, with the expectation that if someone is using a development 
release of clang, they are keeping it up to date so that they get fixes 
that we push there; otherwise, it is just better to stick with the 
release branches.

> So no. This patch is simply completely wrong, and doesn't fix the
> problem with Clang's buggy -Wimplicit-fallthrough flag.

If you/Gustavo would prefer, I can upgrade that check to

ifneq ($(call cc-option, -Wunreachable-code-fallthrough),)

I was just trying to save a call to the compiler, as that is more 
expensive than a shell test call.

Cheers,
Nathan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ