lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 6 Sep 2021 12:43:50 +0100
From:   Mark Brown <broonie@...nel.org>
To:     Kees Cook <keescook@...omium.org>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        Arnd Bergmann <arnd@...db.de>, Daniel Vetter <daniel@...ll.ch>,
        Dan Williams <dan.j.williams@...el.com>,
        Rasmus Villemoes <linux@...musvillemoes.dk>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        "Gustavo A. R. Silva" <gustavoars@...nel.org>,
        Keith Packard <keithp@...thp.com>,
        Nathan Chancellor <nathan@...nel.org>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        linux-hardening@...r.kernel.org
Subject: Re: [GIT PULL] overflow updates for v5.15-rc1

On Sun, Sep 05, 2021 at 11:31:44AM -0700, Kees Cook wrote:
> On Sun, Sep 05, 2021 at 10:36:22AM -0700, Linus Torvalds wrote:

> > > Yeech. Yeah, no, that was not expected at all. I even did test merge builds against your latest tree before sending the Pull Request. This has been in -next for weeks, too.

> > Sadly, I don't think linux-next checks for warnings.

> Oh, I thought I'd gotten such reports from sfr before, but certainly the
> 0day bot and others have yelled loudly about new warnings (from earlier
> iterations of this series in -next).

Yes, Stephen will report new warnings in the configs he tested and
there's a bunch of people who like to go around fixing warnings whenever
they do appear though only in the more common configurations.

> > > What was the build environment?

> > This is actually just bog-standard gcc-11.2 from F34, and an allmodconfig build.

> Ah, fun. Yeah, I'm behind on versions, it seems. Default gcc version on
> latest stable Ubuntu release is 10.3. I will go retest on the devel
> release.

If you're looking for coverage on this stuff it's also good to check
with clang as well, it's sufficiently different that it often triggers
extra stuff (eg, turning on -Werror broke i386 allmodconfig for clang-10
since that triggers some stack frame size warnings which are now
errors).

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ