lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20210908042838.GA2585993@roeck-us.net>
Date:   Tue, 7 Sep 2021 21:28:38 -0700
From:   Guenter Roeck <linux@...ck-us.net>
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Dmitry Torokhov <dmitry.torokhov@...il.com>,
        Christian Koenig <christian.koenig@....com>,
        Huang Rui <ray.huang@....com>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        linux-sparc <sparclinux@...r.kernel.org>
Subject: Re: [PATCH] Enable '-Werror' by default for all kernel builds

On Mon, Sep 06, 2021 at 04:49:21PM -0700, Guenter Roeck wrote:
> On Mon, Sep 06, 2021 at 04:06:04PM -0700, Linus Torvalds wrote:
[ ... ]

> >  - at least a couple of stringop-overread errors. Attached is a
> > possible for for one of them.
> > 

I keep seeing problems like this.

drivers/net/ethernet/i825xx/82596.c: In function 'i82596_probe':
./arch/m68k/include/asm/string.h:72:25: error: '__builtin_memcpy' reading 6 bytes from a region of size 0 [-Werror=stringop-overread]
   72 | #define memcpy(d, s, n) __builtin_memcpy(d, s, n)
      |                         ^~~~~~~~~~~~~~~~~~~~~~~~~
drivers/net/ethernet/i825xx/82596.c:1147:17: note: in expansion of macro 'memcpy'
 1147 |                 memcpy(eth_addr, (void *) 0xfffc1f2c, ETH_ALEN);        /* YUCK! Get addr from NOVRAM */
      |                 ^~~~~~
cc1: all warnings being treated as errors

It is seen with gcc 11.x whenever a memXXX or strXXX function parameter
is a pointer to a fixed address. gcc is happy if "(void *) 0xfffc1f2c"
is passed to a global function which does nothing but return the address,
such as:

void *sanitize_address(void *address)
{
	return address;
}

and:

	memcpy(eth_addr, sanitize_address((void *) 0xfffc1f2c), ETH_ALEN);

but that just seems weird. Is there a better solution ?

Thanks,
Guenter

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ