lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 8 Jun 2022 13:07:05 -0700 From: Linus Torvalds <torvalds@...ux-foundation.org> To: Kees Cook <keescook@...omium.org> Cc: Sven Schnelle <svens@...ux.ibm.com>, Heiko Carstens <hca@...ux.ibm.com>, Vasily Gorbik <gor@...ux.ibm.com>, Alexander Gordeev <agordeev@...ux.ibm.com>, Linux Kernel Mailing List <linux-kernel@...r.kernel.org> Subject: Re: [PATCH] s390: disable -Warray-bounds Coming back to this, because my rc2 week tends to be quiet as people take a breather, and as such a good time for me to do system upgrades. And gcc-12 dropped in Fedora 36, and shows problems on x86 too. So I suspect we'll have to disable -Warray-bounds globally on gcc-12, not just on s390. Unless Kees has patches ready to go already. Some of the warnings look potentially simple, ie struct mbus_dram_target_info; in <linux/mbus.h> has the comment * [..] Peripherals are * required to support at least 4 decode windows. and then as a result has int num_cs; struct mbus_dram_window { [..] } cs[4]; and that "cs[4]" looks just bogus - it can be a much larger array, the '4' is just a minimum. The real limit is that 'num_cs' one. But there's a *lot* of warnings, and many of them are due to this, and while some are obvious, others aren't. There are other things too in gcc-12 that seem half-baked. I was interested to see the new '-Wdangling-pointer' thing, but then when I looked at it, the two cases I looked at were just bogus, so .. Linus On Fri, Apr 22, 2022 at 10:54 AM Kees Cook <keescook@...omium.org> wrote: > > On Fri, Apr 22, 2022 at 03:43:08PM +0200, Sven Schnelle wrote: > > gcc-12 shows a lot of array bound warnings on s390. This is caused > > by our S390_lowcore macro: > > > > which uses an hardcoded address of 0. Wrapping that with > > absolute_pointer() works, but gcc no longer knows that a 12 bit > > instruction is sufficient to access lowcore. So it emits instructions > > like 'lghi %r1,0; l %rx,xxx(%r1)' instead of a single load/store > > instruction. As s390 stores variables often read/written in lowcore, > > this is considered problematic. Therefore disable -Warray-bounds on > > s390 for now until there is a better real solution. > > > > Signed-off-by: Sven Schnelle <svens@...ux.ibm.com> > > It looks like the source of this problem (the literal-values-treated-as-NULL) > is gcc-12 specific. From the discussions, it sounded like Jacob was > going to fix this "correctly" in gcc-13. It might be a good idea to make > this version-checked? (i.e. only disable on gcc-12)
Powered by blists - more mailing lists