lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 18 Aug 2022 09:28:00 -0300
From:   Jason Gunthorpe <jgg@...dia.com>
To:     "Gustavo A. R. Silva" <gustavoars@...nel.org>
Cc:     Linus Torvalds <torvalds@...ux-foundation.org>,
        Kees Cook <keescook@...omium.org>,
        linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] flexible-array transformations in UAPI for 6.0-rc1

On Mon, Aug 01, 2022 at 03:31:28PM -0500, Gustavo A. R. Silva wrote:
> The following changes since commit b13baccc3850ca8b8cccbf8ed9912dbaa0fdf7f3:
> 
>   Linux 5.19-rc2 (2022-06-12 16:11:37 -0700)
> 
> are available in the Git repository at:
> 
>   git://git.kernel.org/pub/scm/linux/kernel/git/gustavoars/linux.git tags/flexible-array-transformations-UAPI-6.0-rc1
> 
> for you to fetch changes up to 94dfc73e7cf4a31da66b8843f0b9283ddd6b8381:
> 
>   treewide: uapi: Replace zero-length arrays with flexible-array members (2022-06-28 21:26:05 +0200)
> 
> ----------------------------------------------------------------
> flexible-array transformations in UAPI for 6.0-rc1
> 
> Hi Linus,
> 
> Please, pull the following treewide patch that replaces zero-length arrays
> with flexible-array members in UAPI. This patch has been baking in
> linux-next for 5 weeks now.
> 
> -fstrict-flex-arrays=3 is coming and we need to land these changes
> to prevent issues like these in the short future:
> 
> ../fs/minix/dir.c:337:3: warning: 'strcpy' will always overflow; destination buffer has size 0,
> but the source string has length 2 (including NUL byte) [-Wfortify-source]
> 		strcpy(de3->name, ".");
> 		^
> 
> Since these are all [0] to [] changes, the risk to UAPI is nearly zero. If
> this breaks anything, we can use a union with a new member name.

This has trobuled the RDMA userspace by creating new compiler warnings..

We discussed this and I thought you agreed not to send these changes?

https://lore.kernel.org/linux-rdma/20220628135623.GA25163@embeddedor/

Jason

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ