lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sat, 27 Aug 2022 10:34:07 +0200
From:   Ondrej Mosnacek <omosnace@...hat.com>
To:     Jiri Slaby <jirislaby@...nel.org>
Cc:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Linux kernel mailing list <linux-kernel@...r.kernel.org>,
        Linux Stable maillist <stable@...r.kernel.org>,
        Masahiro Yamada <masahiroy@...nel.org>
Subject: Re: [PATCH 5.19 145/365] kbuild: dummy-tools: avoid tmpdir leak in
 dummy gcc

On Sat, Aug 27, 2022 at 9:51 AM Jiri Slaby <jirislaby@...nel.org> wrote:
> On 23. 08. 22, 10:00, Greg Kroah-Hartman wrote:
> > From: Ondrej Mosnacek <omosnace@...hat.com>
> >
> > commit aac289653fa5adf9e9985e4912c1d24a3e8cbab2 upstream.
> >
> > When passed -print-file-name=plugin, the dummy gcc script creates a
> > temporary directory that is never cleaned up. To avoid cluttering
> > $TMPDIR, instead use a static directory included in the source tree.
>
> This breaks our (SUSE) use of dummy tools (GCC_PLUGINS became =n). I
> will investigate whether this is stable-only and the root cause later.

It looks like both the Greg's generated patch and the final stable
commit (d7e676b7dc6a) are missing the addition of the empty
plugin-version.h file. It appears in the patch's diffstat, but not in
the actual diff. The mainline commit does include the empty file
correctly, so it's likely a bug in the stable cherry pick automation.

> > Fixes: 76426e238834 ("kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig")
> > Signed-off-by: Ondrej Mosnacek <omosnace@...hat.com>
> > Signed-off-by: Masahiro Yamada <masahiroy@...nel.org>
> > Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
> > ---
> >   .../dummy-tools/dummy-plugin-dir/include/plugin-version.h | 0
> >   scripts/dummy-tools/gcc |    8 ++------
> >   1 file changed, 2 insertions(+), 6 deletions(-)
> >   create mode 100644 scripts/dummy-tools/dummy-plugin-dir/include/plugin-version.h
> >
> > --- a/scripts/dummy-tools/gcc
> > +++ b/scripts/dummy-tools/gcc
> > @@ -96,12 +96,8 @@ fi
> >
> >   # To set GCC_PLUGINS
> >   if arg_contain -print-file-name=plugin "$@"; then
> > -     plugin_dir=$(mktemp -d)
> > -
> > -     mkdir -p $plugin_dir/include
> > -     touch $plugin_dir/include/plugin-version.h
> > -
> > -     echo $plugin_dir
> > +     # Use $0 to find the in-tree dummy directory
> > +     echo "$(dirname "$(readlink -f "$0")")/dummy-plugin-dir"
> >       exit 0
> >   fi
> >
> >
> >
>
> --
> js
> suse labs
>

-- 
Ondrej Mosnacek
Senior Software Engineer, Linux Security - SELinux kernel
Red Hat, Inc.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ