| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <162bc469-1654-4636-bf22-e929170ff092@t-8ch.de>
Date: Mon, 27 Mar 2023 23:20:32 +0000
From: Thomas Weißschuh <thomas@...ch.de>
To: Willy Tarreau <w@....eu>
Cc: Alexey Dobriyan <adobriyan@...il.com>,
"Paul E. McKenney" <paulmck@...nel.org>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH 6/8] tools/nolibc: tests: add test for -fstack-protector
On 2023-03-27 17:54:11+0200, Willy Tarreau wrote:
> On Mon, Mar 27, 2023 at 06:32:51PM +0300, Alexey Dobriyan wrote:
> > On Sun, Mar 26, 2023 at 09:42:29PM +0200, Willy Tarreau wrote:
> > > On Sun, Mar 26, 2023 at 10:38:39PM +0300, Alexey Dobriyan wrote:
> > > > > I'm not seeing any issue with your approach instead, let's
> > > > > keep it as-is for now (also it does what the stack protector is supposed
> > > > > to catch anyway).
> > > >
> > > > There are no guarantess about stack layout and dead writes.
> > > > The test doesn't corrupt stack reliably, just 99.99% reliably.
> > >
> > > Sure but it's for a regtest which can easily be adjusted and its
> > > posrtability and ease of maintenance outweights its reliability,
> > > especially when in practice what the code does is what we want to
> > > test for. And if an extra zero needs to be added to the loop, it
> > > can be at a lower cost than maintaining arch-specific asm code.
> >
> > For the record, I disagree. Use volatile writes at least.
>
> Yeah I agree on the volatile one.
Sounds good.
How do we proceed?
Do I send a new revision?
Will you fix up the series?
Will someone create a new patch? If so who?
Thomas
Powered by blists - more mailing lists