lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 15 Feb 2024 09:39:25 +0100
From: Jakub Jelinek <jakub@...hat.com>
To: Linus Torvalds <torvalds@...ux-foundation.org>
Cc: Uros Bizjak <ubizjak@...il.com>,
        Nick Desaulniers <ndesaulniers@...gle.com>,
        Sean Christopherson <seanjc@...gle.com>,
        "Andrew Pinski (QUIC)" <quic_apinski@...cinc.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        Masahiro Yamada <masahiroy@...nel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        "kvm@...r.kernel.org" <kvm@...r.kernel.org>
Subject: Re: [PATCH] Kconfig: Explicitly disable asm goto w/ outputs on
 gcc-11 (and earlier)

On Wed, Feb 14, 2024 at 04:11:05PM -0800, Linus Torvalds wrote:
> On Wed, 14 Feb 2024 at 10:43, Linus Torvalds
> <torvalds@...ux-foundation.org> wrote:
> >
> > Based on the current state of
> >
> >     https://gcc.gnu.org/bugzilla/show_bug.cgi?id=113921
> >
> > I would suggest this attached kernel patch [...]
> 
> Well, that "current state" didn't last long, and it looks like Jakub
> found the real issue and posted a suggested fix.
> 
> Anyway, the end result is that the current kernel situation - that
> adds the workaround for all gcc versions - is the best that we can do
> for now.

Can it be guarded with
#if GCC_VERSION < 140100
so that it isn't forgotten?  GCC 14.1 certainly will have a fix for this
(so will GCC 13.3, 12.4 and 11.5).
Maybe it would be helpful to use
#if GCC_VERSION < 140000
while it is true that no GCC 14 snapshots until today (or whenever the fix
will be committed) have the fix, for GCC trunk it is up to the distros
to use the latest snapshot if they use it at all and would allow better
testing of the kernel code without the workaround, so that if there are
other issues they won't be discovered years later.  Most userland code
doesn't actually use asm goto with outputs...

	Jakub

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ