| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <ZxBdSKuDWh6w_w-z@archlinux> Date: Thu, 17 Oct 2024 02:41:44 +0200 From: Jan Hendrik Farr <kernel@...rr.cc> To: Bill Wendling <morbo@...gle.com> Cc: Kees Cook <kees@...nel.org>, Thorsten Blum <thorsten.blum@...lux.com>, kent.overstreet@...ux.dev, regressions@...ts.linux.dev, linux-bcachefs@...r.kernel.org, linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org, ardb@...nel.org Subject: Re: [REGRESSION][BISECTED] erroneous buffer overflow detected in bch2_xattr_validate > I would be in favor of disabling __bdos on a whole struct pointer if > it will match the functionality between the compilers. I don't think > Qing has that on her plate at the moment, but when / if she revisits > that we can discuss exactly how to perform the calculations then. That's a good approach from my perspective. To get this done we would: Now: 1. Disable the __counted_by attribute calculation in clang for whole struct __bdos cases like in [1] and get this into the next clang point release (19.1.3) 2. In the kernel, disable __counted_by for clang versions < 19.1.3. Also backport that into the stable kernels In the future: 3. Try and figure out what the correct counted_by calculation for whole structs should be in conjunction with gcc and clang. Either provide an option in clang and gcc to follow the kernels expectations or change struct_size in the kernel to match gcc's and clang's future behavior. [1] https://github.com/llvm/llvm-project/pull/112636 Best Regards Jan
Powered by blists - more mailing lists